summaryrefslogtreecommitdiffstats
path: root/source/smbd
Commit message (Collapse)AuthorAgeFilesLines
* Fix for CVE-2009-2906.samba-3.0.37v3-0-stableJeremy Allison2009-09-301-4/+16
| | | | | | | | Summary: Specially crafted SMB requests on authenticated SMB connections can send smbd into a 100% CPU loop, causing a DoS on the Samba server.
* Fix for CVE-2009-2813.Karolin Seeger2009-09-281-1/+10
| | | | | | | | | | | | | | | =========================================================== == Subject: Misconfigured /etc/passwd file may share folders unexpectedly == == CVE ID#: CVE-2009-2813 == == Versions: All versions of Samba later than 3.0.11 == == Summary: If a user in /etc/passwd is misconfigured to have == an empty home directory then connecting to the home == share of this user will use the root of the filesystem == as the home directory. ===========================================================
* Workaround for KB932762Volker Lendecke2009-07-301-1/+3
| | | | (cherry picked from commit a15c816ba5fd4dcedd68beb1fcb0540de325c1cb)
* Fix bug in processing of open modes in POSIX open.Jeremy Allison2009-07-301-0/+2
| | | | | | | | | | | Was missing case of "If file exists open. If file doesn't exist error." Damn damn damn. CIFSFS client will have to have fallback cases for this error for a long time. Make test for open modes more robust against other bits. Jeremy. (cherry picked from commit ac11d94f36e1878f3f5d86f2e7197fd8ecdd196b)
* Noted by Vericode analysis. Correctly use chroot().Jeremy Allison2009-07-301-2/+9
| | | | | Jeremy. (cherry picked from commit 3086400b61ee3dda639c5520b539d4ff76e4d9c5)
* Don't try and delete a default ACL from a file.Günter Kukkukk2009-07-301-4/+8
| | | | (cherry picked from commit 04fc826efb290ba4b1f173752efb37a4b87281f2)
* Fix logic error in try_chown - we shouldn't arbitrarily chownJeremy Allison2009-07-301-6/+9
| | | | | | to ourselves unless that was passed in. Jeremy. (cherry picked from commit 60289187a91e23787be581b824076651230245b2)
* Second part of the attemt to fix #4308 - Excel save operation corrupts file ↵Jeremy Allison2009-07-301-124/+140
| | | | | | | | | ACLs. If the chown succeeds then the ACL set should also. Ensure this is the case (refactor some of this code to make it simpler to read also). Jeremy. (cherry picked from commit 08836722e63cfd6cfd88059dd3f10d98474f49cb)
* Another attempt to fix bug #4308 - Excel save operation corrupts file ACLs.Jeremy Allison2009-07-301-27/+0
| | | | | | | | | | | | | | | | | | | | | Simo is completely correct. We should be doing the chown *first*, and fail the ACL set if this fails. The long standing assumption I made when writing the initial POSIX ACL code was that Windows didn't control who could chown a file in the same was as POSIX. In POSIX only root can do this whereas I wasn't sure who could do this in Windows at the time (I didn't understand the privilege model). So the assumption was that setting the ACL was more important (early tests showed many failed ACL set's due to inability to chown). But now we have privileges in smbd, and we must always fail an ACL set when we can't chown first. The key that Simo noticed is that the CREATOR_OWNER bits in the ACL incoming are relative to the *new* owner, not the old one. This is why the old user owner disappears on ACL set - their access was set via the USER_OBJ in the creator POSIX ACL and when the ownership changes they lose their access. Patch is simple - just ensure we do the chown first before evaluating the incoming ACL re-read the owners. We already have code to do this it just wasn't rigorously being applied. Jeremy. (cherry picked from commit 9a95b6cac2dea88cb9e9b428292dfca9d1e3e801)
* Fix bug #6488.Jeremy Allison2009-06-221-0/+2
|
* Fix bug #6019 File corruption in Clustered SMB/NFS environment managed via CTDBJeremy Allison2009-01-141-2/+2
| | | | | Jeremy. (cherry picked from commit 974262ba3e8226ec9805d38e602ec8d083e44f72)
* Backport of the clean event context after fork andBo Yang2009-01-121-11/+9
| | | | | krb5 refresh chain fixes. (cherry picked from commit 194425f8074e2cfd5893499099614666f8d8ecd9)
* Fix bug #5937 - filenames with "*" char hide other filesJeremy Allison2009-01-121-6/+4
| | | | | Jeremy. (cherry picked from commit 7917038db0277d16e5284ee261a4913e278e5ac7)
* Fix bug #1254 - write list not working under share-level securityJeremy Allison2009-01-122-3/+53
| | | | | | (mtab.c, fix build). Jeremy. (cherry picked from commit 680e4c398c79867f8a7ad40e9c2cd9c401922edd)
* Fix bug #5873 - ACL inheritance cannot be broken. This regresses #4308, but ↵Jeremy Allison2009-01-121-0/+8
| | | | | | | | that will have to be fixed another way. Jeremy. (cherry picked from commit 649572c454328b81714b86d3f99f730bf61625e0)
* Fix bug #5909 - MS-DFS does not work on Vista, if link name includes ↵Yasuma Takeda2009-01-121-6/+6
| | | | | | multibyte character. (cherry picked from commit 92f3ba8e20bd4a5a2afdd13feb5519d723784274)
* Fix bug #5908 - Samba 3.0.32 - internal change notify on share directory fails"Dina Fine2009-01-121-0/+3
| | | | (cherry picked from commit cc97e2a0d51f52a79982ac265f073d3829c1357a)
* Add reference to bug #4308 to remind me to add regression test to smbtorture.Jeremy Allison2009-01-121-0/+4
| | | | | Jeremy. (cherry picked from commit 0de73eeb1a17b6af217babd626b203eca975541f)
* Fix bug triggered by the RAW-SAMBA3OPLOCKLOGOFF testVolker Lendecke2009-01-121-0/+2
| | | | (cherry picked from commit af33c8b3521564c229091f197341ba33a7d6f162)
* Cope with bad trans2mkdir requests from System i QNTC IBM SMB client.Jeremy Allison2009-01-121-2/+4
| | | | | | | | | If total_data == 4 Windows doesn't care what values are placed in that field, it just ignores them. The System i QNTC IBM SMB client puts bad values here, so ignore them. Jeremy. (cherry picked from commit cfdbe8a1f2057ad1a8886ca7445a812219648d19)
* Fix use of DLIST_REMOVE as spotted by Constantine Vetoshev <gepardcv@gmail.com>.Jeremy Allison2009-01-121-1/+1
| | | | | | | | | | | | | | | | | | This API is unusual in that if used to remove a non-list head it nulls out the next and prev pointers. This is what you want for debugging (don't want an entry removed from the list to be still virtually linked into it) but means there is no consistent idiom for use as the next and prev pointers get trashed on removal from the list, meaning you must save them yourself. You can use it one way when deleting everything via the head pointer, as this preserves the next pointer, but you *must* use it another way when not deleting everything via the head pointer. Fix all known uses of this (the main one is in conn_free_internal() and would not free all the private data entries for vfs modules. The other changes in web/statuspage.c and winbindd_util.c are not strictly neccessary, as the head pointer is being used, but I've done them for consistency. Long term we must revisit this as this API is too hard to use correctly. Jeremy. (cherry picked from commit 45514fc5d85221339a4ee55b9f9f78c917b2fd19)
* Ensure we emit the notify message before renaming the open files.Jeremy Allison2009-01-121-2/+2
| | | | | Jeremy. (cherry picked from commit ffa704347a9cf10de20105e3dd07963f975cbd77)
* Fix for bug #5790 - samba returns STATUS_OBJECT_NAME_NOT_FOUND on set file ↵Jeremy Allison2009-01-121-4/+6
| | | | | | | | | | | | disposition call. This was my fault. I use a singleton cache (positive and negative) to speed up pathname based qfileinfo/setfileinfo lookups for alternate fsp's open on the same path. I only invalidated the negative cache on adding a new file fsp, as I incorrectly imagined the new fsp was put at the *end* of the open files list. DLIST_ADD puts it at the start, meaning any subsequent open wasn't seen once the cache was set. Doh ! Jeremy. (cherry picked from commit 3d10c237a9b71d269d7936d58c2f8c0172165cbe)
* Here's the fix for bug #5750. Note this bug does *NOT* affectJeremy Allison2009-01-121-4/+6
| | | | | | 3.2.x (code is different there). Jeremy. (cherry picked from commit d3e790fa70d083a53de221907c951580ce2537a4)
* Fix bug #5052 - not work cancel inheritance on share. We wereJeremy Allison2009-01-121-3/+10
| | | | | | | using the parent security descriptor type and flags instead of using the passed in SD. Jeremy. (cherry picked from commit 78941c166debc8315516d895b2ef77e52417f067)
* become root for AIO operationsAndrew Tridgell2009-01-121-0/+6
| | | | | | | We need to become root for AIO read and write to allow the AIO thread to send a completion signal to the parent process when the IO completes (cherry picked from commit 91dcce0e4deb87c6d5e491eb9dbb09fd04981d28)
* EINVAL is also a valid error return, meaning "this filesystemAndrew Tridgell2009-01-121-2/+3
| | | | | cannot do sendfile for this file" (cherry picked from commit 5f30f87dcbeaf30713fadeb130193cb86021e87f)
* Fix the offset checks in the trans routinesVolker Lendecke2008-11-183-10/+10
| | | | | | | This fixes a potential crash bug, a client can make us read memory we should not read. Luckily I got the disp checks right... Volker
* Don't re-initialize a token when we already have one. This fixes the build ↵Jeremy Allison2008-08-221-8/+10
| | | | | | | farm failures when winbindd connects as guest. This one took a *lot* of tracking down :-). Jeremy.
* Patch from SATOH Fumiyasu <fumiyas@osstech.co.jp> for bug #5202. Re-activate ↵Jeremy Allison2008-07-031-12/+20
| | | | | | | "acl group control" parameter and make it only apply to owning group. Also added man page fix. Jeremy.
* Security: Patche for CVE-2008-1105.Gerald W. Carter2008-05-281-1/+2
| | | | | | | | | | | | | | | -- Summary -- Specifically crafted SMB responses can result in a heap overflow in the Samba client code. Because the server process, smbd, can itself act as a client during operations such as printer notification and domain authentication, this issue affects both Samba client and server installations. Ensure that we specify the buffer size used to store incoming SMB packets. This bug was originally introduced in Samba 2.2.4. Patch from Jeremy Allison.
* Fix Bug #5285. (libcap header mismatch)Günther Deschner2008-05-281-43/+1
| | | | | | | | | Can someone with gpfs available test this ? The only codepath using this function is the modules/gpfs.c module. The fix resolves at least the build issues Samba has with recent kernel / libcap versions by using the portable cap_get_proc()/cap_set_proc() interface (instead of using capget/capset). Guenther
* Restructuring of code to fix #5460. Remove searchJeremy Allison2008-05-192-36/+13
| | | | | | | by name code from conn, we were already doing the same check in the dfs_redirect() function, so move it into parse_dfs_path() instead. Jeremy.
* Fix two "this will never be null" warnings.Jeremy Allison2008-05-141-2/+2
| | | | Jeremy.
* Ensure we don't keep searching for sharename if it'sJeremy Allison2008-05-141-3/+3
| | | | | not the start of the list. Jeremy.
* Combination patch back port of :Jeremy Allison2008-05-132-10/+62
| | | | | | | | | | | | | | | | | | | | | | | | Fix bug #5460. The problem is RHEL5.0 shipped a CIFS client that sets the DFS bit on pathnames but doesn't send DFS paths. This causes lookups to fail as the smbd/msdfs.c code now just eats the first two parts of the pathname and uses the rest as the local path. The previous hostname check used to protect us from that as we knew that when the hostname was invalid it was a local path (and a broken client). I didn't want to put that check back in, but came up with another idea - even though the hostname can be a different one, the sharename must be valid on this machine. So we can check for a valid sharename instead. Second part of patch for bug #5460. Cope with pathnames that don't look like \xxx\yyy, cope with arbitrary length. Jeremy. Fix debug message. Jeremy.
* fix alignment bug hitting Solaris with "reset in zero vc" activatedBjörn Jacke2008-04-211-5/+8
|
* Fix bug 5366Volker Lendecke2008-04-111-1/+6
|
* Fix typos.Karolin Seeger2008-04-091-1/+1
| | | | Karolin
* Rewrite the wrap checks to deal with gcc 4.x optimisations.Jeremy Allison2008-04-073-76/+130
| | | | Jeremy.
* Fix MSDFS bug noticed by Ofir Azoulay <Ofir.Azoulay@expand.com>.Jeremy Allison2008-04-021-27/+0
| | | | | | There is no reason to ensure the target host is ourselves, and this breaks MS clients in some cases. Jeremy.
* Work around a handle leak in XP 64 bitVolker Lendecke2008-03-081-0/+1
| | | | | We have to tell XP64 that we store unicode, otherwise some library will to a findfirst before each createfile, leaking a directory handle each time.
* Fix inotify detectionVolker Lendecke2008-02-251-1/+7
| | | | Bug 5271 -- thanks to Tiziano Müller
* Ensure we call nt_status_squash() on returns. Smnall whitespace cleanup.Jeremy Allison2008-02-141-8/+8
| | | | Jeremy.
* Ensure we call auth_ntlmssp_end in invalidate_vuid and invalidate_partical_vuid.Jeremy Allison2008-02-141-2/+10
| | | | Jeremy.
* Fix obscure bug where if client sends us the krb5 partJeremy Allison2008-02-131-0/+9
| | | | | | | of a SPNEGO packet we could drop into the NTLMSSP part of the processing. This fix only for 3.0.28a, I have a proper SPNEGO negotiate fix for 3.2. Jeremy
* Fix two memleaksVolker Lendecke2008-02-031-0/+2
| | | | Thanks to Andreas Schneider <anschneider@suse.de> for nagging :-)
* Port SMB_FS_OBJECTID_INFORMATION from 3.2Volker Lendecke2008-01-261-0/+47
| | | | Patch by Corinna Vinschen -- Thanks
* Fix the same bug with user -> user_obj.Jeremy Allison2008-01-241-1/+7
| | | | Jeremy.
* Back port : Correctly set flags in ACE's inherited from parent.Jeremy Allison2008-01-241-3/+37
| | | | Jeremy.
generated by cgit (git 2.34.1) at 2025-08-28 23:41:41 +0000