summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* s3:utils/net_afs fix compiler warningsChristian Ambach2011-07-261-2/+3
| | | | | this also fixes the usage displays of net afs (cherry picked from commit 7738d8b89bcf2b43d65f1bf4599a688cb4143768)
* s3:lib/afs fix the build with --with-vfs-afsaclChristian Ambach2011-07-261-0/+4
| | | | | This fixes the second piece of Bug #8263 (cherry picked from commit 8a14ccb99388e31b366fc84060186be1ea708d75)
* s3:lib/afs fix the build with --with-fake-kaserverChristian Ambach2011-07-263-3/+13
| | | | | This fixes one piece of Bug #8263 (cherry picked from commit caa4226c315a70138016cf8fae13ce3f050057e7)
* Fix bug 8314] - smbd crash with unknown user.Jeremy Allison2011-07-261-4/+11
| | | | | | | All other auth modules code with being called with auth_method->private_data being NULL, make the auth_server module cope with this too. (cherry picked from commit e173f04a822944e96171866d9fbf43301cd611a4)
* s3 swat: Create random nonce in CGI modeKai Blin2011-07-261-1/+19
| | | | | | | | | | | In CGI mode, we don't get access to the user's password, which would reduce the hash used so far to parameters an attacker can easily guess. To work around this, read the nonce from secrets.tdb or generate one if it's not there. Also populate the C_user field so we can use that for token creation. Signed-off-by: Kai Blin <kai@samba.org> (cherry picked from commit 589bc35590aebfdd20fe786c08005bb43ef47d94)
* s3 swat: Add time component to XSRF tokenKai Blin2011-07-262-5/+25
| | | | | Signed-off-by: Kai Blin <kai@samba.org> (cherry picked from commit fb0d393a1972c28ecd6e49959c8c5b7900e1b574)
* s3 swat: Add XSRF protection to printer pageKai Blin2011-07-261-10/+18
| | | | | Signed-off-by: Kai Blin <kai@samba.org> (cherry picked from commit 3b138403ea157f1c6b8dfc40016f293831765948)
* s3 swat: Add XSRF protection to password pageKai Blin2011-07-261-3/+8
| | | | | Signed-off-by: Kai Blin <kai@samba.org> (cherry picked from commit 395503b9f51445d9ca493c2fc7e6022ee75cb743)
* s3 swat: Add XSRF protection to shares pageKai Blin2011-07-261-5/+13
| | | | | Signed-off-by: Kai Blin <kai@samba.org> (cherry picked from commit 869590cc3a0c09e11f77277af1d3b7334b718ce0)
* s3 swat: Add XSRF protection to globals pageKai Blin2011-07-261-0/+7
| | | | | Signed-off-by: Kai Blin <kai@samba.org> (cherry picked from commit dc3aa10bbc5936aebab88db2ea34b46648839745)
* s3 swat: Add XSRF protection to wizard pageKai Blin2011-07-261-0/+7
| | | | | Signed-off-by: Kai Blin <kai@samba.org> (cherry picked from commit e33970f1c60451a063bb2eeb64f9515c64722508)
* s3 swat: Add XSRF protection to wizard_params pageKai Blin2011-07-261-0/+7
| | | | | Signed-off-by: Kai Blin <kai@samba.org> (cherry picked from commit a887d8446bc74b255682a4047cb5616fe236bcaf)
* s3 swat: Add XSRF protection to viewconfig pageKai Blin2011-07-261-0/+7
| | | | | Signed-off-by: Kai Blin <kai@samba.org> (cherry picked from commit bb9bb437fc3685879f5b34c444d58c4a564f148d)
* s3 swat: Add XSRF protection to status pageKai Blin2011-07-261-0/+7
| | | | | Signed-off-by: Kai Blin <kai@samba.org> (cherry picked from commit d240094fbe7b581a6c97f506fa17747e21180598)
* s3 swat: Add support for anti-XSRF tokenKai Blin2011-07-262-0/+59
| | | | | Signed-off-by: Kai Blin <kai@samba.org> (cherry picked from commit 5e32110742a310aff6946acd34b0dca3a3fc8130)
* s3 swat: Allow getting the user's HTTP auth passwordKai Blin2011-07-262-0/+10
| | | | | Signed-off-by: Kai Blin <kai@samba.org> (cherry picked from commit 4592956a35d700aaf4ec2be7fc183f42fbe14fba)
* s3-swat: Fix typo.Karolin Seeger2011-07-261-1/+1
| | | | | | | | | Thanks to Simo for reporting! Karolin (cherry picked from commit 9f73c1990a19daa899fa5345530a867e69a5be94) (cherry picked from commit bcb052c29212954a3ed10c9f095c51e4e0a96af5) (cherry picked from commit 43cf67654ebcfd3f0a8298af7f6cf15cd5f2d981)
* s3 swat: Fix possible XSS attack (bug #8289)Kai Blin2011-07-261-12/+2
| | | | | | | | | | | | Nobuhiro Tsuji of NTT DATA SECURITY CORPORATION reported a possible XSS attack against SWAT, the Samba Web Administration Tool. The attack uses reflection to insert arbitrary content into the "change password" page. This patch fixes the reflection issue by not printing user-specified content on the website anymore. Signed-off-by: Kai Blin <kai@samba.org> (cherry picked from commit d88744f460a2a65d4e0cfb6c944f90f09e15d3b4)
* release-scripts/create-tarball: always create a tag in form of samba-${version}Stefan Metzmacher2011-07-261-20/+6
| | | | | | metze (cherry picked from commit 84d9cdb5112e55ae8a1e525ca2b8cef2ae606f22) (cherry picked from commit d7242cb7fcfca687a4b9c20c4084c74b12fc5aad)
* Second part of fix for bug 8310 - toupper_ascii() is broken on big-endian ↵Jeremy Allison2011-07-265-10/+48
| | | | | | | | | | | | | | | | systems. Re-add: smb_ucs2_t toupper_w(smb_ucs2_t v); bool isupper_w(smb_ucs2_t v); smb_ucs2_t tolower_w(smb_ucs2_t v); bool islower_w(smb_ucs2_t v); and ensure they are called whenever we are operating on smb_ucs2_t variables. I'd like to make the definition of smb_ucs2_t incompatible with int and codepoint_t so they can't be mixed, but that's a patch for another time. (cherry picked from commit bdc078a81e49bce3b51560a75984e0306c387573)
* First part of fix for bug 8310 - toupper_ascii() is broken on big-endian systemsJeremy Allison2011-07-2611-66/+24
| | | | | | | | | | | Remove int toupper_ascii(int c); int tolower_ascii(int c); int isupper_ascii(int c); int islower_ascii(int c); and replace with their _m equivalents, as they are identical. (cherry picked from commit 5b6a34128a0e0bc33c255dc53c9fb9fd8e6d34d8)
* Fix bug #8307 - brl_close_fnum does not call SMB_VFS_BRL_UNLOCK_WINDOWS on ↵Jeremy Allison2011-07-261-122/+23
| | | | | | | | all locks Reported by herb@samba.org. Remove the (premature) optimization on file close. (cherry picked from commit c5b272a05c4bd9d7f70c14fe307b8da46b9e607e)
* WHATSNEW: Update changes since rc2.Karolin Seeger2011-07-261-0/+3
| | | | | Karolin (cherry picked from commit 8585ac3635e9ae284a5b35dba2412d996a73f7ad)
* s3:smb2_create: use smbd_calculate_access_mask() instead of ↵Stefan Metzmacher2011-07-261-1/+6
| | | | | | | | | | | | | | smbd_check_open_rights() metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Mon Jul 11 22:45:01 CEST 2011 on sn-devel-104 (cherry picked from commit f5d320ac0fb74d4ad95a03969366096e9b074379) The last 10 patches address bug #8102 (domuser can change ACL from his files over the network). (cherry picked from commit d43d147c9d69dd23296677f9ae998c9362771682)
* s3:smb2_tcon: return the correct maximal_access on the shareStefan Metzmacher2011-07-261-1/+1
| | | | | | metze (cherry picked from commit a1046389ffcc476456ac76cb701a4325d1c42ef9) (cherry picked from commit 89a05c3a54239d384317f9881430fac264138f3f)
* s3:smbd: return the real share access mask in the SMBtconX responseStefan Metzmacher2011-07-261-3/+1
| | | | | | metze (cherry picked from commit 58eed1b295afeff6acfb8c1f10b0bb02280fd491) (cherry picked from commit c384bf75284fa7280b9279d305c5404f9f1066df)
* s3:smbd: use smbd_calculate_access_mask() also for fake_filesStefan Metzmacher2011-07-261-0/+13
| | | | | | metze (cherry picked from commit 581d8fa36b73abab030168dc35fb631ccd42a388) (cherry picked from commit 3e8770619c53c956f623ae852f97e6226513898d)
* s3:smbd: check the share level access mask in smbd_calculate_access_mask()Stefan Metzmacher2011-07-261-0/+17
| | | | | | | | | | | I think we should reject invalid access early, before we might create new files. Also smbd_check_open_rights() is only called if the file existed. metze (cherry picked from commit 896f105ed40dc04f83bcbfac367b309c8d957f86) (cherry picked from commit d43f7ffb9fa8449a954d2e9fc9012a00289b41e2)
* s3:smbd: make smbd_calculate_access_mask() non-staticStefan Metzmacher2011-07-262-14/+20
| | | | | | metze (cherry picked from commit ce66d4e4a885add09edfa8e6d5eab0f3b5d63081) (cherry picked from commit 5a1c2b4774c914a45bf2da7e666f6acf7f6927c6)
* s3:smbd/msdfs: let create_conn_struct() check the share security descriptorStefan Metzmacher2011-07-261-0/+30
| | | | | | metze (cherry picked from commit 18f967a24881aa899b39f7676fc70a7f7aaca07b) (cherry picked from commit bd91cb862c4ceb3955c742d1c516e51733a19e6e)
* s3: Fix bug 8102Volker Lendecke2011-07-261-0/+8
| | | | | | | | | | | | We can't allow open with access that has been denied via the share security descriptor Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Tue Jul 5 16:21:54 CEST 2011 on sn-devel-104 (cherry picked from commit 4deca5d72804a40e68158a1183f5633dabf24761) (cherry picked from commit b3a035005ef98bcb31bade50a9e3ddf088302779)
* s3: Calculate&store the maximum share access maskVolker Lendecke2011-07-262-22/+16
| | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 720fa46f9443ccbe471b265f1c2b9cb9782a3c26) (cherry picked from commit 83c6e9d3ad76e8009778e5ba0bf22e256d06ad48)
* s3: Return "granted" from share_access_checkVolker Lendecke2011-07-265-16/+28
| | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 1c022d2e414607633323e65abbc63bb3aeaaa6a4) (cherry picked from commit 283f76c06308eaeaf9d134e0bfb45188ee684fb3)
* s3:smb2_server: add some comments about change_to_user() and ↵Stefan Metzmacher2011-07-261-2/+98
| | | | | | | | | | | | | change_to_root_user() metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Fri Jul 8 13:45:46 CEST 2011 on sn-devel-104 (cherry picked from commit dbfb88aef30a755c29015bff4699eb17925a4988) The last 3 patches address bug #8292 (Disable SMB2 for 3.6). (cherry picked from commit 7b28ae90603ff152e31b2113109bdaebc540810f)
* s3:smb2_server: call change_to_root_user() or smbd_smb2_request_check_tcon()Stefan Metzmacher2011-07-261-3/+26
| | | | | | | | | | | | | | | | | | | | | | | | | | | For all requests which don't operate on a tcon, we should call change_to_root_user(), to match the SMB1 behavior. For SMB1 we do the following operations without AS_USER: /* 0x70 */ { "SMBtcon",reply_tcon,0}, /* 0x71 */ { "SMBtdis",reply_tdis,DO_CHDIR}, /* 0x72 */ { "SMBnegprot",reply_negprot,0}, /* 0x73 */ { "SMBsesssetupX",reply_sesssetup_and_X,0}, /* 0x74 */ { "SMBulogoffX",reply_ulogoffX, 0}, /* ulogoff doesn't give a valid TID */ /* 0x75 */ { "SMBtconX",reply_tcon_and_X,0}, ... /* 0x2b */ { "SMBecho",reply_echo,0}, ... /* 0xa4 */ { "SMBntcancel",reply_ntcancel, 0 }, For SMB2tdis we still call smbd_smb2_request_check_tcon() as close_cnum() calls change_to_root_user() when needed. metze Signed-off-by: Jeremy Allison <jra@samba.org> (cherry picked from commit eea210eba7c20e6d04b13cf8ccd3011ee7c99157) (cherry picked from commit 3de9d2204e1f14c8a1d9642f3dc1e1e7e1013210)
* s3:smb2_server: there's no reason to check the session id twice on a ↵Stefan Metzmacher2011-07-261-5/+0
| | | | | | | | | | | smb2_tcon request metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Mon Jul 4 17:34:13 CEST 2011 on sn-devel-104 (cherry picked from commit 7c96e96e9881ec1ad7b41f0ab241a5b0ac17b93f) (cherry picked from commit fe6a325226a5fb17e5ccf62c5d0882d97baa35b7)
* WHATSNEW: Update changes since rc2.Karolin Seeger2011-07-261-3/+11
| | | | | Karolin (cherry picked from commit ae414153864100daa616b169b1b55e2d903b590c)
* VERSION: Set version to 3.6.0rc3.Karolin Seeger2011-07-261-1/+1
| | | | | Karolin (cherry picked from commit 7bbf4bc9870c5a9b02a40d321b2efdb86b0440d2)
* Fix bug #Bug 8304 - Uninitialized variable referenced in error path.Jeremy Allison2011-07-261-1/+5
| | | | | princ must not be used uninitialized. auth_data is not used at all. (cherry picked from commit ba6f88a6720358bea75b162f193182b724b9411c)
* Fix bug 8305 - nmbd segfaults - when using "smbtree ..." (cherry picked from ↵Günter Kukkukk2011-07-261-1/+1
| | | | | | commit 102a931c8081559423fb25b3a4d445b6f2e790ac) (cherry picked from commit e5f4b6e7aa1d102db023a491991684118875ee38)
* s3-docs: Remove manpages for ldb tools.Karolin Seeger2011-07-267-1012/+0
| | | | | | | | | | Fix bug #8297 (ldb tools man pages should be removed from the release tar ball). Thanks to Björn for reporting! Karolin (cherry picked from commit 73e6673078ef8477107cf94a9d53f3d2b42cb6d7)
* Fix bug #8293 - SMB2 doesn't rotate the log files often enough.Jeremy Allison2011-07-263-3/+21
| | | | | | | | Move the num_requests field out of the smb1 struct into the generic struct smbd_server_connection struct. Use it to count SMB2 requests as well as SMB1 and ensure that check_log_size() is called every 50 SMB2 requests. (cherry picked from commit b7dbbe1005627932ab959144002f9d41adb04328)
* s3-waf: split out LIBCLI_WINREG_INTERNAL as LIBCLI_WINREG was pulling in rpc ↵Günther Deschner2011-07-262-7/+8
| | | | | | | | | | | | | | | | | | | | | server code in undesired places. Andreas, please check. Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Fri Jul 8 18:34:44 CEST 2011 on sn-devel-104 (cherry picked from commit f4add4fbf545313f5d24e0d9e5c9eb0f8fac630a) Conflicts: source3/rpc_server/wscript_build source3/wscript_build The last 21 patches address bug #8214 (printer driver upgrade fails, causing smbd to exit on startup). (cherry picked from commit 9a555e0271c333d1e33a9f2df435166aa8c6dfde)
* s3-printing: remove tdb migration invalid printer name checksDavid Disseldorp2011-07-261-9/+2
| | | | | | | | | | | | WERR_INVALID_PRINTER_NAME only needed to be handled when printing tdb migration used spoolss, with winreg such errors are no longer possible. Signed-off-by: Günther Deschner <gd@samba.org> Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Thu Jul 7 19:15:34 CEST 2011 on sn-devel-104 (cherry picked from commit e5955903fdc5ed6f8660b72db0716d4da25c711c) (cherry picked from commit 1822df19e764bce37a4b2c7e212a2bb0c61d1d13)
* s3-printing: fill info2_mask in printer migrationDavid Disseldorp2011-07-261-4/+7
| | | | | | | Also fix possibly uninitialised status return from printing_tdb_migrate_printer(). (cherry picked from commit 5dd8185d852afc3843253c9471326677f8816a77) (cherry picked from commit ec0c13d05962e0e3d92dee811667e2dc6bfa67fc)
* s3-printing: make sure to first migrate the printers then the security ↵Günther Deschner2011-07-262-4/+28
| | | | | | | | | | descriptor. Guenther Pair-Programmed-With: David Disseldorp <ddiss@suse.de> (cherry picked from commit cfc3b6e5f79f253e83dfbd13d47b671deb5801b3) (cherry picked from commit d967d1b9ac902cd750cc9c43ecce9481c444504b)
* s3-printing: remove spoolss pipe from migration library, only using winreg ↵Günther Deschner2011-07-264-46/+5
| | | | | | | | | | finally. Guenther Pair-Programmed-With: David Disseldorp <ddiss@suse.de> (cherry picked from commit 57bbb32c64db1027e2b9ae1aef7f5f3b33ae3882) (cherry picked from commit 4fc35a5cc9db162a6df7b09e70686caaaa6c352c)
* s3-printing: use winreg interface for migration, instead of spoolss.Günther Deschner2011-07-261-181/+38
| | | | | | | | | | | | Guenther Pair-Programmed-With: David Disseldorp <ddiss@suse.de> (cherry picked from commit 8f3d5f5333a61922c4ea7ff1e1d244978958e857) Conflicts: source3/printing/nt_printing_migrate.c (cherry picked from commit 8ca35cd86041d197f3bf377cc0afabe5e2cd4ceb)
* s3-printing: safe a ton of roundtrips by reusing existing winreg ↵Günther Deschner2011-07-263-156/+229
| | | | | | | | | | | | | | binding_handles. Guenther Pair-Programmed-With: David Disseldorp <ddiss@suse.de> (cherry picked from commit 72b1f8be5619ed778c4aa0b967f6a4f34d7e9de8) Conflicts: source3/rpc_server/spoolss/srv_spoolss_nt.c (cherry picked from commit 5bab2244e5893ae6f470299b4efcabd54dc23fcc)
* s3-printing: use winreg_internal functions.Günther Deschner2011-07-263-87/+87
| | | | | | | | | | | | Guenther Pair-Programmed-With: David Disseldorp <ddiss@suse.de> (cherry picked from commit 0a1ec73b965f66977a90fb7febb3b56b52ebab20) Conflicts: source3/rpc_server/spoolss/srv_spoolss_nt.c (cherry picked from commit 7c0ab14cc21c47193e7198a01e5ae16052c8d0f9)