summaryrefslogtreecommitdiffstats
path: root/source3
Commit message (Collapse)AuthorAgeFilesLines
* VERSION: Bump version up to 3.4.16.Karolin Seeger2011-08-231-1/+1
| | | | Karolin
* s3/swat: use strlcat instead of strncat to fix build on old Linux distrosBjörn Jacke2011-08-091-1/+1
| | | | | | | | | | | | | | | SLES 9's glibc for example had weird macros where the use of strncat resulted in the use of strcat which we don't allow. Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User: Björn Jacke <bj@sernet.de> Autobuild-Date: Thu Aug 4 17:50:24 CEST 2011 on sn-devel-104 (cherry picked from commit d3b4d75364210e2d2a4a1cd806f28b0021f22909) Fix bug #8362 (build issue on old glibc systems). (cherry picked from commit 87fa72a5202fe3780d4a61289bf755027cd078f4) (cherry picked from commit 552ccc6588b0744ae9b3731b1406749baea03d5a)
* s3:web/swat: use strtoll() instead of atoi/atol/atollStefan Metzmacher2011-08-091-6/+19
| | | | | | | | | | | | | This is more portable, as we have a strtoll replacement in lib/replace. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Sat Aug 6 11:55:45 CEST 2011 on sn-devel-104 (cherry picked from commit a6be0820d09b3f3eabfbb5f4356add303aa8a494) Fix bug #8347 (CVE-2011-2522 regression for HP-UX, AIX and OSF).
* VERSION: Bump version up to 3.4.15.Karolin Seeger2011-07-261-1/+1
| | | | | Karolin (cherry picked from commit eff1c775066938267c44ab0bd25de99363c1d569)
* s3-swat: Fix typo.Karolin Seeger2011-07-261-1/+1
| | | | | | | Thanks to Simo for reporting! Karolin (cherry picked from commit 40787695a1a3200421c9409eef9e520b849ee3a1)
* s3 swat: Create random nonce in CGI modeKai Blin2011-07-261-1/+19
| | | | | | | | | | | | | | In CGI mode, we don't get access to the user's password, which would reduce the hash used so far to parameters an attacker can easily guess. To work around this, read the nonce from secrets.tdb or generate one if it's not there. Also populate the C_user field so we can use that for token creation. Signed-off-by: Kai Blin <kai@samba.org> The last 12 patches address bug #8290 (CSRF vulnerability in SWAT). This addresses CVE-2011-2522 (Cross-Site Request Forgery in SWAT). (cherry picked from commit a4922192d9b95e79bb31c54ca820a9b876a1bbe9)
* s3 swat: Add time component to XSRF tokenKai Blin2011-07-262-5/+25
| | | | | Signed-off-by: Kai Blin <kai@samba.org> (cherry picked from commit 0b811f5b825637b2ecb0450d24dc6b3425ad05a8)
* s3 swat: Add XSRF protection to printer pageKai Blin2011-07-261-10/+18
| | | | | Signed-off-by: Kai Blin <kai@samba.org> (cherry picked from commit deb66470413780c93656294a1dca40f8cc1bada8)
* s3 swat: Add XSRF protection to password pageKai Blin2011-07-261-3/+8
| | | | | Signed-off-by: Kai Blin <kai@samba.org> (cherry picked from commit e4e6195701d761326ad5f2dbb63aeb71b0dc7971)
* s3 swat: Add XSRF protection to shares pageKai Blin2011-07-261-5/+13
| | | | | Signed-off-by: Kai Blin <kai@samba.org> (cherry picked from commit 9839935c29ec0ab522994436e6e89939696409de)
* s3 swat: Add XSRF protection to globals pageKai Blin2011-07-261-0/+7
| | | | | Signed-off-by: Kai Blin <kai@samba.org> (cherry picked from commit 6ea5fac27f2fef35ea12c24250948e00245aacee)
* s3 swat: Add XSRF protection to wizard pageKai Blin2011-07-261-1/+8
| | | | | Signed-off-by: Kai Blin <kai@samba.org> (cherry picked from commit d499c09fc7bf6d86e9694bc8dc60b96c80d94c35)
* s3 swat: Add XSRF protection to wizard_params pageKai Blin2011-07-261-0/+7
| | | | | Signed-off-by: Kai Blin <kai@samba.org> (cherry picked from commit 4b64b7e57d729df996d0734444415f12c066b89f)
* s3 swat: Add XSRF protection to viewconfig pageKai Blin2011-07-261-0/+7
| | | | | Signed-off-by: Kai Blin <kai@samba.org> (cherry picked from commit b25d00e3c1ff91e7ec5f56ec2ad0d6b3d635d1e3)
* s3 swat: Add XSRF protection to status pageKai Blin2011-07-261-0/+7
| | | | | Signed-off-by: Kai Blin <kai@samba.org> (cherry picked from commit 8af2d4c60a9bad18ef1b37d4034f11c6008efcfa)
* s3 swat: Add support for anti-XSRF tokenKai Blin2011-07-262-0/+59
| | | | | Signed-off-by: Kai Blin <kai@samba.org> (cherry picked from commit 69ebd0eee88b1b4b8e29a7620e01c8d9c89b452a)
* s3 swat: Allow getting the user's HTTP auth passwordKai Blin2011-07-262-0/+10
| | | | | Signed-off-by: Kai Blin <kai@samba.org> (cherry picked from commit dffaf0ed0bb7f38c23f15b0b128a5eb39a55a813)
* s3 swat: Fix possible XSS attack (bug #8289)Kai Blin2011-07-261-12/+2
| | | | | | | | | | | | Nobuhiro Tsuji of NTT DATA SECURITY CORPORATION reported a possible XSS attack against SWAT, the Samba Web Administration Tool. The attack uses reflection to insert arbitrary content into the "change password" page. This patch fixes the reflection issue by not printing user-specified content on the website anymore. Signed-off-by: Kai Blin <kai@samba.org> (cherry picked from commit 05fa09be5a801baa5d35014e2f54b46c1ff5466b)
* s3:nmbd_packets: return the used number of sockets in create_listen_fdset() ↵Stefan Metzmacher2011-07-041-1/+1
| | | | | | | | | | | | (bug #8276) Fix bug #7949 (DoS in Winbind and smbd with many file descriptors open) (commit feb3fcd0fa4bda0967b881315595d7702f4d1752) changed the bahavior, so that we skipped some sockets. This should work for v3-4-test. metze
* s3: increase the log level for missing PIDs on SIGCHLDDavid Disseldorp2011-06-271-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | Since the fix for bso#7836, the parent smbd is responsible for maintaining an up-to-date printcap cache. It does this by forking a child process to asynchronously fetch printcap data from CUPS. When the child process exits after fetching all printcap data, the parent smbd is sent SIGCHLD. This triggers smbd_sig_chld_handler() which looks for the exited process PID on a "children" list. Child smbd process PIDs are added to the "children" list to ensure cleanup on unclean shutdown and log level change notification messages. Printcap update process PIDs are not added to the list as they do not maintain any state that requires cleanup, nor do they wait on tevent for messages. Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Thu Feb 17 11:11:45 CET 2011 on sn-devel-104 (cherry picked from commit 9c12232f1ae36e00d04114ad73edd8ba3c2c6a5c) Fix bug #8269 (smbd spams log with "Could not find child X -- ignoring" messages). (cherry picked from commit ba118ac287d49267dd2f346d4ddd2e590ebbe653)
* s3-libnet: fix bug #6364: Pull realm from supplied username on libnet joinJim McDonough2011-05-261-0/+7
|
* s3-printing: remove duplicate cups response processing codeDavid Disseldorp2011-05-261-147/+94
| | | | | | | | There is currently a lot of duplicate code included for processing responses to CUPS_GET_PRINTERS and CUPS_GET_CLASSES requests. This change splits this code into a separate function. Signed-off-by: Günther Deschner <gd@samba.org>
* s3-printing: use printcap IDL for IPCDavid Disseldorp2011-05-262-129/+108
| | | | | | | | | | Use printcap IDL for marshalling and unmarshalling messages between cups child and parent smbd processes. This simplifies the IPC and ensures the parent is notified of cups errors encountered by the child. https://bugzilla.samba.org/show_bug.cgi?id=7994 Signed-off-by: Günther Deschner <gd@samba.org>
* idl: define printcap IPC message formatDavid Disseldorp2011-05-265-1/+222
| | | | Signed-off-by: Günther Deschner <gd@samba.org>
* s3-printing: an empty cups printer list is treated as an errorDavid Disseldorp2011-05-261-6/+17
| | | | | | | | | | | | | | | | cups_async_callback() is called to receive new printcap data from a child process which requests the information from cupsd. Newly received printcap information is stored in a temporary printcap cache (tmp_pcap_cache). Once the child process closes the printcap IPC file descriptor, the system printcap cache is replaced with the newly populated tmp_pcap_cache, however this only occurs if tmp_pcap_cache is non null (has at least one printer). If the printcap cache is empty, which is the case when cups is not exporting any printers, the printcap cache is not replaced resulting in stale data. Signed-off-by: Günther Deschner <gd@samba.org>
* s3-printing: remove pcap_cache_loaded assertsDavid Disseldorp2011-05-232-4/+0
| | | | | | | | | | | | | | | | | pcap_cache_loaded() assertions were added to the (re)load_printers() functions, to ensure the caller had called pcap_cache_reload() prior to reloading printer shares. The problem is, pcap_cache_loaded() returns false if the the pcap_cache contains no printer entries. i.e. pcap_cache_reload() has run but not detected any printers. Remove these assertions, correct call ordering is already enforced. Signed-off-by: Günther Deschner <gd@samba.org> The last 3 patches address bug #7836 (A newly added printer isn't visbile to clients).
* Revert "Revert "s3-printing: update parent smbd pcap cache""David Disseldorp2011-05-233-2/+19
| | | | | | This reverts commit ad450870eacb114b3f15941a4478ba25701e035a. Signed-off-by: Günther Deschner <gd@samba.org>
* Revert "Revert "s3-printing: reload shares after pcap cache fill""David Disseldorp2011-05-236-26/+50
| | | | | | This reverts commit 36ea03bbe28122ce03de4969e254dd276cfe5a79. Signed-off-by: Günther Deschner <gd@samba.org>
* VERSION: Bump version number up to 3.4.14.Karolin Seeger2011-04-211-1/+1
| | | | Karolin
* s3-cli_pipe: fix timeout in rpc_pipe_open_tcp_port().Günther Deschner2011-04-141-1/+1
| | | | | | | | | | | | | | | | Make sure we use a timeout of 60 seconds, not 60 milliseconds... This prevented us from successfully using the ncacn_ip_tcp client in a lot of places, I guess. Guenther Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Wed Apr 13 18:59:19 CEST 2011 on sn-devel-104 (cherry picked from commit 4b3fe5247a6e16b1ad9f05269e9aa00e3120e36a) Fix bug #8085 - incorrect timeout handling in ncacn_ip_tcp client code. (cherry picked from commit d7d39c723e1855a3d18813e8a79fcca9770b0142)
* VERSION: Bump version number up to 3.4.13.Karolin Seeger2011-02-281-1/+1
| | | | | Karolin (cherry picked from commit 7afb216d1d25c1269dcf63f845bebde9a989caa2)
* VERSION: Bump version number up to 3.4.12.Karolin Seeger2011-02-281-1/+1
| | | | | Karolin (cherry picked from commit 8da98df066bcfc8a47a83615788a55206075ad2b)
* Fix denial of service - memory corruption.Jeremy Allison2011-02-2815-8/+117
| | | | | | | | | | | | | | | | | | | | | | | CVE-2011-0719 Fix bug #7949 (DoS in Winbind and smbd with many file descriptors open). All current released versions of Samba are vulnerable to a denial of service caused by memory corruption. Range checks on file descriptors being used in the FD_SET macro were not present allowing stack corruption. This can cause the Samba code to crash or to loop attempting to select on a bad file descriptor set. A connection to a file share, or a local account is needed to exploit this problem, either authenticated or unauthenticated (guest connection). Currently we do not believe this flaw is exploitable beyond a crash or causing the code to loop, but on the advice of our security reviewers we are releasing fixes in case an exploit is discovered at a later date. (cherry picked from commit 43babef991feedbe2acb77d27254d302ab107fa8)
* s3: Fix connecting to port-139 only serversVolker Lendecke2011-01-231-3/+5
| | | | | | | | When the TCP RST came before the 5 msecs timeout kicked in, we viewed this as final, as state->req_139 was not set yet. Fix bug introduced by a fix for bug #7881 (winbind flaky against w2k8). (cherry picked from commit f2a19b87725f9318e983dff6358a3eee721bff08)
* VERSION: Raise version number up to 3.4.11.Karolin Seeger2011-01-221-1/+1
| | | | Karolin
* Revert "s3-printing: update parent smbd pcap cache"Karolin Seeger2011-01-153-19/+2
| | | | This reverts commit 2c2ce9caead5a13edb582313b7d36c7eb12a09fb.
* Revert "s3-printing: reload shares after pcap cache fill"Karolin Seeger2011-01-156-50/+26
| | | | | | This reverts commit 9bc0cd243ac66126d42905dd8710d078094e0cd7. This commit seems to break 'make test'.
* s3-rpcclient: Fix bug #7880: cmd_spoolss_deletedriver() returned without ↵Björn Baumbach2011-01-151-1/+5
| | | | | | | | | | | | | checking all architectures. Continues now with next architecture if no driver is available. Because of the broken behavior of the rpccli_*() functions, we need special error code handling. Signed-off-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit f5af66e67d7c6d62315671c0cf57f47973316226) (cherry picked from commit dc63f45b523deb5c3d0c4be4239507e5fc4f6a40)
* s3-printing: update parent smbd pcap cacheDavid Disseldorp2011-01-153-2/+19
| | | | | | | | | | | | | | | | | If a client connects to a samba share and while connected a printer is added, the client will see the new printer share after a maximum of 'printcap cache time' seconds. smbd's forked for new client connections inherit printcap information from the parent (listener) smbd, which does not perform updates on printcap cache time expiry. Therefore newly connected clients may initially be presented with stale printer shares. Add a housekeeping function to the parent smbd to ensure newly connected clients see up to date printer shares. The last 2 patches address bug #7836 (A newly added printer isn't visbile to clients).
* s3-printing: reload shares after pcap cache fillDavid Disseldorp2011-01-156-26/+50
| | | | | | | | | | | | | | | | Since commit eada8f8a, updates to the cups pcap cache are performed asynchronously - cups_cache_reload() forks a child process to request cups printer information and notify the parent smbd on completion. Currently printer shares are reloaded immediately following the call to cups_cache_reload(), this occurs prior to smbd receiving new cups pcap information from the child process. Such behaviour can result in stale print shares as outlined in bug 7836. This fix ensures print shares are only reloaded after new pcap data has been received. Pair-Programmed-With: Lars Müller <lars@samba.org>
* s3-dns Don't use DELEG_FLAG in DNS update, Windows 2008R2 does not like it ↵Andrew Bartlett2011-01-151-1/+1
| | | | | | | | (cherry picked from commit 280caa6b3bb1199939f9349ea5a436a491c81791) The last 2 patches address bug #7356 (net ads dns register fails in 2008 R2 domain). (cherry picked from commit 6857b749229cc72c604ab5646a4bae5f09b72e11)
* s3-dns Don't use SEQUENCE_FLAG in DNS update, Windows 2008R2 does not like itAndrew Bartlett2011-01-151-1/+1
| | | | | | Andrew Bartlett (cherry picked from commit 0f1cc889a26477e9a98629f120fe5890b2e106fa) (cherry picked from commit 2b463484cc7bb80cdfb6727ab9e5a873faff5ec8)
* VERSION: Bump version number.Karolin Seeger2011-01-111-1/+1
| | | | Karolin
* s3-nmbd: Fix bug #7875Björn Baumbach2011-01-111-2/+2
| | | | | nmbd --port didn't work (cherry picked from commit 79280c99f67c3a3bfb1873b373ec181fa402f18c)
* s3:lib/netapi: don't set SAMR_FIELD_FULL_NAME if we just want to set the ↵Stefan Metzmacher2011-01-081-3/+0
| | | | | | | | | | | account name (bug #7896) metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Thu Dec 30 18:09:13 CET 2010 on sn-devel-104 (cherry picked from commit f1d15ea54c313e71fc032b2ed191bdecad868858) (cherry picked from commit c6a0971b3790253a906b370562237479d273bb94)
* s3: Fix bug 7066 -- wbcAuthenticateEx gives unix timesVolker Lendecke2010-12-311-3/+3
| | | | | | We might eventually want to change this, but right now we get unix times out of the winbind pipe struct (cherry picked from commit 993923880e213136de89b5b8d59f6f32a51b94b7)
* ѕ3/configue: set Tru64 cc's PIC switch right (none)Björn Jacke2010-12-311-1/+3
| | | | | | | | | -fPIC made shared library builds fail there Fixes #7821 (cherry picked from commit dbcf73c45782c310cb7ff1f2177d410399e2f06d) (cherry picked from commit 83eb2e9aef40e5e838d2654298e281ad3ec98af3)
* Fix bug #7892 - open_file_fchmod() leaves a stale lock.Jeremy Allison2010-12-314-47/+11
|
* s3: Use smbsock_any_connect in winbindVolker Lendecke2010-12-261-45/+13
| | | | The last 8 patches address bug #7881 (winbind flaky against w2k8).
* s3: Retry *SMBSERVER in nb_connectVolker Lendecke2010-12-261-2/+47
|
generated by cgit (git 2.34.1) at 2025-08-28 22:11:30 +0000