summaryrefslogtreecommitdiffstats
path: root/source
Commit message (Collapse)AuthorAgeFilesLines
* s3 swat: Add XSRF protection to password pageKai Blin2011-07-241-3/+8
| | | | Signed-off-by: Kai Blin <kai@samba.org>
* s3 swat: Add XSRF protection to shares pageKai Blin2011-07-241-5/+13
| | | | Signed-off-by: Kai Blin <kai@samba.org>
* s3 swat: Add XSRF protection to globals pageKai Blin2011-07-241-0/+7
| | | | Signed-off-by: Kai Blin <kai@samba.org>
* s3 swat: Add XSRF protection to wizard pageKai Blin2011-07-241-1/+8
| | | | Signed-off-by: Kai Blin <kai@samba.org>
* s3 swat: Add XSRF protection to wizard_params pageKai Blin2011-07-241-0/+7
| | | | Signed-off-by: Kai Blin <kai@samba.org>
* s3 swat: Add XSRF protection to viewconfig pageKai Blin2011-07-241-0/+7
| | | | Signed-off-by: Kai Blin <kai@samba.org>
* s3 swat: Add XSRF protection to status pageKai Blin2011-07-241-0/+7
| | | | Signed-off-by: Kai Blin <kai@samba.org>
* s3 swat: Add support for anti-XSRF tokenKai Blin2011-07-242-0/+59
| | | | Signed-off-by: Kai Blin <kai@samba.org>
* s3 swat: Allow getting the user's HTTP auth passwordKai Blin2011-07-242-0/+10
| | | | Signed-off-by: Kai Blin <kai@samba.org>
* s3 swat: Fix possible XSS attack (bug #8289)Kai Blin2011-07-241-12/+2
| | | | | | | | | | | | | Nobuhiro Tsuji of NTT DATA SECURITY CORPORATION reported a possible XSS attack against SWAT, the Samba Web Administration Tool. The attack uses reflection to insert arbitrary content into the "change password" page. This patch fixes the reflection issue by not printing user-specified content on the website anymore. Signed-off-by: Kai Blin <kai@samba.org> CVE-2011-2694.
* VERSION: Bump version number up to 3.3.16.Karolin Seeger2011-07-241-1/+1
| | | | Karolin
* Fix denial of service - memory corruption.Karolin Seeger2011-02-2720-21/+171
| | | | | | | | | | | | | | | | | | | | | | CVE-2011-0719 Fix bug #7949 (DoS in Winbind and smbd with many file descriptors open). All current released versions of Samba are vulnerable to a denial of service caused by memory corruption. Range checks on file descriptors being used in the FD_SET macro were not present allowing stack corruption. This can cause the Samba code to crash or to loop attempting to select on a bad file descriptor set. A connection to a file share, or a local account is needed to exploit this problem, either authenticated or unauthenticated (guest connection). Currently we do not believe this flaw is exploitable beyond a crash or causing the code to loop, but on the advice of our security reviewers we are releasing fixes in case an exploit is discovered at a later date.
* VERSION: Bump version number up to 3.3.15.Karolin Seeger2011-02-271-1/+1
| | | | Karolin
* Fix bug #7669.Jeremy Allison2010-09-094-5/+23
| | | | | | | | | | | | | | | | | | | | | | | | Fix bug #7669 (buffer overflow in sid_parse() in Samba3 and dom_sid_parse in Samba4). CVE-2010-3069: =========== Description =========== All current released versions of Samba are vulnerable to a buffer overrun vulnerability. The sid_parse() function (and related dom_sid_parse() function in the source4 code) do not correctly check their input lengths when reading a binary representation of a Windows SID (Security ID). This allows a malicious client to send a sid that can overflow the stack variable that is being used to store the SID in the Samba smbd server. A connection to a file share is needed to exploit this vulnerability, either authenticated or unauthenticated (guest connection).
* VERSION: Raise version number up to 3.3.14.Karolin Seeger2010-09-091-1/+1
| | | | Karolin
* VERSION: Raise version number up to 3.3.13.Karolin Seeger2010-06-111-1/+1
| | | | Karolin
* s3-smbd: Fix memory corruption vulnerability.Jeremy Allison2010-06-111-0/+12
| | | | | Fix bug #7494 (Buffer overrun possible in chain_reply code in 3.3.x and below.) and address CVE-2010-2063.
* Revert "Fix bug #7067 - Linux asynchronous IO (aio) can cause smbd to fail ↵samba-3.3.12Karolin Seeger2010-03-083-71/+5
| | | | | | | | to respond to a read or write." This reverts commit 153357b9bb4d70a168c81cb9ff2da437eae823fc. This fixes bug #7222 (All users have full rigths on all shares) (CVE-2010-0728).
* VERSION: Raise version number up to 3.3.12.Karolin Seeger2010-03-081-1/+1
| | | | Karolin
* s3:winbind: Fix bug 5626Volker Lendecke2010-02-243-29/+23
| | | | | Apparently the AIX compiler can't deal with sizeless array declarations (cherry picked from commit dd4194bc43cc5efd7517783e5e524d252d1f82c7)
* s3:winbindd: never mark external domains as internal!Stefan Metzmacher2010-02-241-4/+1
| | | | | | | | | | | This way we can endup with silently using builtin_passdb_methods for an ad domain without an inbound trust. This fixes bug #7170. metze (cherry picked from commit f924b7749280b31ece19885de1c3ad1bd71942ac) (cherry picked from commit 40f359476d7ec3aec252f79bd2127dd08b305a9f)
* Fix bug #7122 - Reading a large browselist fails (server returns invalid ↵Jeremy Allison2010-02-242-2/+5
| | | | | | | | | | | | | | | | | values in subsequent SMBtrans replies) There are two problems: 1). The server is off-by-one in the end of buffer space test. 2). The server returns 0 in the totaldata (smb_vwv1) and totalparams (smb_vwv0) fields in the second and subsequent SMBtrans replies. This patch fixes both. Jeremy. (similar to commit b07a14dc37d2899f662e1cf87064f99c0bd10b25) Signed-off-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit de658f95ea12d4c532f309634b9aedb09c5e4d1d)
* Fix off-by-one error in working out the limit of the NetServerEnum comment.Jeremy Allison2010-02-241-1/+1
| | | | | | | | Jeremy. (cherry picked from commit 9ad6f432f3f5844b4b419e7cbaf3c3e70b052d29) Signed-off-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 8cac1af47cad9d40b0ab86cda3674f4420507008)
* s3:smbd: Fix really ugly bool vs. int bug!!!Stefan Metzmacher2010-02-241-1/+1
| | | | | | | | | | A comparison function for qsort needs to return an 'int'! Otherwise you'll get random results depending on the compiler and the architecture... metze (cherry picked from commit 1686a5e7e7eb1b411b003cbbde5c0d28741c6d02) (cherry picked from commit 5d4d547b901986cff378f640e9e22931d77c61b8)
* s3:libsmb: fix NetServerEnum3 rap calls.Stefan Metzmacher2010-02-241-5/+19
| | | | | | metze (cherry picked from commit 9b5198dd443a00fdad4faa1f9cdabedd81012d93) (cherry picked from commit 98399a69d6fc3d30c899588c8846ce19ef974fa3)
* Fix bug #7154 - mangling method = hash can crash storing a name not ↵Jeremy Allison2010-02-241-3/+5
| | | | | | | | | | | containing a '.' Fix use of uninitialized variable. This can lead to crashes if mangling = hash processes names with no '.'. Jeremy. (cherry picked from commit df13b1303a751962d8f7d5298b39e4a7500fef15) (cherry picked from commit e904ccd25a3b7050a8d1895c9535e42abd0b4d07)
* Fix bug #7155 - valgrind Conditional jump or move depends on uninitialised ↵Jeremy Allison2010-02-241-0/+1
| | | | | | | | | | | | value(s) error when "mangling method = hash" The charset array allocated in init_chartest() is allocated by MALLOC, but only some elements of it being set after allocation. Fix is to memset to zero after allocation. Jeremy. (cherry picked from commit a4e8210ba7d6d471cb9f17754244393b9c1e5930) (cherry picked from commit 80d9663b3635ed7b2e9b3308d27aed08cd1f38fb)
* Fix bug #6557 - Do not work VFS full_auditJeremy Allison2010-02-241-18/+16
| | | | | | | | | | | | Re-arrange the operations order so SMB_VFS_CONNECT is done first as root (to allow modules to correctly initialize themselves). Reviewed modules to check if they needed CONNECT invoked as a user (which we previously did) and it turns out any of them that cared needed root permissions anyway. Jeremy. (cherry picked from commit 20b6d0406f0f72895f99636beee7a370195147fd)
* Fixes issue with preexec scripts creating a share directory, and problems if ↵Jeremy Allison2010-02-243-29/+68
| | | | | | | | | | | | | | | | | | a smb.conf reload turns wide links back on after a connection is establised. Includes git refs : cd18695fc2e4d09ab75e9eab2f0c43dcc15adf0b 94865e4dbd3d721c9855aada8c55e02be8b3881e 5d92d969dda450cc3564dd2265d2b042d832c542 02a5078f1fe6285e4a0b6ad95a3aea1c5bb3e8cf a6f402ad87ff0ae14d57d97278d67d0ceaaa1d82 from master. Jeremy. Fix bug #7104 ("wide links" and "unix extensions" are incompatible.) (cherry picked from commit ce04bf60499104c166657df959e4033573b5be5c)
* Fix bug 7104 - "wide links" and "unix extensions" are incompatible.Jeremy Allison2010-02-244-39/+10
| | | | | | | | | | | | | | | | Change parameter "wide links" to default to "no". Ensure "wide links = no" if "unix extensions = yes" on a share. Fix man pages to refect this. Remove "within share" checks for a UNIX symlink set - even if widelinks = no. The server will not follow that link anyway. Correct DEBUG message in check_reduced_name() to add missing "\n" so it's really clear when a path is being denied as it's outside the enclosing share path. Jeremy. (cherry picked from commit c1b05ae4febfba1a419eee0d04c3886de9f5fee0)
* s3: Fix an uninitialized variable referenceVolker Lendecke2010-02-241-1/+2
| | | | | Fix bug #5885 (swat prints a bogus ip-address in smb.conf). (cherry picked from commit 22ca62f7bb268e3695458d6105b847685112ec0f)
* s3: Fix malformed require_membership_of_sid.Bo Yang2010-02-241-0/+12
| | | | | | | Signed-off-by: Bo Yang <boyang@samba.org> Fix bug #7106. (cherry picked from commit 0ee0ba83dcd9726244b07c1747e0676a74e1d82f)
* s3:libsmb: don't reuse the callers stype variable in cli_NetServerEnum()Stefan Metzmacher2010-02-241-2/+3
| | | | | | | | | | | | | When we need to do more than one network operation to get the browse list we need to use the same 'stype' value each time. metze (cherry picked from commit c2e4746fa9d68e7601e8e90cc0144d2e65a695b6) Signed-off-by: Stefan Metzmacher <metze@samba.org> Fix bug #7098 (smbclient -L gives wrong results with a large browse list). (cherry picked from commit f6484f7febd853122d4b91e52ee896d70686d9d2)
* Fix bug #7072 - Accounts can't be unlocked from ldap.Jeremy Allison2010-02-241-8/+17
| | | | | | | | | | | | | | | | Fix suggested by Andy Hanton <andyhanton@gmail.com>. The LOGIN_CACHE struct contains two time_t entries, but was being written to and read from via tdb_pack/tdb_unpack functions using explicit 32-bit int specifiers. This would break on machines with a 64-bit time_t. Use correct int sizes for tdb_pack/tdb_unpack. We have to fix this properly before 2037 :-). Contains fixes from master 627fb85092f728065b6d772c41aeb75018154e86 and 69fd8461b8792f4fee1b61db03953044565492c6. Jeremy. (cherry picked from commit 0b36486fa7d2689635018c2fc883860251dc8066)
* Fix bug #7067 - Linux asynchronous IO (aio) can cause smbd to fail to ↵Jeremy Allison2010-02-243-5/+71
| | | | | | | | | | | | respond to a read or write. Only works on Linux kernels 2.6.26 and above. Grants CAP_KILL capability to allow Linux threads under different euids to send signals to each other. Same as mater commit 899bd0005f56dcc1e95c3988d41ab3f628bb15db. Jeremy. (cherry picked from commit cbf09baa90f5c4cfa8a0019ccc79211d72d13629)
* VERSION: Raise version up to 3.3.11.Karolin Seeger2010-02-241-1/+1
| | | | | Karolin (cherry picked from commit 7242d5ac288b88e151b368ae7d6fc623f60968da)
* s3: Fix a crash in libsmbclient used against the OpenSolaris CIFS serverVolker Lendecke2010-02-241-1/+1
| | | | | | | | | A user has sent me a sniff where the OpenSolaris CIFS server returns "32" in totalentries, but the array in ctr only contains 15 entries. Look at the right delimiter for walking the array. Fix bug #7046 (libsmbclient crash against OpenSolaris CIFS server). (cherry picked from commit 1d611028433db18e96d946b206a8eed1048f9b26)
* Fix bug 7045 - Bad (non memory copying) interfaces in smbc_setXXXX calls.Jeremy Allison2010-02-242-10/+31
| | | | | | | | | | | | | | | In smbc_free_context libsmbclient just called free() on the string options so it assumes the callers have malloced them before setting them via smbc_set calls. Change to correctly malloc/free string options to the library. Protect against SMB_STRDUP of null. Contains 2d41b1ab78639abe4ae030ff482573f464564dd7 and f85b6ee90b88c7f7b2a92c8a5f3e2ebe59c1087b from master. Jeremy (cherry picked from commit edc44312f76e14e94c56e70cf7bb49139f9f081e)
* s3-libsmbclient: Fix crash bug in SMBC_parse_path().Günther Deschner2010-02-241-1/+1
| | | | | | | | | | | | Patch from Tim Waugh <twaugh@redhat.com>. This resolves https://bugzilla.redhat.com/show_bug.cgi?id=552658 LIBSMBCLIENT-OPENDIR torture test checks this as well. Guenther Fix bug #7043 (SIGSEGV in "SMBC_parse_path"). (cherry picked from commit 07263901632bb98851d86dc0ba1d2dc22735c020)
* Fix bug #7036 - net rpc getsid fails in hardened windows environments.Jeremy Allison2010-02-241-1/+7
| | | | | Fix suggested by Dave.Daugherty@Centrify.com. (cherry picked from commit a92d42cf8ae37fe579061f762af601dc49ed71af)
* s3:configure: only check for gpfs_gpl.hStefan Metzmacher2010-01-141-25/+5
| | | | | | | | | | | | | The header is everything we need in order to build vfs_gpfs. metze Signed-off-by: Michael Adam <obnox@samba.org> (cherry picked from commit ee13e9c0becc2b4a4d3b233613d5e3e9bfb54938) Fix bug #6856. (cherry picked from commit b71f0e5f6f715d7c061d3a845f1e983e2472c1b0) (cherry picked from commit 3f0de150f64f93c7874290160359a89b518864b5)
* s3:pdb_ldap: restore Samba 3.0.x behavior and use the first "uid" value.Stefan Metzmacher2010-01-131-1/+1
| | | | | | | | | See bug #6157 for more details. metze Signed-off-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 25806f43ddee7e2653e907eea2c6fcc075960fa1)
* s3:smbldap: add smbldap_talloc_first_attribute()Stefan Metzmacher2010-01-132-0/+37
| | | | | | | metze Signed-off-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit c992127f8a96c37940a6d298c7c6859c47f83d9b)
* smbd: Fix opening the quota magic fileStefan Metzmacher2010-01-131-5/+10
| | | | | | | This fixes bug #6642 and bug #6919. metze (cherry picked from commit c30bd2f2ac1c79a4c3893b2c28e0ba7997685c01)
* s3:smbd: Fix bug 6696Timothy Miller2010-01-131-1/+1
| | | | | smbd crashes when using mdns (not avahi) support (cherry picked from commit b6ce8928e88d92c5a5d703b52e6dc95a5c79d732)
* Second part of fix for bug 6696 - smbd 3.3.7 crashes (signal 11) in ↵Jeremy Allison2010-01-131-0/+6
| | | | | | dns_register_smbd_reply. Restore the code from 3.2 that actually initializes the struct dns_reg_state handle. Jeremy. (cherry picked from commit b87c794f99d7909e907b1d115c317bebd55984ed)
* Re-fix bug 5202 - cannot change ACLs on writable file with "dos filemode=yes"Jeremy Allison2010-01-131-0/+3
| | | | | | | | | | | | | | | | This bug re-occurred for 3.3.x and above. The reason is that to change a NT ACL we now have to open the file requesting WRITE_DAC and WRITE_OWNER access. The mapping from POSIX "w" to NT permissions in posix_acls doesn't add these bits when "dos filemode = yes", so even though the permission or owner change would be allowed by the POSIX ACL code, the NTCreateX call fails with ACCESS_DENIED now we always check NT permissions first. Added in the mapping from "w" to WRITE_DAC and WRITE_OWNER access. Jeremy. (cherry picked from commit 9bd957580360ed7a0f98b02d1e03d7fcaf8a878e)
* Prevent NULL dereference if group has no membersJim McDonough2010-01-131-4/+4
| | | | | Fix bug #7014 (domain mode winbind crashes retriveing empty group members). (cherry picked from commit 5fd32614f147a045aaee30ed9cf62e42ac6e30d8)
* Fix bug 7005 - mangle method = hash truncates files with dot '. ' characterJeremy Allison2010-01-131-0/+9
| | | | | | | | Don't change the contents of a const string via a pointer alias (or if you do, change it back.....). Jeremy. (cherry picked from commit e3be5ddae764fae7ff4a3ef502e8461d0535bdc5)
* Fix bug #6939 - mangling method = hash breaks long filenames.Jeremy Allison2010-01-131-1/+4
| | | | | | | | We were returning the wrong sense of the bool. must_mangle() has to return !NT_STATUS_IS_OK, not NT_STATUS_IS_OK. Jeremy. (cherry picked from commit f249d2d5893a3f8494e43fd1a805c78cee8eeec5)
generated by cgit (git 2.34.1) at 2024-09-25 01:02:50 +0000