summaryrefslogtreecommitdiffstats
path: root/source/lib
Commit message (Collapse)AuthorAgeFilesLines
* Fix denial of service - memory corruption.Karolin Seeger2011-02-285-2/+38
| | | | | | | | | | | | | | | | | | | | | | | CVE-2011-0719 Fix bug #7949 (DoS in Winbind and smbd with many file descriptors open). All current released versions of Samba are vulnerable to a denial of service caused by memory corruption. Range checks on file descriptors being used in the FD_SET macro were not present allowing stack corruption. This can cause the Samba code to crash or to loop attempting to select on a bad file descriptor set. A connection to a file share, or a local account is needed to exploit this problem, either authenticated or unauthenticated (guest connection). Currently we do not believe this flaw is exploitable beyond a crash or causing the code to loop, but on the advice of our security reviewers we are releasing fixes in case an exploit is discovered at a later date. (cherry picked from commit 724e44eed299c618066dec411530aa9f156119ec)
* Fix bug #7669.Jeremy Allison2010-09-151-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | Fix bug #7669 (buffer overflow in sid_parse() in Samba3 and dom_sid_parse in Samba4). CVE-2010-3069: =========== Description =========== All current released versions of Samba are vulnerable to a buffer overrun vulnerability. The sid_parse() function (and related dom_sid_parse() function in the source4 code) do not correctly check their input lengths when reading a binary representation of a Windows SID (Security ID). This allows a malicious client to send a sid that can overflow the stack variable that is being used to store the SID in the Samba smbd server. A connection to a file share is needed to exploit this vulnerability, either authenticated or unauthenticated (guest connection). (cherry picked from commit df1c76e2275068d1006e82a4a21d42b58175268b)
* Revert "Fix bug #7067 - Linux asynchronous IO (aio) can cause smbd to fail ↵Karolin Seeger2010-03-091-61/+4
| | | | | | | | | to respond to a read or write." This reverts commit 153357b9bb4d70a168c81cb9ff2da437eae823fc. This fixes bug #7222 (All users have full rigths on all shares) (CVE-2010-0728). (cherry picked from commit 007f9c90e952aeea2d8f73cff3ccd0f747a9c06e)
* Fix bug #7067 - Linux asynchronous IO (aio) can cause smbd to fail to ↵Jeremy Allison2010-02-041-4/+61
| | | | | | | | | | | respond to a read or write. Only works on Linux kernels 2.6.26 and above. Grants CAP_KILL capability to allow Linux threads under different euids to send signals to each other. Same as mater commit 899bd0005f56dcc1e95c3988d41ab3f628bb15db. Jeremy.
* s3:smbldap: add smbldap_talloc_first_attribute()Stefan Metzmacher2010-01-131-0/+34
| | | | | | metze Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3/smbldap: Fix typo in debug message.Karolin Seeger2009-08-061-1/+1
| | | | | Karolin (cherry picked from commit 54dffbea663ecf4542d6c5e30da6e346d5d60424)
* Increase the max_grp value to 128 (AIX NGROUPS_MAX value) instead of 32 to ↵Yannick Bergeron2009-08-031-1/+1
| | | | | | | allow AIX to call sys_getgrouplist only once (cherry picked from commit c3e12444f57e24dcd6c9259537ed0489db4658e9) (cherry picked from commit 2666b3e27444ffcad3afc21e276f189ac238433f)
* s3:util: let parent_dirname() correctly return toplevel filenamesStefan Metzmacher2009-07-031-1/+1
| | | | | | | | | metze (cherry picked from commit a14efbadd53ac9678d75e6029f947d63cfa0c4e5) Signed-off-by: Stefan Metzmacher <metze@samba.org> This addresses bug #6526.
* Don't require "Modify property" perms to unjoin (bug #6481) "net ads leave" ↵Jim McDonough2009-06-301-0/+1
| | | | | | | | | | | | | | | | | | | | stopped working when "modify properties" permissions were not granted (meaning you had to be allowed to disable the account that you were about to delete). Libnetapi should not delete machine accounts, as this does not happen on win32. The WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE flag really means "disable" (both in practice and docs). However, to keep the functionality in "net ads leave", we will still try to do the delete. If this fails, we try to do the disable. Additionally, it is possible in windows to not disable or delete the account, but just tell the local machine that it is no longer in the account. libnet can now do this as well. Don't use ads realm name for non-ads case. #6481 Also check that the connection to ads worked.
* s3-netapi: Fix Bug #6451: net/libnetapi user rename using wrong access bits.Günther Deschner2009-06-171-0/+2
| | | | | Guenther (cherry picked from commit 29b8e08b83eeb0ab7d33bf46981cdbad8c35dc9b)
* Fix bug 6157Volker Lendecke2009-06-061-0/+56
| | | | | This patch picks the alphabetically smallest one of the multi-value attribute "uid". This fixes a regression against 3.0 and also becomes deterministic.
* s3-netapi: Fix Bug #6309: support remote unjoining of Windows 2003 or greater.Günther Deschner2009-05-081-1/+2
| | | | | | | Found by David Markey <admin@dmarkey.com>. Thanks! Guenther (cherry picked from commit ab4b8c9c0438bc5afca17e3ebf05dde6f98bc0aa)
* Do not crash in ctdbd_traverse if ctdbd is not aroundVolker Lendecke2009-05-061-0/+5
|
* Fix bug #6089 - Winbind samr_OpenDomain not possible with Samba 3.2.6+Jeremy Allison2009-04-153-37/+36
| | | | | | | What a difference a name makes... :-). Just because something is missnamed SA_RIGHT_SAM_OPEN_DOMAIN, when it should actually be SA_RIGHT_SAM_LOOKUP_DOMAIN, don't automatically use it for a security check in _samr_OpenDomain(). Jeremy.
* netdomjoin-gui: make sure to grey out change fields when not running as root.Günther Deschner2009-04-141-0/+15
| | | | | | Guenther (cherry picked from commit ca3de0103b545c86c8507dfc7d042f1838d5dfb2) (cherry picked from commit cb96e70a1d9112d9e4fff1fda4cf64abc7985347)
* s3/smbconf_reg: Fix typo.Karolin Seeger2009-04-071-1/+1
| | | | | | This used to be commit 6343cab3 in master. Karolin
* Tidy up some convert_string_internal error cases, found by Andrew Bartlett.Jeremy Allison2009-03-311-6/+19
| | | | Jeremy.
* Fix bug #6195 - Migrating from 3.0.x to 3.3.x can fail to update passdb.tdb ↵Jeremy Allison2009-03-271-0/+27
| | | | | | | | | | correctly. For the clustering case. Clustered setups should have only ever used the unsigned version of TDB_DATA in the first place so they can't be in this mess :-). Just do the normal upgrade in the clustered case. Jeremy.
* s3-net: Fix Bug #6102. NetQueryDisplayInformation could return wrong ↵Günther Deschner2009-03-261-6/+12
| | | | | | information. Guenther
* Avahi disables a timer by tv=NULL in avahi_timeout_update(), do not crashVolker Lendecke2009-03-261-0/+7
|
* Add event avahi bindingVolker Lendecke2009-03-231-0/+277
|
* s3-netapi: Fix Coverity #774 (REVERSE_INULL).Günther Deschner2009-03-201-6/+3
| | | | Guenther
* s3-netapi: Fix Coverity #775 (REVERSE_INULL).Günther Deschner2009-03-201-6/+3
| | | | Guenther
* s3-netapi: Fix Coverity #776 (REVERSE_INULL).Günther Deschner2009-03-201-7/+3
| | | | | Guenther (cherry picked from commit d2e348b191ada5492538b7bdae1bb7cd3f639aba)
* version: fix handling of SAMBA_VERSION_VENDOR_PATCH.Michael Adam2009-03-191-1/+1
| | | | | | We need a string version of this, or else version.c does not compile. Michael
* build: fix detection of netinet/ip.h on FreeBSDTimur2009-03-191-0/+1
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> (cherry picked from commit a3d04991ef409591a7c8b9fbb01e024bd5aaa041)
* build: format the header check for netinet/ip.h more nicelyTimur2009-03-191-6/+8
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> (cherry picked from commit e8aa7169a6672bd32af6c5580f6e8ec7e99511bc)
* s3:libsmbconf: add transactions to the libsmbconf apiMichael Adam2009-03-195-0/+57
| | | | | | | | | | | This is useful for wrapping higher level aggregate operations in transactions. The text backend implementations just return WERR_OK, the registry backend implementatoins use the regdb_transaction_start|commit|cancel routines just added. Michael Signed-off-by: Michael Adam <obnox@samba.org>
* Add db_tdb_parseVolker Lendecke2009-03-191-0/+12
| | | | Signed-off-by: Michael Adam <obnox@samba.org>
* Add dbwrap->parse_recordVolker Lendecke2009-03-191-0/+26
| | | | Signed-off-by: Michael Adam <obnox@samba.org>
* s3:dbwrap_ctdb_marshall_add: don't leak the ctdb_rec_data to the outsideMichael Adam2009-03-191-6/+6
| | | | | | Michael Signed-off-by: Michael Adam <obnox@samba.org>
* s3:smbconf: move smbconf_share_exists checks into backendMichael Adam2009-03-192-28/+9
| | | | | | Michael Signed-off-by: Michael Adam <obnox@samba.org>
* Speed up "net conf list"Volker Lendecke2009-03-191-115/+41
| | | | | | For 1000 shares this speeds up net conf list from .6 to .25 seconds on my box Signed-off-by: Michael Adam <obnox@samba.org>
* Speed up "net conf list"Volker Lendecke2009-03-192-4/+3
| | | | | | | With 1000 shares in the registry, this changed the time of "net conf list" from 1.1 seconds to .6 seconds. Signed-off-by: Michael Adam <obnox@samba.org>
* s3: Fix a memleak in dbwrap_rbt.Michael Adam2009-03-191-4/+4
| | | | | | | | | | | | | | | The SMB_MALLOC'ed rbt node data was not free'd on talloc free of the db context. This is a quick fix using talloc instead of malloc for allocation of the node data. Since malloc was originally used for performance reasons, one might want to reverse to malloc and create a talloc destructor that walks the tree and frees all the node data if this talloc approach proves to be too slow.. Michael Signed-off-by: Michael Adam <obnox@samba.org>
* s3:smbconftort: don't use reserved words ('test:', 'failure:', 'success:')Stefan Metzmacher2009-03-191-31/+29
| | | | | | | | Temporary results printfs should not contain reserved subunit words. metze Signed-off-by: Michael Adam <obnox@samba.org>
* s3:libsmbconf: include smbconf headers with lib/smbconf prefixMichael Adam2009-03-192-4/+4
| | | | | | Michael Signed-off-by: Michael Adam <obnox@samba.org>
* s3:libsmbconf: use talloc_free instead of TALLOC_FREE in txt backendMichael Adam2009-03-191-5/+6
| | | | | | Michael Signed-off-by: Michael Adam <obnox@samba.org>
* s3:libsmbconf: use talloc_free instead of TALLOC_FREE in smbconf_initMichael Adam2009-03-191-1/+1
| | | | | | Michael Signed-off-by: Michael Adam <obnox@samba.org>
* s3:libsmbconf: use talloc_free instead of TALLOC_FREE in testsuiteMichael Adam2009-03-191-5/+5
| | | | | | Michael Signed-off-by: Michael Adam <obnox@samba.org>
* s3:libsmbconf: use talloc_free instead of TALLOC_FREE in smbconf_util.cMichael Adam2009-03-191-2/+2
| | | | | | Michael Signed-off-by: Michael Adam <obnox@samba.org>
* s3:libsmbconf: use talloc_free instead of TALLOC_FREE in smbconf.cMichael Adam2009-03-191-2/+2
| | | | | | Michael Signed-off-by: Michael Adam <obnox@samba.org>
* s3:libsmbconf: remove the init headers from smbconf.hMichael Adam2009-03-195-19/+100
| | | | | | | | | | | | give the smbconf_init() dispatcher and the backends (smbconf_reg and smbconf_txt) a header of their own each. This allows to use the basic infrastructure and single backends individually. Michael Signed-off-by: Michael Adam <obnox@samba.org>
* libsmbconf: create text config in smbconftortMichael Adam2009-03-191-1/+38
| | | | Michael
* libsmbconf: return WERR_BADFILE when no path to text backend is provided.Michael Adam2009-03-191-1/+1
| | | | Michael
* libsmbconf: fall back to file backend when no valid backend was foundMichael Adam2009-03-191-4/+5
| | | | | | | | | Interpret the source string as a file name when it contains a ':' sign but the initial part is not a known backend. This might occur even implicitly when "%T" is used in an include file name (even though this is not realistic..). Michael
* libsmbconf: fix comment typo.Michael Adam2009-03-191-1/+1
| | | | Michael
* libsmbconf: remove unused define.Michael Adam2009-03-191-3/+0
| | | | Michael
* s3:libsmbconf: use talloc_free instead of TALLOC_FREE in reg backendMichael Adam2009-03-191-20/+20
| | | | Michael
* libsmbconf: add method is_writeable() and wrapper smbconf_is_writeable()Michael Adam2009-03-195-0/+29
| | | | | | This allows for per-config-source checking of write support. Michael
generated by cgit (git 2.34.1) at 2025-08-28 15:51:37 +0000