Kai Blin [Tue, 12 Jul 2011 06:08:24 +0000 (08:08 +0200)]
s3 swat: Create random nonce in CGI mode
In CGI mode, we don't get access to the user's password, which would
reduce the hash used so far to parameters an attacker can easily guess.
To work around this, read the nonce from secrets.tdb or generate one if
it's not there.
Also populate the C_user field so we can use that for token creation.
Kai Blin [Thu, 7 Jul 2011 08:03:33 +0000 (10:03 +0200)]
s3 swat: Fix possible XSS attack (bug #8289)
Nobuhiro Tsuji of NTT DATA SECURITY CORPORATION reported a possible XSS attack
against SWAT, the Samba Web Administration Tool. The attack uses reflection to
insert arbitrary content into the "change password" page.
This patch fixes the reflection issue by not printing user-specified content on
the website anymore.
and ensure they are called whenever we are operating on smb_ucs2_t
variables. I'd like to make the definition of smb_ucs2_t incompatible
with int and codepoint_t so they can't be mixed, but that's a patch
for another time.
s3:smb2_create: use smbd_calculate_access_mask() instead of smbd_check_open_rights()
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Mon Jul 11 22:45:01 CEST 2011 on sn-devel-104
(cherry picked from commit f5d320ac0fb74d4ad95a03969366096e9b074379)
The last 10 patches address bug #8102 (domuser can change ACL from his files
over the network).
We can't allow open with access that has been denied via the share
security descriptor
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue Jul 5 16:21:54 CEST 2011 on sn-devel-104
(cherry picked from commit 4deca5d72804a40e68158a1183f5633dabf24761)
s3:smb2_server: add some comments about change_to_user() and change_to_root_user()
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Jul 8 13:45:46 CEST 2011 on sn-devel-104
(cherry picked from commit dbfb88aef30a755c29015bff4699eb17925a4988)
The last 3 patches address bug #8292 (Disable SMB2 for 3.6).
s3:smb2_server: there's no reason to check the session id twice on a smb2_tcon request
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Mon Jul 4 17:34:13 CEST 2011 on sn-devel-104
(cherry picked from commit 7c96e96e9881ec1ad7b41f0ab241a5b0ac17b93f)
Jeremy Allison [Thu, 7 Jul 2011 21:59:41 +0000 (14:59 -0700)]
Fix bug #8293 - SMB2 doesn't rotate the log files often enough.
Move the num_requests field out of the smb1 struct into the generic
struct smbd_server_connection struct. Use it to count SMB2 requests
as well as SMB1 and ensure that check_log_size() is called every 50
SMB2 requests.
Günther Deschner [Thu, 12 May 2011 12:33:15 +0000 (14:33 +0200)]
s3-waf: stop building smbtortre4.
Guenther
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Thu May 12 15:35:02 CEST 2011 on sn-devel-104
(cherry picked from commit c1ac023b588e1ca676cbbf542ca6f93aa199ad32)
Christian Ambach [Wed, 29 Jun 2011 13:01:16 +0000 (15:01 +0200)]
s3:smbd do not panic when CTDB is unhealthy (Bug #8278)
when CTDB is unhealthy, log a message and exit cleanly
instead of creating a core file
Autobuild-User: Christian Ambach <ambi@samba.org>
Autobuild-Date: Thu Jun 30 13:18:12 CEST 2011 on sn-devel-104
(cherry picked from commit 847ca0a5d791d881be8d9a0721bf30399c80013b)
Jeremy Allison [Wed, 29 Jun 2011 16:56:47 +0000 (09:56 -0700)]
Second part of fix for bug #8219 - SMB Panic from Windows 7 Client.
Pass in the correct vector to the signing algorithm in an async
response - we must start with vector[1] which has the SMB2_HDR_BODY
length, not vector[0] which is the 4 byte packet length. Also
note we're passing in 2 vectors not 3.
Volker Lendecke [Mon, 27 Jun 2011 12:34:39 +0000 (14:34 +0200)]
s3: explicitly pass domain_sid to wbint_LookupRids() (bug #7841)
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Mon Jun 27 18:21:30 CEST 2011 on sn-devel-104
(cherry picked from commit 0a74caa473f491050bc5f64b6d6956c00088c5cd)
s3:rpc_server/svcctl: fix valgrind bug in _svcctl_QueryServiceObjectSecurity()
r->out.buffer needs to stay in its size, as it will be marshalled completely.
As it's preallocated and initialized with zeros, we just need to copy
the payload into it, even if it's smaller than the offered buffer size.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Thu Jun 16 14:15:47 CEST 2011 on sn-devel-104
(cherry picked from commit 67512152c007bb186e4fd8dac5d1aab89bce0689)
The last 3 patches address bug #8264 (svcctl valgrind fixes).
s3:rpc_server/svcctl: fix valgrind bugs in _svcctl_QueryServiceConfig2W()
r->out.buffer needs to stay in its size, as it will be marshalled completely.
As it's preallocated and initialized with zeros, we just need to copy
the payload into it.
If we always marshall the return buffer, we already have the needed
buffer size and don't need to call ndr_size_* functions.
s3:rpc_server/svcctl: don't allocate return values on a temporary stackframe
And always initialize the whole return structure.
This caused samba3.posix_s3.rpc.svcctl to be flakey.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Thu Jun 16 11:34:34 CEST 2011 on sn-devel-104
(cherry picked from commit 48de3e51eacbd1051f79dc99aaac8a4ec988fde5)
Jeremy Allison [Thu, 23 Jun 2011 22:06:16 +0000 (15:06 -0700)]
Fix bug #8254 - "acl check permissions = no" does not work in all cases
Move lp_acl_check_permissions() into can_delete_file_in_directory()
where it makes sense. Remove ACL check when requesting DELETE_ACCESS
when lp_acl_check_permissions is false.
Thanks to John Janosik @ IBM for noticing this.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Fri Jun 24 01:18:11 CEST 2011 on sn-devel-104
Andrew Bartlett [Tue, 14 Jun 2011 05:00:32 +0000 (15:00 +1000)]
s3-autconf Move nmbd socket directory to PREFIX/var/nmbd
This is consistent with the new ncalrpc socket directory, also added
in this release.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
The last 2 patches address bug #8230 (Move .nmbd socket directory to non-hidden
name PREFIX/var/nmbd).
Björn Jacke [Fri, 24 Jun 2011 11:37:16 +0000 (13:37 +0200)]
s3:vfs_commit: fix build
fix build
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Björn Jacke <bj@sernet.de>
Autobuild-Date: Fri Jun 24 14:51:31 CEST 2011 on sn-devel-104
(cherry picked from commit d4ea319e7ad9ee2fc2fad0c016845f820681569a)
s3:smb2_ioctl/FSCTL_PIPE_TRANSCEIVE: generate STATUS_BUFFER_OVERFLOW if needed (bug #8260)
This should fix DCERPC responses with fragments larger than 1024 bytes.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Jun 24 11:25:36 CEST 2011 on sn-devel-104
(cherry picked from commit 2bb325ad913c1cff88faab55102cef75d14c04a6)
Christian Ambach [Fri, 17 Jun 2011 19:54:30 +0000 (21:54 +0200)]
s3:modules fix Bug 8244 - Cannot copy files larger than 2 GB to Samba share
the time_audit module uses int instead of uint64 as return value
in get_alloc_size so that sizes of files larger than 2 GB are
cut of leading to wrong replies to NtCreateAndX and Windows
clients giving up
While checking the types of all functions, I found two more wrong
return value types that needed correction
Autobuild-User: Christian Ambach <ambi@samba.org>
Autobuild-Date: Fri Jun 17 23:11:10 CEST 2011 on sn-devel-104
(cherry picked from commit bb66504dadf56366ea30697ae73673de3df08132)
Volker Lendecke [Sun, 19 Jun 2011 17:23:47 +0000 (19:23 +0200)]
s3: Fix Coverity ID 2582: FORWARD_NULL
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Sun Jun 19 20:46:43 CEST 2011 on sn-devel-104
(cherry picked from commit 5290faca7a5ae5f3f0309a42586768a5c93bfb9d)
Fix bug #8247 (SMB2 shadow copy can be crashed remotely).
Gregor Beck [Tue, 31 May 2011 16:26:12 +0000 (18:26 +0200)]
s3:net-man: registry enumerate_recursive
Signed-off-by: Michael Adam <obnox@samba.org>
Autobuild-User: Michael Adam <obnox@samba.org>
Autobuild-Date: Wed Jun 1 17:16:05 CEST 2011 on sn-devel-104
projects / thirdparty / samba.git / log
