summaryrefslogtreecommitdiffstats
path: root/source3/libsmb
Commit message (Collapse)AuthorAgeFilesLines
* Fix denial of service - memory corruption.Jeremy Allison2011-02-271-0/+5
| | | | | | | | | | | | | | | | | | | | | | CVE-2011-0719 Fix bug #7949 (DoS in Winbind and smbd with many file descriptors open). All current released versions of Samba are vulnerable to a denial of service caused by memory corruption. Range checks on file descriptors being used in the FD_SET macro were not present allowing stack corruption. This can cause the Samba code to crash or to loop attempting to select on a bad file descriptor set. A connection to a file share, or a local account is needed to exploit this problem, either authenticated or unauthenticated (guest connection). Currently we do not believe this flaw is exploitable beyond a crash or causing the code to loop, but on the advice of our security reviewers we are releasing fixes in case an exploit is discovered at a later date.
* s3: Fix connecting to port-139 only serversVolker Lendecke2011-01-231-3/+5
| | | | | | | | | When the TCP RST came before the 5 msecs timeout kicked in, we viewed this as final, as state->req_139 was not set yet. Fix bug introduced by a fix for bug #7881 (winbind flaky against w2k8). (cherry picked from commit f2a19b87725f9318e983dff6358a3eee721bff08) (cherry picked from commit 569be63e727e69e7e52ec39f40e60903c6826614)
* s3: Retry *SMBSERVER in nb_connectVolker Lendecke2011-01-131-2/+47
| | | | (cherry picked from commit ee2534c18b5afa609ff17d9da7ea10bcf7654fc6)
* s3: Add smbsock_any_connectVolker Lendecke2011-01-131-1/+221
| | | | (cherry picked from commit 198b6d673787ee40c0ac389ece99cee1844dd585)
* s3: Add an async smbsock_connectVolker Lendecke2011-01-131-0/+308
| | | | | | | This connects to 445 and after 5 milliseconds also to 139. It treats a netbios session setup failure as equivalent as a TCP connect failure. So if 139 is faster but fails the nb session setup, the 445 still has the chance to succeed. (cherry picked from commit 35bbc2231760badaf0debc9f8f39ebdf00cfe8ad)
* s3: Add async cli_session_requestVolker Lendecke2011-01-131-0/+125
| | | | | This does not do the redirects, but I think that might be obsolete anyway (cherry picked from commit e2296e23a8546e249d1b26f4da6277792923bef4)
* v3-4-test: Pull in read_smb_send from masterVolker Lendecke2011-01-131-0/+87
| | | | (cherry picked from commit 02c4649674d3bd0f54e71910f11d6aff2cdb6c9d)
* s3: Add some const to name_mangle()Volker Lendecke2011-01-131-1/+1
| | | | (cherry picked from commit 56c760ab41b9b4cb9680d873b8f9955be21434f4)
* s3: Make winbind recover from a signing errorVolker Lendecke2011-01-131-0/+2
| | | | | | | | | | | | When winbind sees a signing error on the smb connection to a DC (for whatever reason, our bug, network glitch, etc) it should recover properly. The "old" code in clientgen.c just closed the socket in this case. This is the right thing to do, this connection is spoiled anyway. The new, async code did not do this so far, which led to the code in winbindd_cm.c not detect that we need to reconnect. Fix bug #7800 (winbind does not recover from smb signing errors). (cherry picked from commit 8c2493ff2e646928035ec7296f4451f09390f6aa)
* s3-libsmb: Fix bug #7577.Jeremy Allison2011-01-131-2/+42
| | | | | | SPNEGO auth fails when contacting Win7 system using Microsoft Live Sign-in Assistant. (cherry picked from commit 8564193ca6e023574764676088cafb7215f796f5)
* s3-kerberos: pass down kdc_name to create_local_private_krb5_conf_for_domain().Günther Deschner2011-01-131-2/+4
| | | | | | Guenther (cherry picked from commit e3bdff3d67b46277ee59685218bd90f3788b487d) (cherry picked from commit 69e1fc797dc34be03d771ec017ef27c6aa87a155)
* Fix bug #7669.Jeremy Allison2010-09-091-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | Fix bug #7669 (buffer overflow in sid_parse() in Samba3 and dom_sid_parse in Samba4). CVE-2010-3069: =========== Description =========== All current released versions of Samba are vulnerable to a buffer overrun vulnerability. The sid_parse() function (and related dom_sid_parse() function in the source4 code) do not correctly check their input lengths when reading a binary representation of a Windows SID (Security ID). This allows a malicious client to send a sid that can overflow the stack variable that is being used to store the SID in the Samba smbd server. A connection to a file share is needed to exploit this vulnerability, either authenticated or unauthenticated (guest connection).
* s3:libsmb: add cli_state_is_connected() functionStefan Metzmacher2010-05-061-0/+18
| | | | | | | | | metze (cherry picked from commit d7bf30ef92031ffddcde3680b38e602510bcae24) (cherry picked from commit 589f73924273e8a9b54669f42a92381661dcb33f) Signed-off-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 5a4bdb706b97857da67c791b81039b4bc4031c76)
* s3:libsmb: don't let cli_shutdown() segfault with a NULL cli_stateStefan Metzmacher2010-05-061-0/+4
| | | | | | | | | metze (similar to commit 47e10ab9a85960c78af807b66b99bcd139713644) (cherry picked from commit 957c0d4a5ee67ac70e576155a0f2f6f84cdb1596) Signed-off-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit e6d5238c8403e848a43e6c7a2d3ca6422e8becd4)
* s3: fix crash in winbindd (similar to commit ↵Stefan Metzmacher2010-05-061-2/+9
| | | | | | | f8cc0e88fbbb082ead023e0cb437b1e12cf35459) Signed-off-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit be9a46c9cae2d05a7eb54e871e05480bd8caa609)
* Fix off-by-one error in working out the limit of the NetServerEnum comment.Jeremy Allison2010-02-151-1/+1
| | | | | | | | Jeremy. (cherry picked from commit 9ad6f432f3f5844b4b419e7cbaf3c3e70b052d29) Signed-off-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 026f05839b6dbdeb5be3953930a28f7650c1e1da)
* s3:libsmb: fix NetServerEnum3 rap calls.Stefan Metzmacher2010-02-151-5/+19
| | | | | | metze (cherry picked from commit 9b5198dd443a00fdad4faa1f9cdabedd81012d93) (cherry picked from commit 86eae5b4862735309313e1800be44dab2641b393)
* s3:libsmb: don't reuse the callers stype variable in cli_NetServerEnum()Stefan Metzmacher2010-02-151-2/+3
| | | | | | | | | | | | | When we need to do more than one network operation to get the browse list we need to use the same 'stype' value each time. metze Signed-off-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit c2e4746fa9d68e7601e8e90cc0144d2e65a695b6) Fix bug #7098 (smbclient -L gives wrong results with a large browse list). (cherry picked from commit 49ed8e5ef079edf42bbe5325a46547ecfdff8a7d)
* s3: Fix a crash in libsmbclient used against the OpenSolaris CIFS serverVolker Lendecke2010-01-181-1/+1
| | | | | | | | | A user has sent me a sniff where the OpenSolaris CIFS server returns "32" in totalentries, but the array in ctr only contains 15 entries. Look at the right delimiter for walking the array. Fix bug #7046 (libsmbclient crash against OpenSolaris CIFS server). (cherry picked from commit 734446bb3a8984ec805c73e06e553312b46e4094)
* Fix bug 7045 - Bad (non memory copying) interfaces in smbc_setXXXX calls.Jeremy Allison2010-01-182-10/+31
| | | | | | | | | | | | | | | In smbc_free_context libsmbclient just called free() on the string options so it assumes the callers have malloced them before setting them via smbc_set calls. Change to correctly malloc/free string options to the library. Protect against SMB_STRDUP of null. Contains 2d41b1ab78639abe4ae030ff482573f464564dd7 and f85b6ee90b88c7f7b2a92c8a5f3e2ebe59c1087b from master. Jeremy (cherry picked from commit 1d9dc38aec417c8ccc9fa34d32015ee57d877ba9)
* s3-libsmbclient: Fix crash bug in SMBC_parse_path().Günther Deschner2010-01-181-1/+1
| | | | | | | | | | | | | Patch from Tim Waugh <twaugh@redhat.com>. This resolves https://bugzilla.redhat.com/show_bug.cgi?id=552658 LIBSMBCLIENT-OPENDIR torture test checks this as well. Guenther (cherry picked from commit e635b0074c55e0376495abe940355aa7b04f0b70) Fix bug #7043 (SIGSEGV in "SMBC_parse_path"). (cherry picked from commit 01009416998219a27268211a3ae26d7b3ab157f8)
* s3-kerberos: add a missing reference to authdata headers.Günther Deschner2009-12-231-0/+1
| | | | | | Guenther (cherry picked from commit da79cbb0800dd647be864e8bbb5fe1132708174b) (cherry picked from commit a9a3504ede1306ceb86d99bceb5e8bf4d48f40c2)
* s3-kerberos: only use krb5 headers where required.Günther Deschner2009-12-233-3/+3
| | | | | | | | This seems to be the only way to deal with mixed heimdal/MIT setups during merged build. Guenther (cherry picked from commit 41fb263aacc5dce50d3554598d08cb497ffd929f)
* s3-kerberos: Fix Bug #6929: build with recent heimdal.Günther Deschner2009-12-231-1/+1
| | | | | | | | | Heimdal changed the KRB5_DEPRECATED define (which now may not take an identifier for activation) in new releases (like 1.3.1). Guenther (cherry picked from commit 1a8f8382740e352a83133b8c49aaedd4716210cd) (cherry picked from commit 83ee139ddde91bffc7b5921eb5e6a4364a408d38)
* clikrb5: Prefer krb5_free_keytab_entry_contents to krb5_kt_free_entry.Jelmer Vernooij2009-12-231-3/+8
| | | | | | | | | Both functions exist in MIT Kerberos >= 1.7, but only krb5_free_keytab_entry_contents has a prototype. (cherry picked from commit b65ba0e26c781647e097f3f6fa279c7f3f7f4bd2) Part of a fix for bug #6918 (Build breaks with krb5-client-1.7-6.1.i586). (cherry picked from commit af52655be1852151421417035007cf3a127fdf34)
* s3-kerberos: add smb_krb5_principal_get_realm().Günther Deschner2009-12-231-0/+25
| | | | | Guenther (cherry picked from commit 80d2ad88d8deac953346d1ce98fb519d7f2bf3de)
* s3: fixed krb5 build problem on ubuntu karmicAndrew Tridgell2009-12-231-0/+9
| | | | | | | | | | | Karmic has MIT krb5 1.7-beta3, which has the symbol krb5_auth_con_set_req_cksumtype but no prototype for it. See also http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=531635 (cherry picked from commit a6e4cb500b4162cae1d906a1762507370b4ee89e) Part of a fix for bug #6918. (cherry picked from commit 8c2dfcd24f69aa8d71a2854feaf2e8ea1802537e)
* Fix bug 6880 - cannot list workgroup servers reported by Alban Browaeys ↵Jeremy Allison2009-12-231-5/+14
| | | | | | <prahal@yahoo.com> with fix. Revert 2e989bab0764c298a2530a2d4c8690258eba210c with extra comments - this broke workgroup enumeration. Jeremy. (cherry picked from commit 6be57c378c0dbc4c4ab732fffee0d6a74011fd14)
* Fix bug 6829 - smbclient does not show special characters properly. All ↵Jeremy Allison2009-10-262-0/+17
| | | | | | successful calls to cli_session_setup() *must* be followed by calls to cli_init_creds() to stash the credentials we successfully connected with. There were 2 codepaths where this was missing. This caused smbclient to be unable to open the \srvsvc pipe to do an RPC netserverenum, and cause it to fall back to a RAP netserverenum, which uses DOS codepage conversion rather than the full UCS2 of RPC, so the returned characters were not correct (unless the DOS codepage was set correctly). Phew. That was fun to track down :-). Includes logic simplification in libsmb_server.c Jeremy. (cherry picked from commit 587ca743bf1491e97c984ce4bec5a9bd0a1ae69a)
* s3-spnego: Fix Bug #6815. Windows 2008 R2 SPNEGO negTokenTarg parsing failure.Günther Deschner2009-10-201-19/+16
| | | | | | | | | When parsing a SPNEGO session setup retry (falling back from KRB5 to NTLMSSP), we failed to parse the ASN1_ENUMERATED negResult in the negTokenTarg, thus failing spnego_parse_auth() completely. Guenther (cherry picked from commit 78ba2e1b9e5a63443f4cd51d34c16bc7cc9c6941)
* s3-spnego: avoid NULL talloc context in read_spnego_data().Günther Deschner2009-10-201-15/+15
| | | | | Guenther (cherry picked from commit a830aa269f44e28a2390e162adbb2e26092f179b)
* s3: Fix bug 6606Volker Lendecke2009-10-201-25/+164
| | | | | | | This is a port of 1f34ffa0caae5 and 24309bdb2efc to 3.4. Fix file corruption using smbclient with NT4 server. (cherry picked from commit c685beb091cb0fedfb3f64bcc2ec2beb00fc9328)
* s3-rpc_client: add dcerpc_transport_t to cli_rpc_pipe_open_spnego_ntlmssp ↵Günther Deschner2009-10-201-0/+1
| | | | | | | | and cli_rpc_pipe_open_ntlmssp. Guenther (cherry picked from commit 032e01e7c13724d057b5744d7d79613449c2f24f) (cherry picked from commit cd8874214dba810e60faca155611dbcf2f1351f7)
* Second part of a fix for bug #6235.Jeremy Allison2009-10-201-1/+1
| | | | | Domain enumeration breaks if master browser has space in name. (cherry picked from commit f3f9dfd667526611b1fed3d47dc60eb45932eee0)
* Fix bug #6532.Derrell Lipman2009-10-201-1/+2
| | | | | Domain enumeration breaks if master browser has space in name. (cherry picked from commit 6b4b66c0cbf6147c693a84e6aec0b5cd07fd2e54)
* s3: QNX doesn't know uint - replace with uint_tBjörn Jacke2009-10-201-4/+4
| | | | | (cherry picked from commit a28596964b44f20d794999541d38fe4bae64b56b) (cherry picked from commit 47c2dc4eee5f7644601db0c24dca0ca30b482940)
* s3/libsmb: SIVAL should have been an SVAL.Jeremy Allison2009-10-201-1/+1
| | | | | Fix bug #6726. (cherry picked from commit 7ec7440fc2f78ef49cebdc819ff81db5ce9d143c)
* s3:libsmb: Correctly chew keepalive packetsVolker Lendecke2009-09-091-0/+6
| | | | | | | | | | | | Thanks a *lot* to Günther to send me the relevant traces! Volker Signed-off-by: Günther Deschner <gd@samba.org> Fixes bug #6646 (Winbind authentication issue on 3.2.13/14 and 3.4.0 (was: [Samba] Crazied NTLM_AUTH on samba 3.4.0)). (cherry picked from commit a4f9583ce364fad963cc154f0229cb57ec0043d2)
* Fix bug 6496 - libsmbclient: MS-DFS: cannot follow multibyte char link name. ↵SATOH Fumiyasu2009-09-091-14/+38
| | | | | | A server returns a byte of consumed path in UCS2, not UNIX charset. (cherry picked from commit ee70079d08acf23cf7c342f09a7db4f5fc7ca95e)
* Fix bug 6673 - smbpasswd does not work with "unix password sync = yes". ↵Jeremy Allison2009-09-091-1/+1
| | | | | | Revert change from 3.3 -> 3.4 with read_socket_with_timeout changed from sys_read() to sys_recv(). read_socket_with_timeout() is called with non-fd's (with a pty in chgpasswd.c and with a disk file in lib/dbwrap_file.c via read_data()). recv works for the disk file, but not the pty. Change the name of read_socket_with_timeout() to read_fd_with_timeout() to make this clear (and add comments). Jeremy. (cherry picked from commit 91a5b8561e2f13f77fa5648f7cc373aff1701954)
* s3-smbpasswd: Fix Bug #6584: allow DOM\user when changing passwords remotely.Simo Sorce2009-09-031-3/+16
| | | | | Signed-off-by: Günther Deschner <gd@samba.org> (cherry picked from commit 8cb103372be4eb3232e5e13b67f63562e5506c7e)
* Fix Red Hat bugzilla bug : https://bugzilla.redhat.com/show_bug.cgi?id=516165Jeremy Allison2009-08-241-1/+1
| | | | | | | | | | | | | | nautilus fails to copy files from an SMB share. This is a show-stopper for 3.4.1. Although gnome-vfs is doing *incredibly* stupid things by asking for a read size of 65535 - this translates on the wire to a 65534 byte read followed by a 1 byte read. Please send this back to the gnome developers that they will ge horrid on the wire performance for this. Jeremy. Fixes bug #6649. Fixed in master with commit 33d27797d3ae9ab3ff7e1aa940941cc450f5ad1d. (cherry picked from commit ef891070288cd13aff7c730de7c1baf54dddb90f)
* s3: Unable to browse DFS when using kerberos in libsmbclientBo Yang2009-08-131-8/+14
| | | | | | | Signed-off-by: Bo Yang <boyang@samba.org> Fixes bug #6615. (cherry picked from commit 13911afe5b167ae9d100c40d32e9286d902652a1)
* s3/libsmb: Fix typo in error message.Karolin Seeger2009-06-171-1/+1
| | | | | | | | Thanks to Herb Lewis <hlewis [at] panasas.com> for noticing! Karolin (cherry picked from commit 095f66b0ed74d4b5c7561ca05bbfdf33f60d0600) (cherry picked from commit 04b45fbbec832bb35adebe03583b9b622954a9dc)
* s3/libsmb: Fix debug message.Karolin Seeger2009-06-171-1/+1
| | | | | | | | | | This fixes bug #6472. Karolin Signed-off-by: Volker Lendecke <vl@samba.org> (cherry picked from commit f92269a6ce220e12b9b80c15ed3fa2e9e6b4a6dc) (cherry picked from commit e24c2401750212d7212952f574ed9765fb1f2e8e)
* s3/getdcname: Fix 'net' crash.Kumar Thangavelu2009-06-021-2/+2
| | | | | | | | | | 'net' command crashed when attempting to join a domain. This occurred in a very specific case where the DC had multiple IPs and one of the IPs was invalid. Signed-off-by: Volker Lendecke <vl@samba.org> (cherry picked from commit 795692bd9546b91647ea96cc43ebb5c8efc0aaf2) (cherry picked from commit 1b401a1b5374d037757954bb023287fa57b1c9b9)
* Fix bug #6419 - smbclient -L 127.0.0.1" displays "netbios name" instead of ↵Jeremy Allison2009-06-021-3/+26
| | | | | | | | | "workgroup" Unify the handling of the sessionsetup parsing so we don't get different results when parsing a guest reply than an ntlmssp reply. Jeremy. (cherry picked from commit 736c4dddef28d53b55e58a6f62784f068e88dc01)
* Fix uninitialized variable use caught by valgrind.Jeremy Allison2009-05-291-1/+1
| | | | | Jeremy. (cherry picked from commit 62d767d57fafd869ec956cbcc84e8c866c6d665b)
* s3-credentials: protect netlogon_creds_server_step() against NULL creds.Günther Deschner2009-05-261-0/+4
| | | | | | | | Found by SCHANNEL torture tests. Guenther (cherry picked from commit 8e490d2fa1c52be5da331df0b314508f77ec1f6e) (cherry picked from commit 80e1a92ae770fbf97b22e6e99103def755294992)
* s3-secdesc: use SEC_FLAG_MAXIMUM_ALLOWED instead of SEC_RIGHTS_MAXIMUM_ALLOWED.Günther Deschner2009-04-281-1/+1
| | | | | | Guenther (cherry picked from commit b5bec1a6d73f5939b306e157937d027a7286163c) (cherry picked from commit c7d5e0a19057b6ad7301a390fc766bb438967eb2)
generated by cgit (git 2.34.1) at 2025-08-28 21:15:10 +0000