summaryrefslogtreecommitdiffstats
path: root/source
Commit message (Collapse)AuthorAgeFilesLines
* Fix for CVE-2009-2906.samba-3.0.37v3-0-stableJeremy Allison2009-09-302-4/+17
| | | | | | | | Summary: Specially crafted SMB requests on authenticated SMB connections can send smbd into a 100% CPU loop, causing a DoS on the Samba server.
* Fix for CVE-2009-2813.Karolin Seeger2009-09-282-2/+16
| | | | | | | | | | | | | | | =========================================================== == Subject: Misconfigured /etc/passwd file may share folders unexpectedly == == CVE ID#: CVE-2009-2813 == == Versions: All versions of Samba later than 3.0.11 == == Summary: If a user in /etc/passwd is misconfigured to have == an empty home directory then connecting to the home == share of this user will use the root of the filesystem == as the home directory. ===========================================================
* mount.cifs: don't leak passwords with verbose optionJeff Layton2009-09-281-20/+34
| | | | | | | | | | | | | | | | | | | | | | When running mount.cifs with the --verbose option, it'll print out the option string that it passes to the kernel...including the mount password if there is one. Print a placeholder string instead to help ensure that this info can't be used for nefarious purposes. Also, the --verbose option printed the option string before it was completely assembled anyway. This patch should also make sure that the complete option string is printed out. Finally, strndup passwords passed in on the command line to ensure that they aren't shown by --verbose as well. Passwords used this way can never be truly kept private from other users on the machine of course, but it's simple enough to do it this way for completeness sake. Reported-by: Ronald Volgers <r.c.volgers@student.utwente.nl> Signed-off-by: Jeff Layton <jlayton@redhat.com> Acked-by: Steve French <sfrench@us.ibm.com> Part 2/2 of a fix for CVE-2009-2948.
* mount.cifs: check access of credential files before openingJeff Layton2009-09-281-0/+11
| | | | | | | | | | | | | | | It's possible for an unprivileged user to pass a setuid mount.cifs a credential or password file to which he does not have access. This can cause mount.cifs to open the file on his behalf and possibly leak the info in the first few lines of the file. Check the access permissions of the file before opening it. Reported-by: Ronald Volgers <r.c.volgers@student.utwente.nl> Signed-off-by: Jeff Layton <jlayton@redhat.com> Acked-by: Steve French <sfrench@us.ibm.com> Part 1/2 of a fix for CVE-2009-2948.
* Raise version number up to 3.0.37.Karolin Seeger2009-09-241-1/+1
| | | | Karolin
* Makefile.in: Fix installation of cifs.upcall.samba-3.0.36Karolin Seeger2009-08-041-3/+3
| | | | | | | INSTALLPERMS_BIN does not exist. Karolin (cherry picked from commit 3bcbe4a70ee07c688c3b6a286aeeacc634659545)
* VERSION: Raise version number up to 3.0.36.Karolin Seeger2009-07-301-1/+1
| | | | | Karolin (cherry picked from commit d6c81c70c45348c86433dd64297e1a659535c155)
* Workaround for KB932762Volker Lendecke2009-07-301-1/+3
| | | | (cherry picked from commit a15c816ba5fd4dcedd68beb1fcb0540de325c1cb)
* Add comment explaining the previous fix. (and fix the previous patch :-).Jeremy Allison2009-07-301-1/+8
| | | | | | By-hand merge error :-). Jeremy. (cherry picked from commit 869b56a24a1408ea798682b45f9c297341f88ad5)
* Fix bug #6279 - winbindd crash. Cope with LDAP libraries returning ↵Jeremy Allison2009-07-301-0/+4
| | | | | | | LDAP_SUCCESS but not returning a result. Jeremy (cherry picked from commit 448d6cd32c793d04c3c509200bfaa75f466a0ee5)
* prevent segmentation fault on joining a very long domain name in samba-3.0.32Bhaskar Jain (bhajain)2009-07-301-1/+1
| | | | | | For a detailed explanation, see http://lists.samba.org/archive/samba-technical/2009-March/063626.html (cherry picked from commit a92280537071b5a9a9bc56fbeead14c6874d5a55)
* Get the sense of the integer wrap test the right way around. Sorry.Jeremy Allison2009-07-301-1/+1
| | | | | Jeremy. (cherry picked from commit bdf46ea491801cdf8ff6f42c0a1ef51080cfc410)
* Now we're allowing a lower bound for auth_len, ensure weJeremy Allison2009-07-301-1/+5
| | | | | | also check for an upper one (integer wrap). Jeremy. (cherry picked from commit f03bacbf695f877d27186a39755ae726a22a61c8)
* Complete the fix for bug 6100Volker Lendecke2009-07-301-1/+1
| | | | | | | | | | | | | | | | | | | According to [MS-RPCE].pdf, section 2.2.2.11: ---- A client or a server that (during composing of a PDU) has allocated more space for the authentication token than the security provider fills in SHOULD fill in the rest of the allocated space with zero octets. These zero octets are still considered to belong to the authentication token part of the PDU.<36> ---- RPC implementations are allowed to send padding bytes at the end of an auth footer. Windows 7 makes use of this. Thanks to Nick Meier <nmeier@microsoft.com> Volker (cherry picked from commit 7274d5691a339087f2770acf2f954830506f5cdc)
* Fix bug in processing of open modes in POSIX open.Jeremy Allison2009-07-301-0/+2
| | | | | | | | | | | Was missing case of "If file exists open. If file doesn't exist error." Damn damn damn. CIFSFS client will have to have fallback cases for this error for a long time. Make test for open modes more robust against other bits. Jeremy. (cherry picked from commit ac11d94f36e1878f3f5d86f2e7197fd8ecdd196b)
* Fix guest mountsSteve French2009-07-301-1/+3
| | | | | | | | | | guest session setup, login (user id) as anonymous. This patch is for samba bugzilla bug 4640. Signed-off-by: Shirish Pargaonkar <shirishp@us.ibm.com> Acked-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@samba.org> (cherry picked from commit a8f10f4469b31565e33669560657c2b3df68c13b)
* Fix mount.cifs handling of -V option (to display version)Steve French2009-07-301-196/+228
| | | | | | | | Also sync with current mount.cifs Acked-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@samba.org> (cherry picked from commit 510619be1897f1610d1a033c4e318002e077fdb2)
* prefer gssapi header files from subdirectoryBjörn Jacke2009-07-302-6/+6
| | | | | | | this fixes some compile time noise on FreeBSD 7 (cherry picked from commit 1bfdbb093f7c5e434ea3e653d389e1ccec578af6) (cherry picked from commit de96e1a82d6e92c00a0ab3020db8d7c0284aadb1) (cherry picked from commit b4fc28ddffa4f9a74ca72ee6c2d30f544de5360c)
* Attempt to fix bug #6099. According to MicrosoftJeremy Allison2009-07-302-26/+83
| | | | | | | | | | | Windows 7 looks at the negotiate_flags returned in this structure *even if the call fails with access denied ! So in order to allow Win7 to connect to a Samba NT style PDC we set the flags before we know if it's an error or not. Jeremy. (cherry picked from commit 194fdee65f91e8ea88196d2cff1c678f868bb3df)
* Noted by Vericode analysis. Correctly use chroot().Jeremy Allison2009-07-301-2/+9
| | | | | Jeremy. (cherry picked from commit 3086400b61ee3dda639c5520b539d4ff76e4d9c5)
* Fix bug #6098 - When the DNS server is invalid, the ads_find_dc() does not ↵Yasuma Takeda2009-07-301-2/+2
| | | | | | | | | | | | work correctly with "security = domain" 1. If DNS server is invalid, the get_sorted_dc_list() is called with realm(FQDN) and it fails. 2. On the next step, the get_sorted_dc_list() is called with realm(FQDN) again. I think "again" is wrong place. On the 2nd step, get_sorted_dc_list() should be called with realm(WORKGROUP). (cherry picked from commit 58331a118dd6a7fb56e70afe6cf93ef7cfff7e81)
* Fix bug #5906 - Winbindd crash on 'getent group' (INTERNAL ERROR: Signal 11).Jeremy Allison2009-07-301-2/+2
| | | | | | Was missed in the last maintenence release. Jeremy. (cherry picked from commit db4a435d235bedf48d668a0f4418dd46f38044ed)
* mount.cifs: add fakemount (-f) and nomtab (-n) flags to mount.cifsShirish Pargaonkar2009-07-301-5/+10
| | | | | ...so that these options work correctly when passed in by mount(8). (cherry picked from commit a894bd4504f070233dd2785a62483090581f5bf3)
* Don't try and delete a default ACL from a file.Günter Kukkukk2009-07-301-4/+8
| | | | (cherry picked from commit 04fc826efb290ba4b1f173752efb37a4b87281f2)
* umount.cifs: clean-up entries in /etc/mtab after unmountShirish Pargaonkar2009-07-301-1/+33
| | | | | | | | | This patch removes the remaining entry in /etc/mtab after a filesystem is unmounted by canonicalizing the mountpoint supplied on the command line. Please refer to bug 4370 in samba bugzilla. (cherry picked from commit df341bd2b83cc67e31d5b91ae39b4f4f7619ffd0)
* Fix bug #6085 - In vfs_default.c change utime( ) call.Miguel Suarez2009-07-301-1/+1
| | | | (cherry picked from commit 7a1408f89f1addff993d1e2dfb7462d12d0a2f48)
* Probably fixes a crash during name resolution when log level >= 10Ted Percival2009-07-301-1/+1
| | | | | | and libc segfaults if printf is passed NULL for a "%s" arg (eg. Solaris). (cherry picked from commit d3220d9d58477f2a6ef7a78c3cf05cb232b57aff)
* Adjust regex to match variable names including underscoresLars Müller2009-07-301-1/+1
| | | | | | This is required to get the CIFSUPCALL_PROGS setting extracted from config.log. (cherry picked from commit dbfdfd047e8e69942b3289733d300d716cdbec53)
* Conditional install of the cifs.upcall man pageLars Müller2009-07-301-0/+1
| | | | | | Only install the cifs.upcall man page if CIFSUPCALL_PROGS was set while configure. (cherry picked from commit fda450e4d6f9d2661235a3422c0db644a6c686b3)
* build: don't install the cifs.upcall binary twice.Günther Deschner2009-07-301-1/+1
| | | | | Guenther (cherry picked from commit 5202fa31b227d8dd9a3ddfab26f7933bfd349281)
* libreplace: fix detection of netinet/ip.h on solaris 8Michael Adam2009-07-301-1/+5
| | | | | | | (The test needs to additionally include <netinet/in_systm.h>.) Michael (cherry picked from commit 1868bfd40f7bf4caf9a31116111fa3a5169f4735)
* libreplace: fix bug #6066 - netinet/ip.h present but cannot be compiledMichael Adam2009-07-301-1/+4
| | | | | | | under solaris Michael (cherry picked from commit d09c9b459638242b9df53cc82a8849699d572486)
* Apply same logic fix for #4308 Excel save operation corrupts file ACLsJeremy Allison2009-07-301-45/+34
| | | | | | to NFSv4 ACL code as this uses the same flawed logic as posix_acls.c. Jeremy. (cherry picked from commit 11fbc11e396a300aed04a37d44411d287d4c17d3)
* Fix logic error in try_chown - we shouldn't arbitrarily chownJeremy Allison2009-07-301-6/+9
| | | | | | to ourselves unless that was passed in. Jeremy. (cherry picked from commit 60289187a91e23787be581b824076651230245b2)
* Second part of the attemt to fix #4308 - Excel save operation corrupts file ↵Jeremy Allison2009-07-301-124/+140
| | | | | | | | | ACLs. If the chown succeeds then the ACL set should also. Ensure this is the case (refactor some of this code to make it simpler to read also). Jeremy. (cherry picked from commit 08836722e63cfd6cfd88059dd3f10d98474f49cb)
* Another attempt to fix bug #4308 - Excel save operation corrupts file ACLs.Jeremy Allison2009-07-301-27/+0
| | | | | | | | | | | | | | | | | | | | | Simo is completely correct. We should be doing the chown *first*, and fail the ACL set if this fails. The long standing assumption I made when writing the initial POSIX ACL code was that Windows didn't control who could chown a file in the same was as POSIX. In POSIX only root can do this whereas I wasn't sure who could do this in Windows at the time (I didn't understand the privilege model). So the assumption was that setting the ACL was more important (early tests showed many failed ACL set's due to inability to chown). But now we have privileges in smbd, and we must always fail an ACL set when we can't chown first. The key that Simo noticed is that the CREATOR_OWNER bits in the ACL incoming are relative to the *new* owner, not the old one. This is why the old user owner disappears on ACL set - their access was set via the USER_OBJ in the creator POSIX ACL and when the ownership changes they lose their access. Patch is simple - just ensure we do the chown first before evaluating the incoming ACL re-read the owners. We already have code to do this it just wasn't rigorously being applied. Jeremy. (cherry picked from commit 9a95b6cac2dea88cb9e9b428292dfca9d1e3e801)
* VERSION: Raise version number to 3.0.35.samba-3.0.35Karolin Seeger2009-06-221-1/+1
| | | | Karolin
* Fix bug #6488.Jeremy Allison2009-06-221-0/+2
|
* Fix bug #6035 - Possible race between fcntl F_SETLKW and alarm delivery.Jeremy Allison2009-01-151-1/+1
| | | | | Jeremy. (cherry picked from commit 0b880a684356d5cc2c266c760994838910134eef)
* VERSION: Raise version number up to 3.0.34.Karolin Seeger2009-01-141-1/+1
| | | | | Karolin (cherry picked from commit d5e8b958c33491635a07be7b6ad84c0218d83aad)
* Fix bug #6019 File corruption in Clustered SMB/NFS environment managed via CTDBJeremy Allison2009-01-142-4/+4
| | | | | Jeremy. (cherry picked from commit 974262ba3e8226ec9805d38e602ec8d083e44f72)
* s3:libsmb: handle the smb signing states the same in the krb5 and ntlmssp casesStefan Metzmacher2009-01-131-16/+36
| | | | | | | | | | | | | | | | | | | | | | | | | | | | SMB signing works the same regardless of the used auth mech. We need to start with the temp signing ("BSRSPYL ") and the session setup response with NT_STATUS_OK is the first signed packet. Now we set the krb5 session key if we got the NT_STATUS_OK from the server and then recheck the packet. All this is needed to make the fallback from krb5 to ntlmssp possible. This commit also resets the cli->vuid value to 0, if the krb5 auth didn't succeed. Otherwise the server handles NTLMSSP packets as krb5 packets. The restructuring of the SMB signing code is needed to make sure the krb5 code only starts the signing engine on success. Otherwise the NTLMSSP fallback could not initialize the signing engine (again). metze (cherry picked from commit 7d9fd64f38aa5821b38c1223cf87979fc87bfb71) (cherry picked from commit 8e29070ccd0b5103af2e6da75644169f46700313) (cherry picked from commit 38b297f99ec166e5c40ba33774222b37b45b4fec) (a little bit modified to compile in v3-0) (cherry picked from commit db109da6b10a091593435e3f8b0d9adb57d3c972)
* VERSION: Remove git snapshot flag.Karolin Seeger2009-01-121-1/+1
| | | | Karolin
* Fix null pointer refrence in event context in backport from v3-3-testBo Yang2009-01-121-2/+6
| | | | | Signed-off-by: Bo Yang <boyang@novell.com> (cherry picked from commit 514dfc632ed35a80a175a4afbe9607aa4d913da3)
* Fix logic bug introduce in backport of ccache_regain_all_now, sync withJeremy Allison2009-01-121-16/+23
| | | | | | 3.3 implementation. Jeremy. (cherry picked from commit ab29d6c6d349352db017d3046aeaee59e33745f4)
* Backport of the clean event context after fork andBo Yang2009-01-126-164/+452
| | | | | krb5 refresh chain fixes. (cherry picked from commit 194425f8074e2cfd5893499099614666f8d8ecd9)
* Don't set child->requests to NULL in parent after forkBo Yang2009-01-121-1/+0
| | | | (cherry picked from commit a4438df44621ae37c13e5c5064cc3dc5e1371457)
* Fix race condition in alarm lock processing noticed by Richard Sharpe ↵Jeremy Allison2009-01-121-1/+1
| | | | | | | | | | | | | | | | <realrichardsharpe@gmail.com>. "It seems to me that if the lock is already held by another process when we enter this code, there is a race between the timeout and the granting. If the lock is subsequently granted, the process releasing the lock will signal the wait variable (or whatever) and our process will be scheduled. However, if the timeout occurs before we are scheduled, the timeout will be delivered first. We will have the lock but will forget we have the lock, and never release it." Jeremy. (cherry picked from commit 8904b83ce6c69db31dc2ce4c05e8e8ee3db5ec3b)
* s3/swat: Fix creation of the first share using SWAT.Volker Lendecke2009-01-121-1/+1
| | | | | | | This fixes bug #5965. (cherry picked from commit f76614169f1e0a932cf2895702cfa9e8a5735875) (cherry picked from commit 148437fcd0896591ebbf6c2808723575d025123f) (cherry picked from commit 3ee41667d7bb8358c80af24f78dbdd071fa9c765)
* Happy New Year!Stefan Metzmacher2009-01-121-1/+1
| | | | | metze (cherry picked from commit 041435d841b457f493c940e0281cd496b52fb7dc)
generated by cgit (git 2.34.1) at 2025-08-28 22:11:17 +0000