summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* s3-rpc_client: add rpccli_lsa_lookup_names4 wrapper.Günther Deschner2009-10-082-23/+84
| | | | | | Guenther (cherry picked from commit ff968712bab6c2635ef74723c6f52b0fdac4b424) (cherry picked from commit 0d4d3c8e1e5312a820fcaede65471566e75e272c)
* s3-winbindd: add and use winbindd_lookup_names().Günther Deschner2009-10-082-20/+47
| | | | | | Guenther (cherry picked from commit 99c3fc19587431efda1ae6161453d84673b32071) (cherry picked from commit afbe7c3605edcb8f7dfc64399681f23fa947fe57)
* s3-winbindd: add and use winbindd_lookup_sids().Günther Deschner2009-10-083-96/+78
| | | | | | Guenther (cherry picked from commit f0b52b8c3133e3696db361d9d0e7d1fff0fab991) (cherry picked from commit 5c2c17ffd62010f4590502f40aee9e40997a647a)
* s3-rpc_client: add dcerpc_transport_t to cli_rpc_pipe_open_schannel().Günther Deschner2009-10-088-11/+21
| | | | | | Guenther (cherry picked from commit bea8e5fa6038d5abd2ec1e12f9005c4a04abb79f) (cherry picked from commit 864c0b58aec55e37cf304b28c762a5259fc0ec67)
* s3-rpc_client: add dcerpc_transport_t to cli_rpc_pipe_open_spnego_ntlmssp ↵Günther Deschner2009-10-088-4/+19
| | | | | | | and cli_rpc_pipe_open_ntlmssp. Guenther (cherry picked from commit 41158d10cdad5b923d0bfa608f73c0daf8ccd352)
* s3-rpc_client: add cli_rpc_pipe_open_noauth_transport.Günther Deschner2009-10-082-14/+30
| | | | | | Guenther (cherry picked from commit 87f61a144b8d25c90b847940ca03ced1f77b036c) (cherry picked from commit c968714f7910ba90c2e989e46d18c265d9f9b549)
* WHATSNEW: Prepare release notes for Samba 3.3.9.Karolin Seeger2009-10-071-2/+99
| | | | | Karolin (cherry picked from commit f31c2218c4cd6c04b4899f46c3cc2294c677a688)
* VERSION: Raise version number up to 3.3.9.Karolin Seeger2009-10-071-1/+1
| | | | | Karolin (cherry picked from commit b6f21ad0732d207c7c831c6094fad25e1469b426)
* Second part of a fix for bug #6235.Jeremy Allison2009-10-071-1/+1
| | | | | Domain enumeration breaks if master browser has space in name. (cherry picked from commit d984b39d971b7fc8f66e6c5376a2b7a98dfc20d8)
* Fix bug #6532.Derrell Lipman2009-10-071-1/+2
| | | | | Domain enumeration breaks if master browser has space in name. (cherry picked from commit e3601a43421cc51b2b4b6413f547daf6ea9b0b41)
* s3/getdcname: Fix 'net' crash.Kumar Thangavelu2009-10-071-2/+2
| | | | | | | | | | | 'net' command crashed when attempting to join a domain. This occurred in a very specific case where the DC had multiple IPs and one of the IPs was invalid. Signed-off-by: Volker Lendecke <vl@samba.org> Fixes bug #6420. (cherry picked from commit 30cca93674d0dad15ad0ccfaf0d81f94d7d17b4a)
* s3: Don't overwrite password in pam_winbind, subsequent pam modules might ↵Bo Yang2009-10-071-4/+0
| | | | | | | | | use the old password and new password. Signed-off-by: Bo Yang <boyang@samba.org> Fix bug #6735. (cherry picked from commit 457cbb36700cf460375cdbea85ada5676e03aa45)
* s3:libsmb: Correctly chew keepalive packetsVolker Lendecke2009-10-071-0/+6
| | | | | | | | | | | | Thanks a *lot* to Günther to send me the relevant traces! Volker Signed-off-by: Günther Deschner <gd@samba.org> Fixes bug #6646 (Winbind authentication issue on 3.2.13/14 and 3.4.0 (was: [Samba] Crazied NTLM_AUTH on samba 3.4.0)). (cherry picked from commit 28674fcda7aaf839fdf5704e4133a0bd3a3f93a2)
* s3-winbindd: Fix Bug #6700: Use dns domain name when needing to guess server ↵Günther Deschner2009-10-071-1/+1
| | | | | | | | | | | principal. Patch from Robert LeBlanc <robert@leblancnet.us>. Thanks! Guenther (cherry picked from commit cd920dcff320a097bcc46a9468a78cedca6fb2be)
* s3-schannel: Fix Bug #6697. Interdomain trusts with Windows 2008 R2 DCs.Günther Deschner2009-10-072-2/+2
| | | | | | | | | The Schannel verifier (aka NL_AUTH_SIGNATURE) structure (32 byte) sent from a W2k8r2 DC is passed in a buffer with the size of a NL_AUTH_SHA2_SIGNATURE (56 byte). We should just ignore the remaining 12 zeroed bytes and proceed. Guenther (cherry picked from commit e7e1e1887e79e4dcbd8836b775e387751c44f318)
* Check we read off the compelte event from inotifySimo Sorce2009-10-071-2/+8
| | | | | | | | | | The kernel may return a short read, so we must use read_data() to make sure we read off the full buffer. If somethign bad happens we also need to kill the inotify watch because the filedescriptor will return out of sync structures if we read only part of the data. Fixes bug #6693. (cherry picked from commit 7fd407fefe92939ecb78400d22aac55590851f70)
* s3:libwbclient: Fix bug 6349, initialize domain info structVolker Lendecke2009-10-071-0/+2
| | | | (cherry picked from commit 39a7cc3c1fd6a3fbb56c8030b6e12962d9fb7181)
* wbclient: Fix Bug #6680: always activate handling of large (> 256 byte) ↵Günther Deschner2009-10-071-4/+15
| | | | | | | ntlmv2 blobs in wbcAuthenticateUserEx(). Guenther (cherry picked from commit 7253d96fc205717d9fed973bbcad2884ce656fd9)
* Fix bug 5886Volker Lendecke2009-10-071-8/+26
| | | | | | | | | | Ok, that's a very long-standing one. I finally got around to install a recent OpenLDAP and test the different variants of setting a NULL password etc. Thanks all for your patience! Volker (cherry picked from commit 983c6f22f411aab2488fe41b5b06174c55108868)
* s3:netlogon: replace cred_hash3 by des_crypt112_16Stefan Metzmacher2009-10-072-5/+4
| | | | | | | | This makes sure we don't truncate the session key to 8 bytes Fixes bug #6664. metze (cherry picked from commit 570a8cf5bb6924905b3ad20353d1e7b0ca087748)
* Fix unqualified "net join"Volker Lendecke2009-10-071-4/+1
| | | | | | | | | | | | | Kai, please check! Fixes bug #6585. Thanks, Volker (cherry picked from commit d8543da9dad3286cd330b98374405edb9f976e77) (cherry picked from commit bf7d1758a77a462d9b30cc2549a960736884ee32) (cherry picked from commit 9509763346de5e587a098a90e33a5e38d6d00a78)
* s3-ldap: Fix Bug #5879. Update LDAP schema for Netscape DS 5.Günther Deschner2009-10-071-1/+6
| | | | | | | | Patch from TAKEDA Yasuma <yasuma@osstech.co.jp>. Guenther (cherry picked from commit 9fa042bb9f71057fc869e37d4cc180e8a772b1bb) (cherry picked from commit a01f0a4025d382c1bc82f4992ea4566db4df3818)
* s3:winbindd: raise the timeout for lsa_Lookup*() calls from 10 to 35 seconds.Stefan Metzmacher2009-10-072-1/+57
| | | | | | | | metze (cherry picked from commit 1e1445bc7672b17a1d689fa0f0732b05b6e04da5) Fixes bug #6627. (cherry picked from commit 8d57806544dade748aaac9cc493deb75d4e95735)
* s3:passdb: fix bug #6509: use gid (not uid) cache in fetch_gid_from_cache().Michael Adam2009-10-071-1/+1
| | | | | | | With the previous code, the cache can never have been hit at all. Michael (cherry picked from commit c70d54508e1cb8f5edbad02a632dfd52d65fd699)
* s3: Unable to browse DFS when using kerberos in libsmbclientBo Yang2009-10-071-4/+13
| | | | | | | Signed-off-by: Bo Yang <boyang@samba.org> Fixes bug #6615. (cherry picked from commit 40da23b6a7dc7acfbdf76a6808b7e50c6c39093e)
* s3/smbldap: Fix typo in debug message.Karolin Seeger2009-10-071-1/+1
| | | | | | Karolin (cherry picked from commit 54dffbea663ecf4542d6c5e30da6e346d5d60424) (cherry picked from commit 2538df1ea3229ea6d8242b5ae6fdd3d453395609)
* Fix SAMR server for winbindd access. Ensure we allow MAX_ACCESS to be mapped ↵Jeremy Allison2009-10-071-2/+2
| | | | | | | to what we're giving Everyone. Jeremy. Fixes bug #6504. (cherry picked from commit 4e854cb52cfb4f3c25c92324c6e7505f1c8290b3)
* Increase the max_grp value to 128 (AIX NGROUPS_MAX value) instead of 32 to ↵Yannick Bergeron2009-10-071-1/+1
| | | | | | | | allow AIX to call sys_getgrouplist only once (cherry picked from commit c3e12444f57e24dcd6c9259537ed0489db4658e9) (cherry picked from commit 2666b3e27444ffcad3afc21e276f189ac238433f) (cherry picked from commit 1da21f70ec4cebb7ee523dda8abf4100584901f8)
* s3/docs: Fix typos.Karolin Seeger2009-10-071-2/+2
| | | | | | | | | Thanks to OPC oota <t-oota@dh.jp.nec.com> for reporting! Karolin (cherry picked from commit 7ee7ec3fdba2ef6a6cc3e1f96a5d2154290cdb18) (cherry picked from commit c94d3183a8e4c7e03c0dd2771cb7b9f4665198ce) (cherry picked from commit 1310ba934b87b804f435cef2c21e6e65590e4a83)
* Fix for CVE-2009-2906.samba-3.3.8Jeremy Allison2009-09-302-3/+26
| | | | | | | | Summary: Specially crafted SMB requests on authenticated SMB connections can send smbd into a 100% CPU loop, causing a DoS on the Samba server.
* WHATSNEW: Update release notes.Karolin Seeger2009-09-301-2/+8
| | | | Karolin
* Fix for CVE-2009-2813.Jeremy Allison2009-09-282-2/+11
| | | | | | | | | | | | | | | =========================================================== == Subject: Misconfigured /etc/passwd file may share folders unexpectedly == == CVE ID#: CVE-2009-2813 == == Versions: All versions of Samba later than 3.0.11 == == Summary: If a user in /etc/passwd is misconfigured to have == an empty home directory then connecting to the home == share of this user will use the root of the filesystem == as the home directory. ===========================================================
* mount.cifs: don't leak passwords with verbose optionJeff Layton2009-09-281-20/+34
| | | | | | | | | | | | | | | | | | | | | | When running mount.cifs with the --verbose option, it'll print out the option string that it passes to the kernel...including the mount password if there is one. Print a placeholder string instead to help ensure that this info can't be used for nefarious purposes. Also, the --verbose option printed the option string before it was completely assembled anyway. This patch should also make sure that the complete option string is printed out. Finally, strndup passwords passed in on the command line to ensure that they aren't shown by --verbose as well. Passwords used this way can never be truly kept private from other users on the machine of course, but it's simple enough to do it this way for completeness sake. Reported-by: Ronald Volgers <r.c.volgers@student.utwente.nl> Signed-off-by: Jeff Layton <jlayton@redhat.com> Acked-by: Steve French <sfrench@us.ibm.com> Part 2/2 of a fix for CVE-2009-2948.
* mount.cifs: check access of credential files before openingJeff Layton2009-09-281-0/+11
| | | | | | | | | | | | | | | It's possible for an unprivileged user to pass a setuid mount.cifs a credential or password file to which he does not have access. This can cause mount.cifs to open the file on his behalf and possibly leak the info in the first few lines of the file. Check the access permissions of the file before opening it. Reported-by: Ronald Volgers <r.c.volgers@student.utwente.nl> Signed-off-by: Jeff Layton <jlayton@redhat.com> Acked-by: Steve French <sfrench@us.ibm.com> Part 1/2 of a fix for CVE-2009-2948.
* WHATSNEW: Prepare release notes for 3.3.8.Karolin Seeger2009-09-281-2/+62
| | | | Karolin
* Raise version up to 3.3.8.Karolin Seeger2009-09-241-1/+1
| | | | Karolin
* WHATSNEW: Remove major enhancements.samba-3.3.7Karolin Seeger2009-07-281-4/+0
| | | | | | | | There are not that much bugs that have been fixed for that release and it's a bit difficult to determine major ones... Karolin (cherry picked from commit 7ac712fc96c2557a8ca51d5bf67957eb6861a21c)
* WHATSNEW: Start WHATSNEW for 3.3.7.Karolin Seeger2009-07-281-2/+82
| | | | | Karolin (cherry picked from commit b280a2fee579fe1a999617c8e01b079e5e989c9d)
* VERSION: Raise version number up to 3.3.7.Karolin Seeger2009-07-281-1/+1
| | | | | Karolin (cherry picked from commit fe911ee58b5c0b0c6c9c23bee8d10bbf53f5a90b)
* docs: fix typos in the net man page.Michael Adam2009-07-271-2/+2
| | | | | | | Noted by Oota Toshiya <t-oota@dh.jp.nec.com> . Michael (cherry picked from commit 4d25298b133279c0918e0663cf2fd59f7e11672f)
* handling upnBo Yang2009-07-273-2/+19
| | | | | | | | | | lookupname failed, cannot find domain when attempt to change password. This addresses bug #6560. Signed-off-by: Bo Yang <boyang@samba.org> (cherry picked from commit 830c4da460bcad919421acf9d537cf577b231de7)
* s3:util: let parent_dirname() correctly return toplevel filenamesStefan Metzmacher2009-07-271-1/+1
| | | | | | | | | | metze (cherry picked from commit a14efbadd53ac9678d75e6029f947d63cfa0c4e5) Signed-off-by: Stefan Metzmacher <metze@samba.org> This addresses bug #6526. (cherry picked from commit 58f449318dd07240c60513559cf682aa243d3e4c)
* Fix bug #6520 time stamps.Jeremy Allison2009-07-271-3/+32
| | | | | | | | | E.g. last mod time is not preserved when "unix extensions=yes" are set - and u Cancel out any pending "sticky" writes or "last write" changes when doing a UNIX info level set. Jeremy. (cherry picked from commit 5b03af33ad45368bea7cf6cabc91f62e2503de99)
* s3/docs: Fix typo.Matt Kraai2009-07-271-1/+1
| | | | | | | This fixes bug #6519. (cherry picked from commit 4fb1f8e8fe46b3e77c06612ac3fc3d67cf650a11) (cherry picked from commit 39bfcc5d50892ad0c387f0ca3932e961e77fdc39) (cherry picked from commit 408cc7ec9f4119aa9a768474152a83ef796309a9)
* Don't require "Modify property" perms to unjoin (bug #6481) "net ads leave" ↵Jim McDonough2009-07-276-21/+55
| | | | | | | | | | | | | | | | | | | | | stopped working when "modify properties" permissions were not granted (meaning you had to be allowed to disable the account that you were about to delete). Libnetapi should not delete machine accounts, as this does not happen on win32. The WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE flag really means "disable" (both in practice and docs). However, to keep the functionality in "net ads leave", we will still try to do the delete. If this fails, we try to do the disable. Additionally, it is possible in windows to not disable or delete the account, but just tell the local machine that it is no longer in the account. libnet can now do this as well. Don't use ads realm name for non-ads case. #6481 Also check that the connection to ads worked. (cherry picked from commit 6f9ed71a87e4ed5665ee8999ebf987e2165629c6)
* s3-test: add RPC-SAMR-MACHINE-AUTH to list of tests to run against s3.Günther Deschner2009-07-271-1/+1
| | | | | Guenther (cherry picked from commit 99f68c7b1c527bc39acd0f9db15f65ce087c5dca)
* s3/lanman: Workaround for KB932762.Volker Lendecke2009-07-271-0/+1
| | | | | | This addresses bug #6498. (cherry picked from commit a702dea5a86f22e0b7857b67447152a06b3bbea2) (cherry picked from commit aa769edfcef6937927201f765509c10b60764817)
* s3:configure: "test" only takes one "=" (cherry picked from commit ↵Björn Jacke2009-07-271-1/+1
| | | | | | | ddd37c2b235eb03ddb438ebb2cdd14dd67f867f3) This fixes bug #6497. (cherry picked from commit bcb3a4746710cb4e2800010c23b6e810c78e603d)
* s3/docs: Fix typo.Karolin Seeger2009-07-271-1/+1
| | | | | | | | | | This fixes bug #6412. Thanks to Carsten Dumke <carsten [at] cdumke.de> for reporting! Karolin (cherry picked from commit 4ad43a21344b43f1c9fe459165098bcab1695711) (cherry picked from commit 84750d556d0a42b5d8b134308311e2cb9a533b58) (cherry picked from commit 304c25a518aba988c3d36e78f6a8416a340b3b33)
* s3-net: Fix bug 6340: don't segfault when cleartext trustdom pwd could not ↵Günther Deschner2009-07-271-1/+1
| | | | | | | be retrieved. Guenther (cherry picked from commit b4fe7ad41953c2c60bf9333cff4a5e83fcbe582e)
generated by cgit (git 2.34.1) at 2025-09-03 16:56:23 +0000