summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* s3/swat: use strlcat instead of strncat to fix build on old Linux distrosv3-3-testBjörn Jacke2011-08-091-1/+1
| | | | | | | | | | | | SLES 9's glibc for example had weird macros where the use of strncat resulted in the use of strcat which we don't allow. Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User: Björn Jacke <bj@sernet.de> Autobuild-Date: Thu Aug 4 17:50:24 CEST 2011 on sn-devel-104 Fix bug #8362 (build issue on old glibc systems).
* s3:web/swat: use strtoll() instead of atoi/atol/atollStefan Metzmacher2011-08-091-6/+19
| | | | | | | | | | | | | This is more portable, as we have a strtoll replacement in lib/replace. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Sat Aug 6 11:55:45 CEST 2011 on sn-devel-104 (cherry picked from commit a6be0820d09b3f3eabfbb5f4356add303aa8a494) Fix bug #8347 (CVE-2011-2522 regression for HP-UX, AIX and OSF).
* WHATSNEW: Start release notes for 3.3.17.Karolin Seeger2011-07-271-2/+40
| | | | | Karolin (cherry picked from commit 0fb8c85001ee0657be20aae81716d9c309420652)
* VERSION: Bump version number up to 3.6.17.Karolin Seeger2011-07-271-1/+1
| | | | | Karolin (cherry picked from commit a646b2e5ad0e19f8506bff3ff8b0ce2e3bcbf061)
* s3-swat: Fix typo.Karolin Seeger2011-07-271-1/+1
| | | | | | | Thanks to Simo for reporting! Karolin (cherry picked from commit f571f362deaa5bfbdb22c3a7d8409bab9b6c8d82)
* s3 swat: Create random nonce in CGI modeKai Blin2011-07-272-2/+17
| | | | | | | | | | | | | | In CGI mode, we don't get access to the user's password, which would reduce the hash used so far to parameters an attacker can easily guess. To work around this, read the nonce from secrets.tdb or generate one if it's not there. Also populate the C_user field so we can use that for token creation. Signed-off-by: Kai Blin <kai@samba.org> The last 12 patches address bug #8290 (CSRF vulnerability in SWAT). This addresses CVE-2011-2522 (Cross-Site Request Forgery in SWAT). (cherry picked from commit 3973cfa50024983618a44ffdb9f756b642b85be7)
* s3 swat: Add time component to XSRF tokenKai Blin2011-07-272-5/+25
| | | | | Signed-off-by: Kai Blin <kai@samba.org> (cherry picked from commit 11e281228f334bf3d384df5655136f0b4b4068aa)
* s3 swat: Add XSRF protection to printer pageKai Blin2011-07-271-10/+18
| | | | | Signed-off-by: Kai Blin <kai@samba.org> (cherry picked from commit 407ae61fbfc8ee1643a4db8ea9b104f031b32e0f)
* s3 swat: Add XSRF protection to password pageKai Blin2011-07-271-3/+8
| | | | | Signed-off-by: Kai Blin <kai@samba.org> (cherry picked from commit 4850456845d2da5e3451716a5ad4ca0ef034e01f)
* s3 swat: Add XSRF protection to shares pageKai Blin2011-07-271-5/+13
| | | | | Signed-off-by: Kai Blin <kai@samba.org> (cherry picked from commit ef457a20422cfa8231e25b539d2cd87f299686b9)
* s3 swat: Add XSRF protection to globals pageKai Blin2011-07-271-0/+7
| | | | | Signed-off-by: Kai Blin <kai@samba.org> (cherry picked from commit 8fb3064eeaa3640af6c8b91aa5859d8bfb6d0888)
* s3 swat: Add XSRF protection to wizard pageKai Blin2011-07-271-1/+8
| | | | | Signed-off-by: Kai Blin <kai@samba.org> (cherry picked from commit eb22fd73060534700d514ec295985549131c7569)
* s3 swat: Add XSRF protection to wizard_params pageKai Blin2011-07-271-0/+7
| | | | | Signed-off-by: Kai Blin <kai@samba.org> (cherry picked from commit 94f8482607a175c44436fae456fbda3624629982)
* s3 swat: Add XSRF protection to viewconfig pageKai Blin2011-07-271-0/+7
| | | | | Signed-off-by: Kai Blin <kai@samba.org> (cherry picked from commit ba996f0ae87f6bf4f19a4918e44dbd6d44a96561)
* s3 swat: Add XSRF protection to status pageKai Blin2011-07-271-0/+7
| | | | | Signed-off-by: Kai Blin <kai@samba.org> (cherry picked from commit 3f38cf42facc38c19e0448cbae3078b9606b08e4)
* s3 swat: Add support for anti-XSRF tokenKai Blin2011-07-272-0/+59
| | | | | Signed-off-by: Kai Blin <kai@samba.org> (cherry picked from commit 3806fec53dcf3b6e5c3fd71917f9d67d47c65e32)
* s3 swat: Allow getting the user's HTTP auth passwordKai Blin2011-07-272-0/+10
| | | | | Signed-off-by: Kai Blin <kai@samba.org> (cherry picked from commit b610e0cee563465c6b970647b215f8ae4d0c6599)
* s3 swat: Fix possible XSS attack (bug #8289)Kai Blin2011-07-271-12/+2
| | | | | | | | | | | | | | Nobuhiro Tsuji of NTT DATA SECURITY CORPORATION reported a possible XSS attack against SWAT, the Samba Web Administration Tool. The attack uses reflection to insert arbitrary content into the "change password" page. This patch fixes the reflection issue by not printing user-specified content on the website anymore. Signed-off-by: Kai Blin <kai@samba.org> CVE-2011-2694. (cherry picked from commit d401ccaedaec09ad6900ec24ecaf205bed3e3ac1)
* WAHTSNEW: Prepare release notes for 3.3.16.Karolin Seeger2011-07-271-2/+60
| | | | | Karolin (cherry picked from commit 5d2d4fbf5bcf6aa1c1d994adaed22dec3ba09b9c)
* VERSION: Bump version number up to 3.3.16.Karolin Seeger2011-07-271-1/+1
| | | | | Karolin (cherry picked from commit ad64256e19bef0b4441bc660faf524150e12bdf8)
* s3:nmbd_packets: return the used number of sockets in create_listen_fdset() ↵Stefan Metzmacher2011-07-041-1/+1
| | | | | | | | | | | | (bug #8276) Fix bug #7949 (DoS in Winbind and smbd with many file descriptors open) (commit feb3fcd0fa4bda0967b881315595d7702f4d1752) changed the bahavior, so that we skipped some sockets. This should work for v3-3-test. metze
* WHATSNEW: Prepare 3.3.15 release notes.Karolin Seeger2011-02-281-2/+51
| | | | | Karolin (cherry picked from commit 074ad65a4b429c7671043e062bec4d9f53df53bf)
* Fix denial of service - memory corruption.Karolin Seeger2011-02-2820-21/+171
| | | | | | | | | | | | | | | | | | | | | | | CVE-2011-0719 Fix bug #7949 (DoS in Winbind and smbd with many file descriptors open). All current released versions of Samba are vulnerable to a denial of service caused by memory corruption. Range checks on file descriptors being used in the FD_SET macro were not present allowing stack corruption. This can cause the Samba code to crash or to loop attempting to select on a bad file descriptor set. A connection to a file share, or a local account is needed to exploit this problem, either authenticated or unauthenticated (guest connection). Currently we do not believe this flaw is exploitable beyond a crash or causing the code to loop, but on the advice of our security reviewers we are releasing fixes in case an exploit is discovered at a later date. (cherry picked from commit 724e44eed299c618066dec411530aa9f156119ec)
* VERSION: Bump version number up to 3.3.15.Karolin Seeger2011-02-281-1/+1
| | | | | Karolin (cherry picked from commit 23ec2b1a988fff922864a03b6061c6bc2e584ce0)
* WHATSNEW: Update release date.Karolin Seeger2010-09-151-1/+1
| | | | | Karolin (cherry picked from commit cdb6f49d577fa5b24d294a50780604c89912c012)
* Fix bug #7669.Jeremy Allison2010-09-154-5/+23
| | | | | | | | | | | | | | | | | | | | | | | | | Fix bug #7669 (buffer overflow in sid_parse() in Samba3 and dom_sid_parse in Samba4). CVE-2010-3069: =========== Description =========== All current released versions of Samba are vulnerable to a buffer overrun vulnerability. The sid_parse() function (and related dom_sid_parse() function in the source4 code) do not correctly check their input lengths when reading a binary representation of a Windows SID (Security ID). This allows a malicious client to send a sid that can overflow the stack variable that is being used to store the SID in the Samba smbd server. A connection to a file share is needed to exploit this vulnerability, either authenticated or unauthenticated (guest connection). (cherry picked from commit df1c76e2275068d1006e82a4a21d42b58175268b)
* WHATSNEW: Prepare 3.3.14 release notes.Karolin Seeger2010-09-151-2/+57
| | | | | Karolin (cherry picked from commit da9325d02038b5e65873593dece510fa09851772)
* VERSION: Raise version number up to 3.3.14.Karolin Seeger2010-09-151-1/+1
| | | | | Karolin (cherry picked from commit 293a8676ee72a635096ff1a1b167ecf6fa525276)
* WHATSNEW: Prepare release notes for 3.3.13.Karolin Seeger2010-09-151-4/+48
| | | | | Karolin (cherry picked from commit d07d8701d9a49609d0291b599816a0670d29a9f3)
* VERSION: Raise version number up to 3.3.13.Karolin Seeger2010-09-151-1/+1
| | | | | Karolin (cherry picked from commit 9aa30a0bbd5eaf99fec9f6b51f859bf751e155ff)
* s3-smbd: Fix memory corruption vulnerability.Jeremy Allison2010-09-151-0/+12
| | | | | | Fix bug #7494 (Buffer overrun possible in chain_reply code in 3.3.x and below.) and address CVE-2010-2063. (cherry picked from commit 86ab436a0da958914f99dc8b7e88b10db4692d98)
* Revert "Fix bug #7067 - Linux asynchronous IO (aio) can cause smbd to fail ↵Karolin Seeger2010-03-093-71/+5
| | | | | | | | | to respond to a read or write." This reverts commit 153357b9bb4d70a168c81cb9ff2da437eae823fc. This fixes bug #7222 (All users have full rigths on all shares) (CVE-2010-0728). (cherry picked from commit 007f9c90e952aeea2d8f73cff3ccd0f747a9c06e)
* WHATSNEW: Prepare release notes for Samba 3.3.12.Karolin Seeger2010-03-091-2/+52
| | | | | Karolin (cherry picked from commit cb608fef71f9da629a1858cd1d6c8b19e27e6655)
* VERSION: Raise version number up to 3.3.12.Karolin Seeger2010-03-091-1/+1
| | | | | Karolin (cherry picked from commit 689fd1bd11806f92e9f5acbc634e27f7b197ee23)
* WHATSNEW: Update changes since 3.3.10.Karolin Seeger2010-02-251-2/+41
| | | | Karolin
* s3:winbind: Fix bug 5626Volker Lendecke2010-02-243-29/+23
| | | | Apparently the AIX compiler can't deal with sizeless array declarations
* s3:winbindd: never mark external domains as internal!Stefan Metzmacher2010-02-231-4/+1
| | | | | | | | | | This way we can endup with silently using builtin_passdb_methods for an ad domain without an inbound trust. This fixes bug #7170. metze (cherry picked from commit f924b7749280b31ece19885de1c3ad1bd71942ac)
* s3-docs: Add missing para end tag.Karolin Seeger2010-02-221-0/+1
| | | | | | Karolin (cherry picked from commit b78de63ef3cde53e3aabbe46654aac5a335f16a8) (cherry picked from commit d3738dbe1cabb0ad0acf5f8c9b5e8106285ca9a1)
* Fix bug #7122 - Reading a large browselist fails (server returns invalid ↵Jeremy Allison2010-02-222-2/+5
| | | | | | | | | | | | | | | | values in subsequent SMBtrans replies) There are two problems: 1). The server is off-by-one in the end of buffer space test. 2). The server returns 0 in the totaldata (smb_vwv1) and totalparams (smb_vwv0) fields in the second and subsequent SMBtrans replies. This patch fixes both. Jeremy. (similar to commit b07a14dc37d2899f662e1cf87064f99c0bd10b25) Signed-off-by: Stefan Metzmacher <metze@samba.org>
* Fix off-by-one error in working out the limit of the NetServerEnum comment.Jeremy Allison2010-02-221-1/+1
| | | | | | | Jeremy. (cherry picked from commit 9ad6f432f3f5844b4b419e7cbaf3c3e70b052d29) Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3:smbd: Fix really ugly bool vs. int bug!!!Stefan Metzmacher2010-02-221-1/+1
| | | | | | | | | A comparison function for qsort needs to return an 'int'! Otherwise you'll get random results depending on the compiler and the architecture... metze (cherry picked from commit 1686a5e7e7eb1b411b003cbbde5c0d28741c6d02)
* s3:libsmb: fix NetServerEnum3 rap calls.Stefan Metzmacher2010-02-221-5/+19
| | | | | metze (cherry picked from commit 9b5198dd443a00fdad4faa1f9cdabedd81012d93)
* Fix bug #7154 - mangling method = hash can crash storing a name not ↵Jeremy Allison2010-02-191-3/+5
| | | | | | | | | | containing a '.' Fix use of uninitialized variable. This can lead to crashes if mangling = hash processes names with no '.'. Jeremy. (cherry picked from commit df13b1303a751962d8f7d5298b39e4a7500fef15)
* Fix bug #7155 - valgrind Conditional jump or move depends on uninitialised ↵Jeremy Allison2010-02-191-0/+1
| | | | | | | | | | | value(s) error when "mangling method = hash" The charset array allocated in init_chartest() is allocated by MALLOC, but only some elements of it being set after allocation. Fix is to memset to zero after allocation. Jeremy. (cherry picked from commit a4e8210ba7d6d471cb9f17754244393b9c1e5930)
* Fix bug #6557 - Do not work VFS full_auditJeremy Allison2010-02-181-18/+16
| | | | | | | | | | | Re-arrange the operations order so SMB_VFS_CONNECT is done first as root (to allow modules to correctly initialize themselves). Reviewed modules to check if they needed CONNECT invoked as a user (which we previously did) and it turns out any of them that cared needed root permissions anyway. Jeremy.
* Fixes issue with preexec scripts creating a share directory, and problems if ↵Jeremy Allison2010-02-153-29/+68
| | | | | | | | | | | | | | | | | a smb.conf reload turns wide links back on after a connection is establised. Includes git refs : cd18695fc2e4d09ab75e9eab2f0c43dcc15adf0b 94865e4dbd3d721c9855aada8c55e02be8b3881e 5d92d969dda450cc3564dd2265d2b042d832c542 02a5078f1fe6285e4a0b6ad95a3aea1c5bb3e8cf a6f402ad87ff0ae14d57d97278d67d0ceaaa1d82 from master. Jeremy. Fix bug #7104 ("wide links" and "unix extensions" are incompatible.)
* Fix bug 7104 - "wide links" and "unix extensions" are incompatible.Jeremy Allison2010-02-096-43/+22
| | | | | | | | | | | | | | | Change parameter "wide links" to default to "no". Ensure "wide links = no" if "unix extensions = yes" on a share. Fix man pages to refect this. Remove "within share" checks for a UNIX symlink set - even if widelinks = no. The server will not follow that link anyway. Correct DEBUG message in check_reduced_name() to add missing "\n" so it's really clear when a path is being denied as it's outside the enclosing share path. Jeremy.
* s3: Fix an uninitialized variable referenceVolker Lendecke2010-02-081-1/+2
| | | | Fix bug #5885 (swat prints a bogus ip-address in smb.conf).
* s3: Fix malformed require_membership_of_sid.Bo Yang2010-02-081-0/+12
| | | | | | Signed-off-by: Bo Yang <boyang@samba.org> Fix bug #7106.
* s3:libsmb: don't reuse the callers stype variable in cli_NetServerEnum()Stefan Metzmacher2010-02-051-2/+3
| | | | | | | | | | | | When we need to do more than one network operation to get the browse list we need to use the same 'stype' value each time. metze (cherry picked from commit c2e4746fa9d68e7601e8e90cc0144d2e65a695b6) Signed-off-by: Stefan Metzmacher <metze@samba.org> Fix bug #7098 (smbclient -L gives wrong results with a large browse list).
generated by cgit (git 2.34.1) at 2024-05-08 22:57:20 +0000