There is currently a lot of duplicate code included for processing
responses to CUPS_GET_PRINTERS and CUPS_GET_CLASSES requests. This
change splits this code into a separate function.
David Disseldorp [Tue, 24 May 2011 09:46:25 +0000 (11:46 +0200)]
s3-printing: use printcap IDL for IPC
Use printcap IDL for marshalling and unmarshalling messages between cups
child and parent smbd processes. This simplifies the IPC and ensures
the parent is notified of cups errors encountered by the child.
David Disseldorp [Tue, 24 May 2011 09:34:59 +0000 (11:34 +0200)]
s3-printing: an empty cups printer list is treated as an error
cups_async_callback() is called to receive new printcap data from a
child process which requests the information from cupsd.
Newly received printcap information is stored in a temporary printcap
cache (tmp_pcap_cache). Once the child process closes the printcap IPC
file descriptor, the system printcap cache is replaced with the newly
populated tmp_pcap_cache, however this only occurs if tmp_pcap_cache is
non null (has at least one printer).
If the printcap cache is empty, which is the case when cups is not
exporting any printers, the printcap cache is not replaced resulting in
stale data.
David Disseldorp [Mon, 17 Jan 2011 15:09:32 +0000 (16:09 +0100)]
s3-printing: remove pcap_cache_loaded asserts
pcap_cache_loaded() assertions were added to the (re)load_printers()
functions, to ensure the caller had called pcap_cache_reload() prior to
reloading printer shares.
The problem is, pcap_cache_loaded() returns false if the the pcap_cache
contains no printer entries. i.e. pcap_cache_reload() has run but not
detected any printers.
Remove these assertions, correct call ordering is already enforced.
Signed-off-by: Günther Deschner <gd@samba.org>
The last 3 patches address bug #7836 (A newly added printer isn't visbile to
clients).
Jeremy Allison [Sun, 27 Feb 2011 17:16:20 +0000 (18:16 +0100)]
Fix denial of service - memory corruption.
CVE-2011-0719
Fix bug #7949 (DoS in Winbind and smbd with many file descriptors open).
All current released versions of Samba are vulnerable to
a denial of service caused by memory corruption. Range
checks on file descriptors being used in the FD_SET macro
were not present allowing stack corruption. This can cause
the Samba code to crash or to loop attempting to select
on a bad file descriptor set.
A connection to a file share, or a local account is needed
to exploit this problem, either authenticated or unauthenticated
(guest connection).
Currently we do not believe this flaw is exploitable
beyond a crash or causing the code to loop, but on the
advice of our security reviewers we are releasing fixes
in case an exploit is discovered at a later date.
(cherry picked from commit 43babef991feedbe2acb77d27254d302ab107fa8)
David Disseldorp [Mon, 10 Jan 2011 13:08:07 +0000 (14:08 +0100)]
s3-printing: update parent smbd pcap cache
If a client connects to a samba share and while connected a printer is
added, the client will see the new printer share after a maximum of
'printcap cache time' seconds.
smbd's forked for new client connections inherit printcap information
from the parent (listener) smbd, which does not perform updates on
printcap cache time expiry. Therefore newly connected clients may
initially be presented with stale printer shares.
Add a housekeeping function to the parent smbd to ensure newly connected
clients see up to date printer shares.
The last 2 patches address bug #7836 (A newly added printer isn't visbile to
clients).
David Disseldorp [Sun, 19 Dec 2010 18:52:08 +0000 (19:52 +0100)]
s3-printing: reload shares after pcap cache fill
Since commit eada8f8a, updates to the cups pcap cache are performed
asynchronously - cups_cache_reload() forks a child process to request
cups printer information and notify the parent smbd on completion.
Currently printer shares are reloaded immediately following the call to
cups_cache_reload(), this occurs prior to smbd receiving new cups pcap
information from the child process. Such behaviour can result in stale
print shares as outlined in bug 7836.
This fix ensures print shares are only reloaded after new pcap data has
been received.
Pair-Programmed-With: Lars Müller <lars@samba.org>
Volker Lendecke [Sat, 18 Dec 2010 15:02:09 +0000 (16:02 +0100)]
s3: Fix bug 7066 -- wbcAuthenticateEx gives unix times
We might eventually want to change this, but right now we get unix times
out of the winbind pipe struct
(cherry picked from commit 993923880e213136de89b5b8d59f6f32a51b94b7)
Volker Lendecke [Sun, 12 Dec 2010 17:55:06 +0000 (18:55 +0100)]
s3: Add an async smbsock_connect
This connects to 445 and after 5 milliseconds also to 139. It treats a netbios
session setup failure as equivalent as a TCP connect failure. So if 139 is
faster but fails the nb session setup, the 445 still has the chance to succeed.
Volker Lendecke [Wed, 17 Nov 2010 15:56:28 +0000 (08:56 -0700)]
s3: Make winbind recover from a signing error
When winbind sees a signing error on the smb connection to a DC (for whatever
reason, our bug, network glitch, etc) it should recover properly. The "old"
code in clientgen.c just closed the socket in this case. This is the right
thing to do, this connection is spoiled anyway. The new, async code did not do
this so far, which led to the code in winbindd_cm.c not detect that we need to
reconnect.
Fix bug #7800 (winbind does not recover from smb signing errors).
Jeremy Allison [Thu, 9 Sep 2010 13:48:23 +0000 (15:48 +0200)]
Fix bug #7669.
Fix bug #7669 (buffer overflow in sid_parse() in Samba3 and dom_sid_parse in
Samba4).
CVE-2010-3069:
===========
Description
===========
All current released versions of Samba are vulnerable to
a buffer overrun vulnerability. The sid_parse() function
(and related dom_sid_parse() function in the source4 code)
do not correctly check their input lengths when reading a
binary representation of a Windows SID (Security ID). This
allows a malicious client to send a sid that can overflow
the stack variable that is being used to store the SID in the
Samba smbd server.
A connection to a file share is needed to exploit this
vulnerability, either authenticated or unauthenticated
(guest connection).
(cherry picked from commit df20a300758bc12286820e31fcf573bdfc2147bc)
Jeremy Allison [Tue, 27 Jul 2010 08:54:01 +0000 (01:54 -0700)]
Fix bug 7590 - offline login fails because winbind deletes cache on every startup.
Sync lib/tdb_validate.c with the change in current master.
Change tdb_validate_open() to always use O_RDWR instead of O_RDONLY,
as (from the bug report): "db_check() will always return failure for a read-only database.
Silently, without any log output, when _tdb_lockall() fails."
s3-winbind: Fix Bug #7568: Make sure cm_connect_lsa_tcp does not reset the secure channel.
This is an important fix as the following could and is happening:
* winbind authenticates a user via schannel secured netlogon samlogonex call,
current secure channel cred state is stored in winbind state, winbind
sucessfully decrypts session key from the info3
* winbind sets up a new schannel ncacn_ip_tcp lsa pipe (and thereby resets the
secure channel on the dc)
* subsequent samlogonex calls use the new secure channel creds on the dc to
encrypt info3 session key, while winbind tries to use old schannel creds for
decryption
s3-librpc: Fixed GUID_from_data_blob() with length of 32.
If we hit the case that the blob length is 32. The code goes to the end
of the function and generates a GUID with garbage.
So try to convert the blob to the GUID and return.
Günther Deschner [Fri, 14 May 2010 22:34:35 +0000 (00:34 +0200)]
s3-kerberos: temporary fix for ipv6 in print_kdc_line().
Currently no krb5 lib supports "kdc = ipv6 address" at all, so for now just fill
in just the kdc_name if we have it and let the krb5 lib figure out the
appropriate ipv6 address
Karolin Seeger [Wed, 12 May 2010 09:24:57 +0000 (11:24 +0200)]
s3-docs: Move -D option to the right paragraph in man winbindd.
Fix bug #7260 (Command line option documentation in wrong place in winbindd man
page.). Thanks to Ged Haywood <samba@jubileegroup.co.uk> for reporting!
Based on a patch from Michael Karcher <samba@mkarcher.dialup.fu-berlin.de>.
I think this is the correct fix. It causes cups_job_submit to use
print_parse_jobid(), which I've moved into printing/lpq_parse.c (to allow the
link to work).
It turns out the old print_parse_jobid() was *broken*, in that the pjob
filename was set as an absolute path - not relative to the sharename (due to it
not going through the VFS calls).
This meant that the original code doing a strncmp on the first part of the
filename would always fail - it starts with a "/", not the relative pathname of
PRINT_SPOOL_PREFIX ("smbprn.").
This fix could fix some other mysterious printing bugs - probably the ones
Guenther noticed where job control fails on non-cups backends.
libwbclient: Re-Fix a bug that was fixed with e5741e27c4c
> r21878: Fix a bug with smbd serving a windows terminal server: If winbind
> decides smbd to be idle it might happen that smbd needs to do a winbind
> operation (for example sid2name) as non-root. This then fails to get the
> privileged pipe. When later on on the same connection another authentication
> request comes in, we try to do the CRAP auth via the non-privileged pipe.
>
> This adds a winbindd_priv_request_response() request that kills the existing
> winbind pipe connection if it's not privileged.
The fix for this was lost during the conversion to libwbclient.
Thanks to Ira Cooper <samba@ira.wakeful.net> for pointing this out!
s3:winbindd: fix problems with SIGCHLD handling (bug #7317)
The main problem is that we call CatchChild() within the
parent winbindd, which overwrites the signal handler
that was registered by winbindd_setup_sig_chld_handler().
That means winbindd_sig_chld_handler() and winbind_child_died()
are never triggered when a winbindd domain child dies.
As a result will get "broken pipe" for all requests to that domain.
To reduce the risk of similar bugs in future we call
CatchChild() in winbindd_reinit_after_fork() now.
We also use a full winbindd_reinit_after_fork() in the
cache validation child now instead instead of just resetting
the SIGCHLD handler by hand. This will also fix possible
tdb problems on systems without pread/pwrite and disabled mmap
as we now correctly reopen the tdb handle for the child.
projects / thirdparty / samba.git / log
