Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
(cherry picked from commit 5e6dfd1650d724c5f21b1b4324dfd44c68c3046d)
Jeremy Allison [Fri, 26 Apr 2013 17:47:41 +0000 (10:47 -0700)]
Fix bug #9822 - Samba crashing during Win8 sync.
When refactoring the dptr desctructor in the
fix for bug:
9778 (Samba directory code uses dirfd() without vectoring through a VFS call)
I removed the code to NULL out the struct smb_Dir *
pointer inside the fsp struct by mistake.
Re-add the NULLing out of that pointer when
closing a directory pointer associated with
an open file.
Reporter confirms it fixes the crash.
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Sat Apr 27 20:44:55 CEST 2013 on sn-devel-104
(cherry picked from commit 251767cde9a146d8122d76e257ab232c05ad452a)
(cherry picked from commit fe51e23801b24af43ce605f51f3e607fae74d3b7)
Jeremy Allison [Wed, 10 Apr 2013 23:30:10 +0000 (16:30 -0700)]
Remove dependency on detection of HAVE_DIRFD for use of fdopendir().
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Apr 12 16:21:10 CEST 2013 on sn-devel-104
(cherry picked from commit 7a4dd845958f1411daa8031ca242987001ab2f26)
(cherry picked from commit abff441e445431970d1e25fa79e10276e576d9e3)
David Disseldorp [Wed, 22 May 2013 15:58:38 +0000 (17:58 +0200)]
Fix bug 9900: is_printer_published GUID retrieval
Samba currently always responds to GetPrinter(level = 7) requests with
DSPRINT_UNPUBLISH, regardless of the AD publish status tracked via the
PRINTER_ATTRIBUTE_PUBLISHED flag. This is due to erroneous "objectGUID"
unmarshalling in is_printer_published().
This change splits "objectGUID" retrieval into a separate function, and
adds a pull_reg_sz() call to correctly unmarshall the GUID.
(cherry picked from commit 577b2e554cff29d7676ef74ace1536210503601c)
David Disseldorp [Thu, 23 May 2013 17:32:08 +0000 (19:32 +0200)]
printing: explicitly clear PUBLISHED attribute
Currently nt_printer_publish(DSPRINT_UNPUBLISH) flips (via xor) the
info2->attributes PRINTER_ATTRIBUTE_PUBLISHED flag, rather than
explicitly clearing it.
(cherry picked from commit d867da670e42e3cbcf5f251a8a758f9506511086)
Jeremy Allison [Wed, 8 May 2013 22:10:32 +0000 (15:10 -0700)]
Remove the compound_related_in_progress state from the smb2 global state.
And also remove the restriction that we can't read a new
request whilst we're in this state.
Signed-off-by: Jeremy Allison <jra@samba.org>
The last 4 patches address bug #9722 - Samba does not properly handle Oplock
breaks in compound requests.
(cherry picked from commit 9094b538c85a550b40827799f56427a926d315cd)
Volker Lendecke [Tue, 7 May 2013 10:39:16 +0000 (12:39 +0200)]
winbind: Fix bug 9854 -- NULL pointer dereference
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Tue May 7 14:49:07 CEST 2013 on sn-devel-104
(cherry picked from commit 8c1283a89f746a108e8014b6fbc9a58a371950cf)
(cherry picked from commit 0872d998cd2bcfa274283bd7dd1d70010ca33166)
BUG 9817: Fix 'map untrusted to domain' with NTLMv2.
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Apr 24 17:14:48 CEST 2013 on sn-devel-104
(cherry picked from commit 62873916076d748f7c91868a6cd28d35e64d8dca)
s3:librpc: add support for PFC_FLAG_OBJECT_UUID when parsing packets (bug #9382)
Now the logic matches the one in dcerpc_read_ncacn_packet_done().
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Reviewed-by: David Disseldorp <ddiss@suse.de>
(cherry picked from commit 65860c540faba0ca3542ee2edc0a16fa76a2bcde)
Andrew Bartlett [Wed, 3 Apr 2013 22:53:34 +0000 (09:53 +1100)]
s3-smbd: Split make_serverinfo_from_username guest parameters into two parts
This handles differently the case where we are the guest (from security=share) and
when we are forced to be a different user with force user. We want to maintain
only the is_guest flag if were forced to become any other user, we need the rest
of the token to change.
David Disseldorp [Wed, 17 Apr 2013 17:39:12 +0000 (10:39 -0700)]
Bug 9807 - wbinfo: fix segfault in wbinfo_pam_logon
wbinfo_pam_logon() incorrectly assumes that wbcLogonUser() always
returns an allocated wbcAuthErrorInfo struct on failure.
Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Apr 17 21:29:29 CEST 2013 on sn-devel-104
(cherry picked from commit 8bb8f0011e567501a98a901adcfffbf4f34e73ae)
If there is no domain_name specified we still need to set to for
caching else we will not find the entry later if we lookup the entry
with the domain_name.
Reviewed-by: Guenther Deschner <gd@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Tue Apr 9 16:32:44 CEST 2013 on sn-devel-104
(cherry picked from commit afcbaf373a1959f2323ffa729886b688c2b965e3)
in the while loop reading the map file. After a successfull map we don't
stop and continue the loop to check all other mappings in the username
mapfile. But when we hit the end of the file and leave the loop we call:
set_last_from_to(user_in, user_in);
This overwrites the successful mapping, and the next time we call
map_username() we skip the username and no mapping is done.
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit d9b8bd03d002e0329a4b0ed4b1cc81d64fe9c6eb)
We should be able to define the case of the spn cause it is important
for some services like nfs. 'net ads keytab add "nfs"' should not
result in an uppercase spn.
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 6848fb121a3a16b2d87b2bf2f7cca8364a1343f1)
Volker Lendecke [Thu, 21 Mar 2013 21:00:06 +0000 (22:00 +0100)]
smbd: Tune "dir" a bit.
for i in $(seq 1 20000) ; do echo dir ; done | smbclient //127.0.0.1/tmp -U%
without and with this patch:
$ time bin/smbd -d0 -i
smbd version 4.1.0pre1-GIT-1f139ae started.
Copyright Andrew Tridgell and the Samba Team 1992-2013
Beendet
real 0m28.342s
user 0m10.249s
sys 0m10.513s
$ time bin/smbd -d0 -i
smbd version 4.1.0pre1-GIT-1f139ae started.
Copyright Andrew Tridgell and the Samba Team 1992-2013
Beendet
real 0m27.348s
user 0m9.089s
sys 0m10.853s
The "real" timestamp is irrelevant, this also contains the time between
starting smbd and the smbclient job. It's the "user" time. The result that this
patch improves the time spent in user space by 10% is consistent.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Fix bug #9736 - Change to smbd/dir.c code gives significant performance
increases on large directory listings.
(cherry picked from commit 565d1409c7c424fbbeed1e98b042d3970b0acf73)
Jeremy Allison [Thu, 21 Mar 2013 20:59:20 +0000 (13:59 -0700)]
Fix bug #9733 - smbcontrol close-share is not working.
As part of forcibly disconnecting a client from a share,
smbd must atomically call reload_services() to ensure that
the entry in the ServicePtrs[] array corresponding to
that share is removed if the share was removed from
the smb.conf or registry entries.
Otherwise the ServicePtrs[] array entry for the share
remains active and the client races to auto-reconnect to
the share before a second message to reload the smb.conf
file can be sent.
This has to be done as part of the close-share message
processing, as removing the share from the smb.conf file
first, then telling the smbd to reload followed by the
forcible disconnect message doesn't work as in this
sequence of events when the reload message is received
the client is still connected to the share, so the
ServicePtrs[] entry is still left active.
The forcible-disconnect + service reload has to be done
together as an atomic operation in order for this to work.
Jeremy Allison [Wed, 27 Mar 2013 18:54:34 +0000 (11:54 -0700)]
Final fix for bug #9130 - Certain xattrs cause Windows error 0x800700FF
The spec lies when it says that NextEntryOffset is the only value
considered when finding the next EA. We were adding 4 more extra
pad bytes than needed (i.e. if the next entry already was on a 4
byte boundary, then we were adding 4 additional pad bytes).
Signed-off-by: Jeremy Allison <jra@samba.org>
The last 5 patches address bug #9130 - Certain xattrs cause Windows error
0x800700FF.
(cherry picked from commit 57db33599589b06a60cb7cbb454f87bf40c542e0)
Volker Lendecke [Mon, 18 Mar 2013 08:36:17 +0000 (09:36 +0100)]
wkssvc: Fix bug 9727, NULL pointer dereference
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Mon Mar 18 11:39:27 CET 2013 on sn-devel-104
(cherry picked from commit 05a7a10c88be99d864eacd6f9d37a340022f01f6)
(cherry picked from commit 64fb72ccb26b8e48c50407bc58618499ab2f5603)
David Disseldorp [Fri, 15 Mar 2013 15:54:06 +0000 (16:54 +0100)]
printing: update registry and publish in background
Currently all smbd processes unnecessarily access each printer registry
TDB entry following printcap cache reload.
This change moves responsibility for this to the background print queue
process.
This and the last four commits address bug 9650: New or delete cups
printerqueues are not recognized by the samba.
(cherry picked from commit ac6604868d1325dd4c872dc0f6ab056d10ebaecf)
David Disseldorp [Fri, 15 Feb 2013 11:17:53 +0000 (12:17 +0100)]
spoolss: only reload printers on pcap update message
Printcap cache updates are the responsibility of the background
printing process, which after doing so broadcasts a MSG_PRINTER_PCAP
message. Spoolssd should only reload printers after receiving such a
message.
(cherry picked from commit c30c66d8b5b4ebbde1b148c51310e336f29ca04e)
David Disseldorp [Thu, 14 Feb 2013 16:02:08 +0000 (17:02 +0100)]
printing: add sighup and conf change handlers
The background printing process is now responsible for all printcap
cache updates, which should be done on SIGHUP and configuration change.
(cherry picked from commit f4af7c4d4cafe15c437742d450c7753a8b6d8422)
David Disseldorp [Thu, 14 Feb 2013 13:42:21 +0000 (14:42 +0100)]
printing: move pcap change notifier to bg process
The background print queue process is responsible for printcap cache
updates, and should be the only process to send notifications.
(cherry picked from commit 23ac828ba93e2ffc60ced19656af9609dcc1b2ab)
David Disseldorp [Tue, 12 Feb 2013 17:57:53 +0000 (18:57 +0100)]
smbd: fix cups printcap cache updates on startup
On startup the parent smbd process currently calls pcap_cache_reload(),
which is done immediately before the background queue process is forked.
pcap_cache_reload() is asynchronous with cups, in that it forks a
separate process to obtain the printer listing. The cache_fd_event
print_cups.c global variable is used to track when a cups printer
listing is in progress.
cache_fd_event is set when the background queue process is forked, due
to smbd's pcap_cache_reload() call immediately prior. As a result, the
background queue process assumes an existing pcap_cache_reload() call is
indefinitely outstanding, causing the printcap cache to remain stale
thereafter.
(cherry picked from commit d7286bb6520ebe03355e98e3311e1d79e2746791)
Jeremy Allison [Thu, 28 Mar 2013 16:36:41 +0000 (09:36 -0700)]
Make sure that we only propogate the INHERITED flag when we are allowed to.
Signed-off-by: Jeremy Allison <jra@samba.org>
Fix bug #9747 - When creating a directory Samba allows inherited bit to slip
through.
(cherry picked from commit 93bca1881e3a8993c76fec408d7c0c369556683d)
Reviewed-by: Günther Deschner <gd@samba.org>
The last 7 patches address bug #9723 - Add a tool to migrate latin1 printing
tdb's to registry.
(cherry picked from commit 97bb3cc15bfa6572486e176aed9040ee3e7df714)
Jeremy Allison [Fri, 15 Mar 2013 22:13:24 +0000 (15:13 -0700)]
Fix bug #9724 - is_encrypted_packet() function incorrectly used inside server.
The is_encrypted_packet() function should only be used on the raw received data
to determine if a packet came in encrypted. Once we're inside the SMB1
processing code in smbd/reply.c we should be looking at the
smb1request->encrypted field to determine if a packet was really encrypted or
not.
Guenter Kukkukk [Sat, 9 Mar 2013 03:45:15 +0000 (04:45 +0100)]
vfs_catia: new version of the manual page for samba-3.6.x
well, i was not aware of the change
./docs-xml/manpages-3/
./docs-xml/manpages/
in samba-4.0.x
Signed-off-by: Guenter Kukkukk <kukks@samba.org>
The last 4 patches address bug #9701 - vfs_catia is not working anymore (due to
a former regression).
(cherry picked from commit 17113c33a77a257560f33dbb35286ae20250a8f5)
Daniel Kobras [Sat, 23 Feb 2013 00:24:26 +0000 (16:24 -0800)]
Fix bug #9039 'map untrusted to domain' treats WORKSTATION as bogus domain.
s3: never try to map global SAM name
Do not treat the global SAM name as a BOGUS domain, and exempt
local users from mapping, instead. This change reinstates the
exact mapping behaviour of Samba 3.2 if parameter 'map untrusted
to domain' is set.
pdb: Fix array overrun by one. Reviewed-by: Alexander Bokovoy <ab@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Fix bug #9686 - Fix a possible buffer overrun in pdb_smbpasswd.
(cherry picked from commit b174e1b496659c9e7a0fc70ad49ed0fc5906d252)
Björn Jacke [Wed, 20 Feb 2013 16:06:49 +0000 (17:06 +0100)]
build/autoconf: put ld check variable in quotes
Signed-off-by: Bjoern Jacke <bj@sernet.de> Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit ac9620b942d6d51a1c35c4177c3f241351fc1ebd)
The last 2 patches address bug #7825 (need to fix GNU ld version detection with
old gcc releases).
(cherry picked from commit b76501dbf14bcba0eba7b5420b191caf237f0b35)
Björn Jacke [Tue, 19 Feb 2013 14:30:34 +0000 (15:30 +0100)]
build/autoconf: fix check for GNU ld version
we need to look for the version once in the stdout and once in the stderr
output. Some version of ld output to stdout, some output to stderr. redirecting
stderr to stdout messes the output up in our case, that's why we have to do two
runs. See also bug #7825.
Signed-off-by: Bjoern Jacke <bj@sernet.de> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Tue Feb 19 20:56:12 CET 2013 on sn-devel-104
(cherry picked from commit ff8ba0628f6f13a5be1df94e5ac2e83008b7c69c)
(cherry picked from commit 1f1feddc6f414a91859b0dae77b34953b479d47e)
David Disseldorp [Tue, 12 Feb 2013 10:58:06 +0000 (11:58 +0100)]
smbd: fix initial large PAC sess setup response
An oversize Kerberos security token may be split across multiple Session
Setup AndX requests when authenticating as a user who is a member of
many (~2000) groups.
In such a case the NativeOS, NativeLanMan & PrimaryDomain fields must be
sent with the NT_STATUS_MORE_PROCESSING_REQUIRED response. Otherwise
Windows clients may resend the same security token data in subsequent
session setup andX requests, as observed with Windows 7 and Server 2012.
Ira Cooper [Fri, 8 Feb 2013 22:47:57 +0000 (14:47 -0800)]
s3: Make SMB2_GETINFO multi-volume aware.
Not all shares are a single volume. Some actually
expose multiple volumes under a single share. In these
cases showing the amount of space free as the space free
at the base of the directory heirarchy is wrong.
Reviewed-by: Jeremy Allison <jra@samba.org>
Fix bug #9646 - dir and similar commands are returning the wrong amount of free
space.
(cherry picked from commit 872a7d61ca769c47890244a1005c1bd445a3bab6)
s3:auth: wbcAuthenticateEx gives unix times (bug #9625)
We also need to convert last_logon, last_logoff and acct_expiry
from unix time to nt time.
Otherwise a windows member server will reject clients
using CAP_DYNAMIC_REAUTH or smb2) with STATUS_NETWORK_SESSION_EXPIRED,
if the logoff and kickoff time is expired.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
(cherry picked from commit 292504a759caf811fb6201e273ffeab20522a991)
Pavel Shilovsky [Wed, 16 Jan 2013 11:02:26 +0000 (15:02 +0400)]
Fix bug #9571 - Unlink after open causes smbd to panic.
s3:smbd: fix wrong lock order in posix unlink
Signed-off-by: Pavel Shilovsky <piastry@etersoft.ru> Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit fb0868e290cdc23671a84b7600af689a8b8b806f)
Jeremy Allison [Fri, 25 Jan 2013 18:21:48 +0000 (10:21 -0800)]
Fix bug #9588 - ACLs are not inherited to directories for DFS shares.
We can return with NT_STATUS_OK in an error code path. This
has a really strange effect in that it prevents the ACL editor
in Windows XP from recursively changing ACE entries on sub-directories
after a change in a DFS-root share (we end up returning a path
that looks like: \\IPV4\share1\xptest/testdir with a mixture
of Windows and POSIX pathname separators).
Jeremy Allison [Thu, 24 Jan 2013 19:02:30 +0000 (11:02 -0800)]
Fix bug #9587 - archive flag is always set on directories.
Creating a directory to a Samba share sets the attributes to 'D' only
(correct) - only when creating a new file should the 'A' attribute
be set.
However, doing a rename of that directory sets the 'A' attribute in error.
This should only be done on a file rename. smbclient regression test to follow.
Günther Deschner [Thu, 17 Jan 2013 23:22:31 +0000 (00:22 +0100)]
BUG 9474: Downgrade v4 printer driver requests to v3.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Jan 21 16:11:02 CET 2013 on sn-devel-104
(cherry picked from commit 58fadf2f48a2a409b4ee98fdc0166c7f801a7629)
(cherry picked from commit ae0cf58a75874541c4c9b8b29a2b1fc45928be69)
BUG 9574: Fix a possible null pointer dereference in spoolss.
If the the client enumerates the printers and didn't specify a
servername we have a null pointer dereference, so the process serving
the connection crashes.
Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Michael Adam <obnox@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 329ba78272a03e2011743f4fd47b6094b271d573)
Kai Blin [Mon, 28 Jan 2013 20:41:07 +0000 (21:41 +0100)]
swat: Use additional nonce on XSRF protection
If the user had a weak password on the root account of a machine running
SWAT, there still was a chance of being targetted by an XSRF on a
malicious web site targetting the SWAT setup.
Use a random nonce stored in secrets.tdb to close this possible attack
window. Thanks to Jann Horn for reporting this issue.
Signed-off-by: Kai Blin <kai@samba.org>
Fix bug #9577: CVE-2013-0214: Potential XSRF in SWAT.
Kai Blin [Fri, 18 Jan 2013 22:11:07 +0000 (23:11 +0100)]
swat: Use X-Frame-Options header to avoid clickjacking
Jann Horn reported a potential clickjacking vulnerability in SWAT where
the SWAT page could be embedded into an attacker's page using a frame or
iframe and then used to trick the user to change Samba settings.
Avoid this by telling the browser to refuse the frame embedding via the
X-Frame-Options: DENY header.
Signed-off-by: Kai Blin <kai@samba.org>
Fix bug #9576 - CVE-2013-0213: Clickjacking issue in SWAT.
projects / thirdparty / samba.git / log
