summaryrefslogtreecommitdiffstats
path: root/source3/libsmb
Commit message (Collapse)AuthorAgeFilesLines
* Fix denial of service - memory corruption.Jeremy Allison2011-02-281-0/+5
| | | | | | | | | | | | | | | | | | | | | | | CVE-2011-0719 Fix bug #7949 (DoS in Winbind and smbd with many file descriptors open). All current released versions of Samba are vulnerable to a denial of service caused by memory corruption. Range checks on file descriptors being used in the FD_SET macro were not present allowing stack corruption. This can cause the Samba code to crash or to loop attempting to select on a bad file descriptor set. A connection to a file share, or a local account is needed to exploit this problem, either authenticated or unauthenticated (guest connection). Currently we do not believe this flaw is exploitable beyond a crash or causing the code to loop, but on the advice of our security reviewers we are releasing fixes in case an exploit is discovered at a later date. (cherry picked from commit 43babef991feedbe2acb77d27254d302ab107fa8)
* s3: Fix connecting to port-139 only serversVolker Lendecke2011-01-231-3/+5
| | | | | | | | When the TCP RST came before the 5 msecs timeout kicked in, we viewed this as final, as state->req_139 was not set yet. Fix bug introduced by a fix for bug #7881 (winbind flaky against w2k8). (cherry picked from commit f2a19b87725f9318e983dff6358a3eee721bff08)
* s3: Retry *SMBSERVER in nb_connectVolker Lendecke2010-12-261-2/+47
|
* s3: Add smbsock_any_connectVolker Lendecke2010-12-261-1/+221
|
* s3: Add an async smbsock_connectVolker Lendecke2010-12-261-0/+308
| | | | | | This connects to 445 and after 5 milliseconds also to 139. It treats a netbios session setup failure as equivalent as a TCP connect failure. So if 139 is faster but fails the nb session setup, the 445 still has the chance to succeed.
* s3: Add async cli_session_requestVolker Lendecke2010-12-261-0/+125
| | | | This does not do the redirects, but I think that might be obsolete anyway
* v3-4-test: Pull in read_smb_send from masterVolker Lendecke2010-12-261-0/+87
|
* s3: Add some const to name_mangle()Volker Lendecke2010-12-261-1/+1
|
* s3: Make winbind recover from a signing errorVolker Lendecke2010-11-241-0/+2
| | | | | | | | | | | When winbind sees a signing error on the smb connection to a DC (for whatever reason, our bug, network glitch, etc) it should recover properly. The "old" code in clientgen.c just closed the socket in this case. This is the right thing to do, this connection is spoiled anyway. The new, async code did not do this so far, which led to the code in winbindd_cm.c not detect that we need to reconnect. Fix bug #7800 (winbind does not recover from smb signing errors).
* Fix bug #7669.Jeremy Allison2010-09-151-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | Fix bug #7669 (buffer overflow in sid_parse() in Samba3 and dom_sid_parse in Samba4). CVE-2010-3069: =========== Description =========== All current released versions of Samba are vulnerable to a buffer overrun vulnerability. The sid_parse() function (and related dom_sid_parse() function in the source4 code) do not correctly check their input lengths when reading a binary representation of a Windows SID (Security ID). This allows a malicious client to send a sid that can overflow the stack variable that is being used to store the SID in the Samba smbd server. A connection to a file share is needed to exploit this vulnerability, either authenticated or unauthenticated (guest connection). (cherry picked from commit df20a300758bc12286820e31fcf573bdfc2147bc)
* s3-libsmb: Fix bug #7577.Jeremy Allison2010-07-271-2/+42
| | | | | SPNEGO auth fails when contacting Win7 system using Microsoft Live Sign-in Assistant.
* s3-kerberos: pass down kdc_name to create_local_private_krb5_conf_for_domain().Günther Deschner2010-05-191-2/+4
| | | | | Guenther (cherry picked from commit e3bdff3d67b46277ee59685218bd90f3788b487d)
* s3:libsmb: add cli_state_is_connected() functionStefan Metzmacher2010-04-131-0/+18
| | | | | | | | metze (cherry picked from commit d7bf30ef92031ffddcde3680b38e602510bcae24) (cherry picked from commit 589f73924273e8a9b54669f42a92381661dcb33f) Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3:libsmb: don't let cli_shutdown() segfault with a NULL cli_stateStefan Metzmacher2010-04-131-0/+4
| | | | | | | | metze (similar to commit 47e10ab9a85960c78af807b66b99bcd139713644) (cherry picked from commit 957c0d4a5ee67ac70e576155a0f2f6f84cdb1596) Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3: fix crash in winbindd (similar to commit ↵Stefan Metzmacher2010-04-131-2/+9
| | | | | | f8cc0e88fbbb082ead023e0cb437b1e12cf35459) Signed-off-by: Stefan Metzmacher <metze@samba.org>
* Fix off-by-one error in working out the limit of the NetServerEnum comment.Jeremy Allison2010-02-111-1/+1
| | | | | | | Jeremy. (cherry picked from commit 9ad6f432f3f5844b4b419e7cbaf3c3e70b052d29) Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3:libsmb: fix NetServerEnum3 rap calls.Stefan Metzmacher2010-02-111-5/+19
| | | | | metze (cherry picked from commit 9b5198dd443a00fdad4faa1f9cdabedd81012d93)
* s3:libsmb: don't reuse the callers stype variable in cli_NetServerEnum()Stefan Metzmacher2010-02-051-2/+3
| | | | | | | | | | | | When we need to do more than one network operation to get the browse list we need to use the same 'stype' value each time. metze Signed-off-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit c2e4746fa9d68e7601e8e90cc0144d2e65a695b6) Fix bug #7098 (smbclient -L gives wrong results with a large browse list).
* s3: Fix a crash in libsmbclient used against the OpenSolaris CIFS serverVolker Lendecke2010-01-181-1/+1
| | | | | | | | A user has sent me a sniff where the OpenSolaris CIFS server returns "32" in totalentries, but the array in ctr only contains 15 entries. Look at the right delimiter for walking the array. Fix bug #7046 (libsmbclient crash against OpenSolaris CIFS server).
* Fix bug 7045 - Bad (non memory copying) interfaces in smbc_setXXXX calls.Jeremy Allison2010-01-182-10/+31
| | | | | | | | | | | | | | In smbc_free_context libsmbclient just called free() on the string options so it assumes the callers have malloced them before setting them via smbc_set calls. Change to correctly malloc/free string options to the library. Protect against SMB_STRDUP of null. Contains 2d41b1ab78639abe4ae030ff482573f464564dd7 and f85b6ee90b88c7f7b2a92c8a5f3e2ebe59c1087b from master. Jeremy
* s3-libsmbclient: Fix crash bug in SMBC_parse_path().Günther Deschner2010-01-151-1/+1
| | | | | | | | | | | | Patch from Tim Waugh <twaugh@redhat.com>. This resolves https://bugzilla.redhat.com/show_bug.cgi?id=552658 LIBSMBCLIENT-OPENDIR torture test checks this as well. Guenther (cherry picked from commit e635b0074c55e0376495abe940355aa7b04f0b70) Fix bug #7043 (SIGSEGV in "SMBC_parse_path").
* s3-kerberos: add a missing reference to authdata headers.Günther Deschner2009-11-301-0/+1
| | | | | Guenther (cherry picked from commit da79cbb0800dd647be864e8bbb5fe1132708174b)
* s3-kerberos: only use krb5 headers where required.Günther Deschner2009-11-303-3/+3
| | | | | | | This seems to be the only way to deal with mixed heimdal/MIT setups during merged build. Guenther
* s3-kerberos: Fix Bug #6929: build with recent heimdal.Günther Deschner2009-11-301-1/+1
| | | | | | | | Heimdal changed the KRB5_DEPRECATED define (which now may not take an identifier for activation) in new releases (like 1.3.1). Guenther (cherry picked from commit 1a8f8382740e352a83133b8c49aaedd4716210cd)
* clikrb5: Prefer krb5_free_keytab_entry_contents to krb5_kt_free_entry.Jelmer Vernooij2009-11-241-3/+8
| | | | | | | | Both functions exist in MIT Kerberos >= 1.7, but only krb5_free_keytab_entry_contents has a prototype. (cherry picked from commit b65ba0e26c781647e097f3f6fa279c7f3f7f4bd2) Part of a fix for bug #6918 (Build breaks with krb5-client-1.7-6.1.i586).
* s3-kerberos: add smb_krb5_principal_get_realm().Günther Deschner2009-11-241-0/+25
| | | | Guenther
* s3: fixed krb5 build problem on ubuntu karmicAndrew Tridgell2009-11-231-0/+9
| | | | | | | | | | Karmic has MIT krb5 1.7-beta3, which has the symbol krb5_auth_con_set_req_cksumtype but no prototype for it. See also http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=531635 (cherry picked from commit a6e4cb500b4162cae1d906a1762507370b4ee89e) Part of a fix for bug #6918.
* Fix bug 6880 - cannot list workgroup servers reported by Alban Browaeys ↵Jeremy Allison2009-11-101-5/+14
| | | | <prahal@yahoo.com> with fix. Revert 2e989bab0764c298a2530a2d4c8690258eba210c with extra comments - this broke workgroup enumeration. Jeremy.
* Fix bug 6829 - smbclient does not show special characters properly. All ↵Jeremy Allison2009-10-232-0/+17
| | | | successful calls to cli_session_setup() *must* be followed by calls to cli_init_creds() to stash the credentials we successfully connected with. There were 2 codepaths where this was missing. This caused smbclient to be unable to open the \srvsvc pipe to do an RPC netserverenum, and cause it to fall back to a RAP netserverenum, which uses DOS codepage conversion rather than the full UCS2 of RPC, so the returned characters were not correct (unless the DOS codepage was set correctly). Phew. That was fun to track down :-). Includes logic simplification in libsmb_server.c Jeremy.
* s3-spnego: Fix Bug #6815. Windows 2008 R2 SPNEGO negTokenTarg parsing failure.Günther Deschner2009-10-201-19/+16
| | | | | | | | When parsing a SPNEGO session setup retry (falling back from KRB5 to NTLMSSP), we failed to parse the ASN1_ENUMERATED negResult in the negTokenTarg, thus failing spnego_parse_auth() completely. Guenther
* s3-spnego: avoid NULL talloc context in read_spnego_data().Günther Deschner2009-10-201-15/+15
| | | | Guenther
* s3: Fix bug 6606Volker Lendecke2009-10-151-25/+164
| | | | | | This is a port of 1f34ffa0caae5 and 24309bdb2efc to 3.4. Fix file corruption using smbclient with NT4 server.
* s3-rpc_client: add dcerpc_transport_t to cli_rpc_pipe_open_spnego_ntlmssp ↵Günther Deschner2009-10-081-0/+1
| | | | | | | and cli_rpc_pipe_open_ntlmssp. Guenther (cherry picked from commit 032e01e7c13724d057b5744d7d79613449c2f24f)
* Second part of a fix for bug #6235.Jeremy Allison2009-10-021-1/+1
| | | | Domain enumeration breaks if master browser has space in name.
* Fix bug #6532.Derrell Lipman2009-10-021-1/+2
| | | | Domain enumeration breaks if master browser has space in name.
* s3: QNX doesn't know uint - replace with uint_tBjörn Jacke2009-09-191-4/+4
| | | | (cherry picked from commit a28596964b44f20d794999541d38fe4bae64b56b)
* s3/libsmb: SIVAL should have been an SVAL.Jeremy Allison2009-09-151-1/+1
| | | | Fix bug #6726.
* s3:libsmb: Correctly chew keepalive packetsVolker Lendecke2009-09-091-0/+6
| | | | | | | | | | | Thanks a *lot* to Günther to send me the relevant traces! Volker Signed-off-by: Günther Deschner <gd@samba.org> Fixes bug #6646 (Winbind authentication issue on 3.2.13/14 and 3.4.0 (was: [Samba] Crazied NTLM_AUTH on samba 3.4.0)).
* Fix bug 6496 - libsmbclient: MS-DFS: cannot follow multibyte char link name. ↵SATOH Fumiyasu2009-09-091-14/+38
| | | | A server returns a byte of consumed path in UCS2, not UNIX charset.
* Fix bug 6673 - smbpasswd does not work with "unix password sync = yes". ↵Jeremy Allison2009-09-091-1/+1
| | | | Revert change from 3.3 -> 3.4 with read_socket_with_timeout changed from sys_read() to sys_recv(). read_socket_with_timeout() is called with non-fd's (with a pty in chgpasswd.c and with a disk file in lib/dbwrap_file.c via read_data()). recv works for the disk file, but not the pty. Change the name of read_socket_with_timeout() to read_fd_with_timeout() to make this clear (and add comments). Jeremy.
* s3-smbpasswd: Fix Bug #6584: allow DOM\user when changing passwords remotely.Simo Sorce2009-09-021-3/+16
| | | | Signed-off-by: Günther Deschner <gd@samba.org>
* Fix Red Hat bugzilla bug : https://bugzilla.redhat.com/show_bug.cgi?id=516165Jeremy Allison2009-08-211-1/+1
| | | | | | | | | | | | | nautilus fails to copy files from an SMB share. This is a show-stopper for 3.4.1. Although gnome-vfs is doing *incredibly* stupid things by asking for a read size of 65535 - this translates on the wire to a 65534 byte read followed by a 1 byte read. Please send this back to the gnome developers that they will ge horrid on the wire performance for this. Jeremy. Fixes bug #6649. Fixed in master with commit 33d27797d3ae9ab3ff7e1aa940941cc450f5ad1d.
* s3: Unable to browse DFS when using kerberos in libsmbclientBo Yang2009-08-111-8/+14
| | | | | | Signed-off-by: Bo Yang <boyang@samba.org> Fixes bug #6615.
* s3/libsmb: Fix typo in error message.Karolin Seeger2009-06-171-1/+1
| | | | | | | Thanks to Herb Lewis <hlewis [at] panasas.com> for noticing! Karolin (cherry picked from commit 095f66b0ed74d4b5c7561ca05bbfdf33f60d0600)
* s3/libsmb: Fix debug message.Karolin Seeger2009-06-151-1/+1
| | | | | | | | | This fixes bug #6472. Karolin Signed-off-by: Volker Lendecke <vl@samba.org> (cherry picked from commit f92269a6ce220e12b9b80c15ed3fa2e9e6b4a6dc)
* Fix bug #6419 - smbclient -L 127.0.0.1" displays "netbios name" instead of ↵Jeremy Allison2009-06-011-3/+26
| | | | | | | | "workgroup" Unify the handling of the sessionsetup parsing so we don't get different results when parsing a guest reply than an ntlmssp reply. Jeremy.
* s3/getdcname: Fix 'net' crash.Kumar Thangavelu2009-05-291-2/+2
| | | | | | | | | 'net' command crashed when attempting to join a domain. This occurred in a very specific case where the DC had multiple IPs and one of the IPs was invalid. Signed-off-by: Volker Lendecke <vl@samba.org> (cherry picked from commit 795692bd9546b91647ea96cc43ebb5c8efc0aaf2)
* Fix uninitialized variable use caught by valgrind.Jeremy Allison2009-05-281-1/+1
| | | | Jeremy.
* s3-credentials: protect netlogon_creds_server_step() against NULL creds.Günther Deschner2009-05-071-0/+4
| | | | | | | Found by SCHANNEL torture tests. Guenther (cherry picked from commit 8e490d2fa1c52be5da331df0b314508f77ec1f6e)
* s3-secdesc: use SEC_FLAG_MAXIMUM_ALLOWED instead of SEC_RIGHTS_MAXIMUM_ALLOWED.Günther Deschner2009-04-211-1/+1
| | | | | Guenther (cherry picked from commit b5bec1a6d73f5939b306e157937d027a7286163c)
generated by cgit (git 2.34.1) at 2025-08-29 01:44:48 +0000