s3:lib/netapi: don't set SAMR_FIELD_FULL_NAME if we just want to set the account name (bug #7896)
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Thu Dec 30 18:09:13 CET 2010 on sn-devel-104
(cherry picked from commit f1d15ea54c313e71fc032b2ed191bdecad868858)
Andrew Bartlett [Sat, 11 Sep 2010 06:13:33 +0000 (16:13 +1000)]
s3-krb5 Fix Kerberos on FreeBSD with Samba4 DCs
The idea of this patch is: Don't support a mix of different kerberos
features.
Either we should prepare a GSSAPI (8003) checksum and mark the request as
such, or we should use the old behaviour (a normal kerberos checksum of 0 data).
Sending the GSSAPI checksum data, but without marking it as GSSAPI broke
Samba4, and seems well outside the expected behaviour, even if Windows accepts it.
Volker Lendecke [Sun, 12 Dec 2010 17:55:06 +0000 (18:55 +0100)]
s3: Add an async smbsock_connect
This connects to 445 and after 5 milliseconds also to 139. It treats a netbios
session setup failure as equivalent as a TCP connect failure. So if 139 is
faster but fails the nb session setup, the 445 still has the chance to succeed.
Michael Adam [Thu, 16 Dec 2010 00:49:14 +0000 (01:49 +0100)]
s3:net ads dns register: add support for specifying addresse on the commandline (bug #7871)
In the clustering case, this is also made the only possiblity to do dns updates,
since the list addresses on the local interfaces is not suitable in that case.
This fixes the "net ads dns register" part of bug #7871.
It might be extended by a parsing of the "cluster addresses" setting.
Michael Adam [Wed, 1 Dec 2010 23:42:21 +0000 (00:42 +0100)]
s3:net: disable dynamic dns updates at the end of "net ads join" in a cluster (bug #7871)
In a clustered environment, registering the set of ip addresses that are
assigned to the interfaces of the node that performs the join does usually
not have the desired effect, since the local interfaces do not carry
complete set of the cluster's public IP addresses. And it can also contain
internal addresses that should not be visible to the outside at all.
In order to do dns updates in a clustererd setup, use net ads dns register.
s3: Fall back to raw NTLMSSP for the gss-spnego protocol
This is to handle the mod_auth_ntlm_winbind protocol
sending "Negotiate" to IE, which sends raw NTLMSSP
instead of a SPNEGO wrapped NTLMSSP blob.
(cherry picked from commit 70ab7eb5303a5ff058939541dd5bc1f81113a48e)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Volker Lendecke [Sat, 13 Nov 2010 17:03:25 +0000 (18:03 +0100)]
s3: Fix "force group" with ntlmssp guest session setup
This one is subtle: Set "force group = <somegroup>" together with "guest ok =
yes". Then try "smbclient //server/share -U%". Works. Then try to connect to
the same share from Windows 2003 using an anonymous connection. Breaks with
make_connection: connection to share denied due to security descriptor
although the share_info.tdb is empty. I've seen reports of this on the lists,
but I could never ever nail it until a customer gave me access to such a box.
What happens? With an empty share_info.tdb we create a security descriptor
allow everything to the world. The problem with the above parameter combination
is that S-1-1-0 (World) is lost in the token. When you look at the callers of
create_local_token, they are only called if the preceding check_ntlm_password
did not create server_info->ptok. Not so with the one in auth_ntlmssp.c. So, if
we get a NTLMSSP session setup with user="", domain="", pass="" we call
create_local_token even though check_guest_security() via
make_server_info_guest() has already correctly done so. In this case
create_local_token puts S-1-1-0 into user_sids[1], which is supposed to be the
primary group sid of the user logging in. "force group" then overwrites this ->
the world is gone -> "denied due to security descriptor".
Why don't you see it with smbclient -U% (anonymous connection)? smbclient does
not use ntlmssp for anon session setup.
Volker Lendecke [Thu, 18 Nov 2010 12:28:47 +0000 (13:28 +0100)]
s3: Make winbind recover from a signing error
When winbind sees a signing error on the smb connection to a DC (for whatever
reason, our bug, network glitch, etc) it should recover properly. The "old"
code in clientgen.c just closed the socket in this case. This is the right
thing to do, this connection is spoiled anyway. The new, async code did not do
this so far, which led to the code in winbindd_cm.c not detect that we need to
reconnect.
Fix bug #7800 (winbind does not recover from smb signing errors).
Jeremy Allison [Tue, 23 Nov 2010 22:21:25 +0000 (14:21 -0800)]
Fix bug #7812 - vfs_acl_xattr/vfs_acl_tdb: ACL inheritance cannot be disabled
We were losing the incoming security descriptor revision number and
most importantly the "type" field as sent by the client. Ensure we
correctly store these in the xattr object.
Jeremy Allison [Sat, 23 Oct 2010 00:28:58 +0000 (17:28 -0700)]
Add acl_xattr:ignore system acls boolean (normally false) to allow Samba ACL module to ignore mapping to lower POSIX layer. With this fix Samba 3.6.x now passes RAW-ACLs (with certain smb.conf parameters set).
Jeremy Allison [Fri, 15 Oct 2010 20:30:07 +0000 (13:30 -0700)]
Fix bug #7733 - Invalid client DOS attributes on create can cause incorrect unix mode_t to be generated.
It turns out a client can send an NTCreateX call for a new file, but specify
FILE_ATTRIBUTE_DIRECTORY in the attribute list. Windows silently strips this,
but we don't - causing the unix_mode() function to go through the "mode bits
for new directory" codepath, instead of the "mode bits for new file" codepath.
Jeremy Allison [Tue, 23 Nov 2010 19:16:31 +0000 (11:16 -0800)]
Fix bug #7785 - atime limit.
On a 64-bit time_t system make MAX_TIME_T the max value that
can be represented in a struct tm. This allows applications to
set times in the future beyond the 32-bit time_t limit (2037).
This is only in source3/configure.in, needs adding to the waf
configure/build system (but I'll need help with that).
Jeremy Allison [Thu, 11 Nov 2010 17:44:21 +0000 (09:44 -0800)]
Fix bug #7791 - gvfsd-smb (Gnome vfs) fails to copy files from a SMB share using SMB signing.
The underlying problem is that the old code invoked by cli_write() increments
cli->mid directly when issuing outstanding writes. This should now be done only
in libsmb/clientgen.c to make metze's new signing engine works correctly. Just
deleting this code fixes the problem.
Jeremy Allison [Wed, 20 Oct 2010 20:58:15 +0000 (13:58 -0700)]
Fix bug #7744 - "dfree cache time" doesn't work.
There is a bug in processing the dfree cache time, which is associated with the
smbd idle timer. The idle timer call conn_idle_all(), which updates the
conn->lastused timestamp. The dfree cache time code in smbd/dfree.c depends on
conn->lastused being up to date to refresh the cached dfree value.
Unfortunately the conn_idle_all() returns early if any of the connection
structs is not idle, never updating any further conn->lastused timestamps. If
(as is common due to an IPC$ connection) there are more than one used
connection struct, then the conn->lastused timestamps after the IPC$ connection
in the connection list will never be updated.
Ensure we always update conn->lastused for all connections when calling
conn_idle_all().
Jeremy Allison [Wed, 20 Oct 2010 18:22:57 +0000 (11:22 -0700)]
Fix bug #7743 - Inconsistent use of system name lookup can cause a domain joined machine to fail to find users.
Ensure all username lookups go through Get_Pwnam_alloc(), which is the
correct wrapper function. We were using it *some* of the time anyway,
so this just makes us properly consistent.
Jeremy Allison [Thu, 7 Oct 2010 21:26:13 +0000 (14:26 -0700)]
Fix bug 7716 - acl_xattr and acl_tdb modules don't store unmodified copies of security descriptors.
As pointed out by an OEM, the code within smbd/posix_acl.c, even though passed
a const pointer to a security descriptor, still modifies the ACE entries within
it (which are not const pointers).
This means ACLs stored in the extended attribute by the acl_xattr module have
already been modified by the POSIX acl layer, and are not the original intent
of storing the "unmodified" ACL from the client.
Use dup_sec_desc to make a copy of the incoming ACL on talloc_tos() - that
is what is then modified inside smbd/posix_acl.c, leaving the original ACL
to be correctly stored in the xattr.
Volker Lendecke [Sat, 2 Oct 2010 09:50:26 +0000 (11:50 +0200)]
s3: Attempt to fix bug 7665
Quite a few of our internal routines put stuff on talloc_tos() these days.
In top-level netapi routines, properly allocate a stackframe and clean it
again. Also, don't leak memory in the rpccli_ callers onto the libnetapi
context.
Jeremy Allison [Sun, 26 Sep 2010 11:59:31 +0000 (04:59 -0700)]
Fix bug 7694 - Crash bug with invalid SPNEGO token.
Found by the CodeNomicon test suites at the SNIA plugfest.
http://www.codenomicon.com/
If an invalid SPNEGO packet contains no OIDs we crash in the SMB1/SMB2 server
as we indirect the first returned value OIDs[0], which is returned as NULL.
s3: Fix bug 7688, rpcclient command line completion crashing
We've grown more than 100 rpcclient commands by now, so this would overwrite
the array of 100 completions. There's nicer ways to fix this problem, but 1000
rpcclient commands should be at least a bit away.
s3:smbd: Align change notify replies on 4-byte boundary
MS-CIFS section 2.2.7.4.2 states this is mandatory. WinXP clients
don't seem to care, but a Win7 client will send an immediate Close()
to the directory handle when receiving an incorrectly aligned
change notify response.
Fix bug #7662 (Change notify replies must be aligned on 4-byte boundary for
Win7.)
Volker Lendecke [Mon, 10 May 2010 10:05:01 +0000 (12:05 +0200)]
libwbclient: Fix a fd-leak at dlclose-time
__attribute__((destructor)) makes winbind_close_sock() being called at
dlclose() time.
Found while testing apache on Linux with mod_auth_pam.
Other platforms will have to find a different fix. One possibility would be to
always close the socket after each operation, but this badly sucks
performance-wise.
Jeremy Allison [Thu, 9 Sep 2010 13:54:23 +0000 (15:54 +0200)]
Fix bug #7669.
Fix bug #7669 (buffer overflow in sid_parse() in Samba3 and dom_sid_parse in
Samba4).
CVE-2010-3069:
===========
Description
===========
All current released versions of Samba are vulnerable to
a buffer overrun vulnerability. The sid_parse() function
(and related dom_sid_parse() function in the source4 code)
do not correctly check their input lengths when reading a
binary representation of a Windows SID (Security ID). This
allows a malicious client to send a sid that can overflow
the stack variable that is being used to store the SID in the
Samba smbd server.
A connection to a file share is needed to exploit this
vulnerability, either authenticated or unauthenticated
(guest connection).
(cherry picked from commit a34c3e999bb1ea61da31c5b3e845b19663039358)
The issue with using talloc_move here is that users of that function in winbind
will only be able to have two schanneled connections, as the cached schannel
credentials pointer from the netlogon pipe will be set to NULL. Do a deep copy
of the struct instead.
projects / thirdparty / samba.git / log
