Jeremy Allison [Wed, 7 Oct 2009 22:49:56 +0000 (15:49 -0700)]
Correct fix for bug 6781 - Cannot rename subfolders in Explorer view with recent versions of Samba. Without this fix, renaming a directory ./a to ./b, whilst a directory ./aa was already open would fail. Jeremy.
Volker Lendecke [Wed, 7 Oct 2009 13:53:46 +0000 (15:53 +0200)]
s3:winbind: Only ever handle one event after a select call
While handling an fd event, the situation with other fds can change. I've just
seen a winbind stuck in the accept() call on the privileged pipe. I can only
imagine this happen because under high load we first handled other requests and
meanwhile the client on the privileged pipe went away.
s3-winbindd: Fix Bug #6711: trusts to windows 2008 (2008 r2) not working.
Winbindd should always try to use LSA via an schannel authenticated ncacn_ip_tcp
connection when talking to AD for LSA lookup calls.
In Samba <-> W2k8 interdomain trust scenarios, LookupSids3 and LookupNames4 via an
schannel ncacn_ip_tcp LSA connection are the *only* options to successfully resolve
sids and names.
Kumar Thangavelu [Fri, 29 May 2009 09:27:38 +0000 (11:27 +0200)]
s3/getdcname: Fix 'net' crash.
'net' command crashed when attempting to join a
domain. This occurred in a very specific case where
the DC had multiple IPs and one of the IPs was invalid.
Jeremy Allison [Wed, 30 Sep 2009 12:27:26 +0000 (14:27 +0200)]
Fix for CVE-2009-2906.
Summary:
Specially crafted SMB requests on
authenticated SMB connections can send smbd
into a 100% CPU loop, causing a DoS on the
Samba server.
(cherry picked from commit 5f1f1c47623f846909481073d56bc909d13e5e37)
Jeremy Allison [Mon, 28 Sep 2009 11:44:12 +0000 (13:44 +0200)]
Fix for CVE-2009-2813.
===========================================================
== Subject: Misconfigured /etc/passwd file may share folders unexpectedly
==
== CVE ID#: CVE-2009-2813
==
== Versions: All versions of Samba later than 3.0.11
==
== Summary: If a user in /etc/passwd is misconfigured to have
== an empty home directory then connecting to the home
== share of this user will use the root of the filesystem
== as the home directory.
===========================================================
(cherry picked from commit 8afa10ad7d7e81bcae27b6a913210ef8a1ee4426)
Jeff Layton [Fri, 25 Sep 2009 11:01:59 +0000 (07:01 -0400)]
mount.cifs: don't leak passwords with verbose option
When running mount.cifs with the --verbose option, it'll print out the
option string that it passes to the kernel...including the mount
password if there is one. Print a placeholder string instead to help
ensure that this info can't be used for nefarious purposes.
Also, the --verbose option printed the option string before it was
completely assembled anyway. This patch should also make sure that
the complete option string is printed out.
Finally, strndup passwords passed in on the command line to ensure that
they aren't shown by --verbose as well. Passwords used this way can
never be truly kept private from other users on the machine of course,
but it's simple enough to do it this way for completeness sake.
Reported-by: Ronald Volgers <r.c.volgers@student.utwente.nl> Signed-off-by: Jeff Layton <jlayton@redhat.com> Acked-by: Steve French <sfrench@us.ibm.com>
Part 2/2 of a fix for CVE-2009-2948.
(cherry picked from commit ec0ee6753818d546ad5817bdb09cdd3b7c5673af)
Jeff Layton [Fri, 25 Sep 2009 11:00:18 +0000 (07:00 -0400)]
mount.cifs: check access of credential files before opening
It's possible for an unprivileged user to pass a setuid mount.cifs a
credential or password file to which he does not have access. This can cause
mount.cifs to open the file on his behalf and possibly leak the info in the
first few lines of the file.
Check the access permissions of the file before opening it.
Reported-by: Ronald Volgers <r.c.volgers@student.utwente.nl> Signed-off-by: Jeff Layton <jlayton@redhat.com> Acked-by: Steve French <sfrench@us.ibm.com>
Part 1/2 of a fix for CVE-2009-2948.
(cherry picked from commit 8f0af2ed4f330be558987dd52c32b32e4b8ed95f)
s3-schannel: Fix Bug #6697. Interdomain trusts with Windows 2008 R2 DCs.
The Schannel verifier (aka NL_AUTH_SIGNATURE) structure (32 byte) sent from a
W2k8r2 DC is passed in a buffer with the size of a NL_AUTH_SHA2_SIGNATURE (56
byte). We should just ignore the remaining 12 zeroed bytes and proceed.
Simo Sorce [Sat, 5 Sep 2009 14:18:12 +0000 (10:18 -0400)]
Check we read off the compelte event from inotify
The kernel may return a short read, so we must use read_data() to make sure we
read off the full buffer. If somethign bad happens we also need to kill the
inotify watch because the filedescriptor will return out of sync structures if
we read only part of the data.
Jeremy Allison [Thu, 2 Jul 2009 06:37:59 +0000 (08:37 +0200)]
Fix bug #6520 time stamps.
E.g. last mod time is not preserved when "unix extensions=yes" are set - and u
Cancel out any pending "sticky" writes or "last write" changes when
doing a UNIX info level set.
Jim McDonough [Mon, 29 Jun 2009 13:42:35 +0000 (09:42 -0400)]
Don't require "Modify property" perms to unjoin (bug #6481) "net ads leave" stopped working when "modify properties" permissions were not granted (meaning you had to be allowed to disable the account that you were about to delete).
Libnetapi should not delete machine accounts, as this does not
happen on win32. The WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE flag
really means "disable" (both in practice and docs).
However, to keep the functionality in "net ads leave", we
will still try to do the delete. If this fails, we try
to do the disable.
Additionally, it is possible in windows to not disable or
delete the account, but just tell the local machine that it
is no longer in the account. libnet can now do this as well.
Jeremy Allison [Sat, 30 May 2009 20:28:03 +0000 (13:28 -0700)]
Fix bug #6421 - POSIX read-only open fails on read-only shares. The change to smbd/trans2.c opens up SETFILEINFO calls to POSIX_OPEN only. The change to first smbd/open.c closes 2 holes that would have been exposed by allowing POSIX_OPENS on readonly shares, and their ability to set arbitrary flags permutations. The O_CREAT -> O_CREAT|O_EXCL change removes an illegal combination (O_EXCL without O_CREAT) that previously was being passed down to the open syscall. Jeremy.
projects / thirdparty / samba.git / log
