When idmap backend is specified as
idmap backend = ldap:"ldap://server1 ldap://server2"
then currently "ldap://server1 ldap://server2" was passed to
ldap_initialize including the quotes, leading to an ldap error.
Jeremy Allison [Tue, 27 Oct 2009 18:55:34 +0000 (11:55 -0700)]
Second part of the fix for bug 6828 - infinite timeout occurs when byte lock held outside of samba. Fixes case where a connection with a pending lock can me marked "idle", and ensures that the lock queue timeout is always recalculated. Jeremy.
Jeremy Allison [Mon, 9 Nov 2009 20:41:13 +0000 (12:41 -0800)]
Fix bug 6880 - cannot list workgroup servers reported by Alban Browaeys <prahal@yahoo.com> with fix. Revert 2e989bab0764c298a2530a2d4c8690258eba210c with extra comments - this broke workgroup enumeration. Jeremy.
Jeremy Allison [Thu, 22 Oct 2009 22:35:59 +0000 (15:35 -0700)]
Fix bug 6829 - smbclient does not show special characters properly. All successful calls to cli_session_setup() *must* be followed by calls to cli_init_creds() to stash the credentials we successfully connected with. There were 2 codepaths where this was missing. This caused smbclient to be unable to open the \srvsvc pipe to do an RPC netserverenum, and cause it to fall back to a RAP netserverenum, which uses DOS codepage conversion rather than the full UCS2 of RPC, so the returned characters were not correct (unless the DOS codepage was set correctly). Phew. That was fun to track down :-). Includes logic simplification in libsmb_server.c Jeremy.
Jeff Layton [Wed, 14 Oct 2009 15:06:23 +0000 (11:06 -0400)]
cifs.upcall: do a brute-force search for KRB5 credcache
A few weeks ago, I added some code to cifs.upcall to take the pid sent
by the kernel and use that to get the value of the $KRB5CCNAME
environment var for the process. That works fine on the initial mount,
but could be problematic on reconnect.
There's no guarantee on a reconnect that the process that initiates the
upcall will have $KRB5CCNAME pointed at the correct credcache. Because
of this, the current scheme isn't going to be reliable enough and we
need to use something different.
This patch replaces that scheme with one very similar to the one used by
rpc.gssd in nfs-utils. It searches the credcache dir (currently
hardcoded to /tmp) for a valid credcache for the given uid. If it finds
one then it uses that as the credentials cache. If it finds more than
one, it uses the one with the latest TGT expiration.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Addresses bug #6810.
Jeff Layton [Wed, 14 Oct 2009 15:06:21 +0000 (11:06 -0400)]
cifs.upcall: make using ip address conditional on new option
Igor Mammedov pointed out that reverse resolving an IP address to get
the hostname portion of a principal could open a possible attack
vector. If an attacker were to gain control of DNS, then he could
redirect the mount to a server of his choosing, and fix the reverse
resolution to point to a hostname of his choosing (one where he has
the key for the corresponding cifs/ or host/ principal).
That said, we often trust DNS for other reasons and it can be useful
to do so. Make the code that allows trusting DNS to be enabled by
adding --trust-dns to the cifs.upcall invocation.
Jeff Layton [Wed, 14 Oct 2009 15:06:18 +0000 (11:06 -0400)]
cifs.upcall: use ip address passed by kernel to get server's hostname
Instead of using the hostname given by the upcall to get the server's
principal, take the IP address given in the upcall and reverse resolve
it to a hostname.
Jeff Layton [Wed, 14 Oct 2009 15:04:56 +0000 (11:04 -0400)]
cifs.upcall: try getting a "cifs/" principal and fall back to "host/"
cifs.upcall takes a "-c" flag that tells the upcall to get a principal
in the form of "cifs/hostname.example.com@REALM" instead of
"host/hostname.example.com@REALM". This has turned out to be a source of
great confusion for users.
Instead of requiring this flag, have the upcall try to get a "cifs/"
principal first. If that fails, fall back to getting a "host/"
principal.
Jeff Layton [Wed, 14 Oct 2009 15:04:55 +0000 (11:04 -0400)]
cifs.upcall: declare a structure for holding decoded args
The argument list for the decoder is becoming rather long. Declare an
args structure and use that for holding the args. This also simplifies
pointer handling a bit.
Jeff Layton [Wed, 14 Oct 2009 15:04:53 +0000 (11:04 -0400)]
cifs.upcall: clean up logging and add debug messages
Change the log levels to be more appropriate to the messages being
logged. Error messages should be LOG_ERR and not LOG_WARNING, for
instance.
Add some LOG_DEBUG messages that we can use to diagnose problems with
krb5 upcalls. With these, someone can set up syslog to log daemon.debug
and should be able to get more info when things aren't working.
Jeff Layton [Wed, 14 Oct 2009 15:04:50 +0000 (11:04 -0400)]
cifs.upcall: use pid value from kernel to determine KRB5CCNAME to use
If the kernel sends the upcall a pid of the requesting process, we can
open that process' /proc/<pid>/environ file and scrape the KRB5CCNAME
value out of it.
Jeremy Allison [Wed, 7 Oct 2009 22:49:56 +0000 (15:49 -0700)]
Correct fix for bug 6781 - Cannot rename subfolders in Explorer view with recent versions of Samba. Without this fix, renaming a directory ./a to ./b, whilst a directory ./aa was already open would fail. Jeremy.
Volker Lendecke [Wed, 7 Oct 2009 13:53:46 +0000 (15:53 +0200)]
s3:winbind: Only ever handle one event after a select call
While handling an fd event, the situation with other fds can change. I've just
seen a winbind stuck in the accept() call on the privileged pipe. I can only
imagine this happen because under high load we first handled other requests and
meanwhile the client on the privileged pipe went away.
s3-winbindd: Fix Bug #6711: trusts to windows 2008 (2008 r2) not working.
Winbindd should always try to use LSA via an schannel authenticated ncacn_ip_tcp
connection when talking to AD for LSA lookup calls.
In Samba <-> W2k8 interdomain trust scenarios, LookupSids3 and LookupNames4 via an
schannel ncacn_ip_tcp LSA connection are the *only* options to successfully resolve
sids and names.
Kumar Thangavelu [Fri, 29 May 2009 09:27:38 +0000 (11:27 +0200)]
s3/getdcname: Fix 'net' crash.
'net' command crashed when attempting to join a
domain. This occurred in a very specific case where
the DC had multiple IPs and one of the IPs was invalid.
Jeremy Allison [Wed, 30 Sep 2009 12:27:26 +0000 (14:27 +0200)]
Fix for CVE-2009-2906.
Summary:
Specially crafted SMB requests on
authenticated SMB connections can send smbd
into a 100% CPU loop, causing a DoS on the
Samba server.
(cherry picked from commit 5f1f1c47623f846909481073d56bc909d13e5e37)
Jeremy Allison [Mon, 28 Sep 2009 11:44:12 +0000 (13:44 +0200)]
Fix for CVE-2009-2813.
===========================================================
== Subject: Misconfigured /etc/passwd file may share folders unexpectedly
==
== CVE ID#: CVE-2009-2813
==
== Versions: All versions of Samba later than 3.0.11
==
== Summary: If a user in /etc/passwd is misconfigured to have
== an empty home directory then connecting to the home
== share of this user will use the root of the filesystem
== as the home directory.
===========================================================
(cherry picked from commit 8afa10ad7d7e81bcae27b6a913210ef8a1ee4426)
Jeff Layton [Fri, 25 Sep 2009 11:01:59 +0000 (07:01 -0400)]
mount.cifs: don't leak passwords with verbose option
When running mount.cifs with the --verbose option, it'll print out the
option string that it passes to the kernel...including the mount
password if there is one. Print a placeholder string instead to help
ensure that this info can't be used for nefarious purposes.
Also, the --verbose option printed the option string before it was
completely assembled anyway. This patch should also make sure that
the complete option string is printed out.
Finally, strndup passwords passed in on the command line to ensure that
they aren't shown by --verbose as well. Passwords used this way can
never be truly kept private from other users on the machine of course,
but it's simple enough to do it this way for completeness sake.
Reported-by: Ronald Volgers <r.c.volgers@student.utwente.nl> Signed-off-by: Jeff Layton <jlayton@redhat.com> Acked-by: Steve French <sfrench@us.ibm.com>
Part 2/2 of a fix for CVE-2009-2948.
(cherry picked from commit ec0ee6753818d546ad5817bdb09cdd3b7c5673af)
Jeff Layton [Fri, 25 Sep 2009 11:00:18 +0000 (07:00 -0400)]
mount.cifs: check access of credential files before opening
It's possible for an unprivileged user to pass a setuid mount.cifs a
credential or password file to which he does not have access. This can cause
mount.cifs to open the file on his behalf and possibly leak the info in the
first few lines of the file.
Check the access permissions of the file before opening it.
Reported-by: Ronald Volgers <r.c.volgers@student.utwente.nl> Signed-off-by: Jeff Layton <jlayton@redhat.com> Acked-by: Steve French <sfrench@us.ibm.com>
Part 1/2 of a fix for CVE-2009-2948.
(cherry picked from commit 8f0af2ed4f330be558987dd52c32b32e4b8ed95f)
s3-schannel: Fix Bug #6697. Interdomain trusts with Windows 2008 R2 DCs.
The Schannel verifier (aka NL_AUTH_SIGNATURE) structure (32 byte) sent from a
W2k8r2 DC is passed in a buffer with the size of a NL_AUTH_SHA2_SIGNATURE (56
byte). We should just ignore the remaining 12 zeroed bytes and proceed.
Simo Sorce [Sat, 5 Sep 2009 14:18:12 +0000 (10:18 -0400)]
Check we read off the compelte event from inotify
The kernel may return a short read, so we must use read_data() to make sure we
read off the full buffer. If somethign bad happens we also need to kill the
inotify watch because the filedescriptor will return out of sync structures if
we read only part of the data.
Jeremy Allison [Thu, 2 Jul 2009 06:37:59 +0000 (08:37 +0200)]
Fix bug #6520 time stamps.
E.g. last mod time is not preserved when "unix extensions=yes" are set - and u
Cancel out any pending "sticky" writes or "last write" changes when
doing a UNIX info level set.
Jim McDonough [Mon, 29 Jun 2009 13:42:35 +0000 (09:42 -0400)]
Don't require "Modify property" perms to unjoin (bug #6481) "net ads leave" stopped working when "modify properties" permissions were not granted (meaning you had to be allowed to disable the account that you were about to delete).
Libnetapi should not delete machine accounts, as this does not
happen on win32. The WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE flag
really means "disable" (both in practice and docs).
However, to keep the functionality in "net ads leave", we
will still try to do the delete. If this fails, we try
to do the disable.
Additionally, it is possible in windows to not disable or
delete the account, but just tell the local machine that it
is no longer in the account. libnet can now do this as well.
projects / thirdparty / samba.git / log
