Kai Blin [Mon, 28 Jan 2013 22:13:43 +0000 (23:13 +0100)]
swat: Use additional nonce on XSRF protection
If the user had a weak password on the root account of a machine running
SWAT, there still was a chance of being targetted by an XSRF on a
malicious web site targetting the SWAT setup.
Use a random nonce stored in secrets.tdb to close this possible attack
window. Thanks to Jann Horn for reporting this issue.
Signed-off-by: Kai Blin <kai@samba.org>
Fix bug #9577: CVE-2013-0214: Potential XSRF in SWAT.
Kai Blin [Fri, 18 Jan 2013 22:11:07 +0000 (23:11 +0100)]
swat: Use X-Frame-Options header to avoid clickjacking
Jann Horn reported a potential clickjacking vulnerability in SWAT where
the SWAT page could be embedded into an attacker's page using a frame or
iframe and then used to trick the user to change Samba settings.
Avoid this by telling the browser to refuse the frame embedding via the
X-Frame-Options: DENY header.
Signed-off-by: Kai Blin <kai@samba.org>
Fix bug #9576 - CVE-2013-0213: Clickjacking issue in SWAT.
source3/libaddns: don't depend on the order in resp->answers[]
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit eecc1d294256210ee8c2f6ab79d21b835258a6d4)
lib/replace: replace all *printf function if we replace snprintf (bug #9390)
This fixes segfaults in log level = 10 on Solaris.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Björn Jacke <bj@sernet.de>
Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Wed Nov 14 19:41:14 CET 2012 on sn-devel-104
(cherry picked from commit a15da3625850d97b3da1b02308c870f820007c52)
Jeremy Allison [Thu, 8 Nov 2012 21:45:19 +0000 (13:45 -0800)]
Another fix needed for bug #9236 - ACL masks incorrectly applied when setting ACLs.
Not caught by make test as it's an extreme edge case for strange
incoming ACLs. I only found this as I'm making raw.acls and smb2.acls
pass against 3.6.x with acl_xattr mapped onto a POSIX backend (which
isn't tested in make test).
An incoming inheritable ACE entry containing only one permission,
WRITE_DATA maps into a POSIX owner perm of "-w-", which violates
the principle that the owner of a file/directory can always read.
(cherry picked from commit 92292ac55144521824610a5d4b09f8dc1ff19a8a)
Jeremy Allison [Thu, 1 Nov 2012 18:56:22 +0000 (11:56 -0700)]
Second part of fix for bug #7781 - Samba transforms ShareName to lowercase (sharename) when adding new share via MMC
Ensure safe_strcpy is safe when src == dest. This probably needs porting
to master/3.6.x/4.0.x.
(cherry picked from commit e81b3c9a2aa58cbf5e12ef129fa63aab784c9598)
Jeremy Allison [Fri, 24 Aug 2012 22:54:07 +0000 (15:54 -0700)]
Fix bug #9117 - smbclient can't connect to a Windows 7 server using NTLMv2 (crypto code changes domain case).
Simple fix for 3.5.x, tested and confirmed as working by original reporter
"Blohm, Guntram (I/FP-37, extern)" <extern.guntram.blohm@audi.de>.
(cherry picked from commit c13c6eb11f49b1fd3b3be95c7265cf9c0738b4e8)
Andrew Bartlett [Thu, 1 Mar 2012 05:55:04 +0000 (16:55 +1100)]
s3-libsmb: Initialise ticket to ensure we do not invalid memory
The free is however a talloc_free(), which has additional protection against
freeing the wrong thing.
Andrew Bartlett
Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Fri Mar 2 01:45:19 CET 2012 on sn-devel-104
(cherry picked from commit f1452a296429b79755235f4a480f0d5ea38ce178)
Signed-off-by: Andreas Schneider <asn@samba.org>
Fix bug #9218 - Samba panics if a user specifies an invalid port number.
(cherry picked from commit 60b15f3b646d10e027e8288132db5b942261de8f)
By the time we've gotten to init_dc_connection_network() we shouldn't
be second guessing the caller by calling winbindd_can_contact_domain().
If for some reason we do need to restrict the contact list here we
can add a condition to only contact the primary domain or domains
listed in the tdc cache, but I don't think that's neccessary.
Björn Jacke [Tue, 18 Sep 2012 11:57:30 +0000 (13:57 +0200)]
quota: add supprt for gfs2
gfs2 uses the same generic quota interface as xfs and it has the same base
block/quota block size ratio and seems to work nice with the xfs quota module.
(People using gfs should be aware that quota reporting is lagging quite a bit
on gfs. If you copy a file on a gfs volume the quota values are being updated
with a delay of 30s here with kernel 3.5. This reporting can lead to data
corruption if a client thinks he can write but actually he suddently can't.)
(cherry picked from commit 0b57d1c07520f4995412f224945324fef29f5989)
Michael Adam [Tue, 7 Dec 2010 16:30:27 +0000 (17:30 +0100)]
docs: clarify the idmap_rid manpage (bug #7788)
The idmap_rid module should not be used as a default backend.
Also mention that the old snytax "idmap backend = rid:domain=range ..."
is not supported any more.
Autobuild-User: Michael Adam <obnox@samba.org>
Autobuild-Date: Tue Dec 7 19:07:57 CET 2010 on sn-devel-104
(cherry picked from commit a4f48b3da0081845336c55ff230179caeab5195c)
nsswitch: fix crash on null pam change pw response
The function _pam_winbind_change_pwd crashes due to a null value passed
to the function strcasecmp and denies to login via graphical login
manager. Check for a null value before doing a strcasecmp.
Bug-Ubuntu: https://bugs.launchpad.net/bugs/1003296
Bug: https://bugzilla.samba.org/show_bug.cgi?id=9013
(Desktop Managers (xdm, gdm, lightdm...) crashes with SIGSEGV in
_pam_winbind_change_pwd() when password is expiring)
(cherry picked from commit 47f2211f137688a7c46c4a38571a9f94e59dbf6a)
(cherry picked from commit 25bf057288d5e77c07a5ed3d3c3fb7f5f33f62b6)
Jeremy Allison [Mon, 10 Sep 2012 23:07:37 +0000 (16:07 -0700)]
Fix bug #9147 - winbind can't fetch user or group info from AD via LDAP
Don't use "isprint" in ldb_binary_encode(). This is locale specific.
Restrict to ASCII only, hex encode everything else.
(cherry picked from commit 9258a7b9cfd5fb85e5361d1b49c3bb8655e97159)
The only difference between batch and exclusive oplocks is the time of
the check: Batch is checked before the share mode check, exclusive after.
Signed-off-by: Jeremy Allison <jra@samba.org>
Fix bug #9150 - Valid open requests can cause smbd assert due to incorrect
oplock handling on delete requests.
(cherry picked from commit b20ca77e2a9d111eb2e77d0b804fe7505b07e418)
Herb Lewis [Mon, 20 Aug 2012 23:03:28 +0000 (16:03 -0700)]
Fix bug #9104 - winbindd can mis-identify idle clients - can cause crashes and NDR parsing errors.
A connection is idle when both struct winbindd_cli_state->request AND
struct winbindd_cli_state->response are NULL. Otherwise we can flag
as idle a connection in the state of having sent the request to
the winbindd child (request != NULL) but not yet received a reply
(response == NULL).
(cherry picked from commit 36dc8a0f40a38d9c03570856cb4c843b74c1c7bd)
Volker Lendecke [Tue, 7 Aug 2012 23:49:52 +0000 (16:49 -0700)]
s3: Fix a crash in reply_lockingX_error
A timed brlock with 2 locks comes in and the second one blocks,
file is closed. smbd_cancel_pending_lock_requests_by_fid sets
blr->fsp to NULL. reply_lockingX_error (called via
MSG_SMB_BLOCKING_LOCK_CANCEL) deferences blr->fsp because
blr->lock_num==1 (the second one blocked).
This patch fixes the bug by only undoing the locks if fsp!=NULL.
fsp==NULL is the close case where everything is undone anyway.
Thanks to Peter Somogyi, somogyi@hu.ibm.com for this bug report.
Jeremy Allison [Wed, 11 Jul 2012 04:13:03 +0000 (21:13 -0700)]
Fix bug #9034 - Typo in set_re_uid() call when USE_SETRESUID selected in configure.
Previous code only set the real euid, not the effective one. This is not a security issue
as this is *only* used in the quota code, and only between code that brackets
it with save_re_uid()/restore_re_uid(), Also this is not used on most platforms
(we use USE_SETREUID by preference) but it's better to have this right.
(cherry picked from commit ceed322622b46be3745b32a5f6a02e634bfe1789)
(cherry picked from commit a224e4cc1dbb2578813ccffb80e88d9ec92516ce)
Andrew Bartlett [Wed, 14 Dec 2011 22:57:56 +0000 (09:57 +1100)]
s3-winbindd Only use SamLogonEx when we can get unencrypted session keys
This ensures that we have some check on the session keys being returned
as the RC4 cipher is not checksumed.
The check comes from the fact that the credentials chain is tied to
the netlgon session key, and so if the credentials check passes then
the netlogon session key will be correct, and so the user session key
will be correctly decrypted.
Andrew Bartlett
Signed-off-by: Matthieu Patou <mat@matws.net>
s3: If we can't do validation 6 or sam_logon_ex use sam_logon only
(cherry picked from commit c119cd8868fc7e2eb08b09f7092519007fd83bf6)
Björn Jacke [Thu, 10 Jun 2010 15:19:16 +0000 (17:19 +0200)]
s3: fix build on HP-UX
this struct member h_errno is not used in the HP-UX code paths, it was just
there because Solaris has it, too. As h_errno is a function call macro on HP-UX
when thread support is enabled we run into trouble here. Just commenting it out
should be okay as we don't use it anyway.
(cherry picked from commit ec94efb79d4516b09c7d1d93a4ff8ce0f7046f41)
Volker Lendecke [Fri, 22 Jun 2012 13:46:13 +0000 (15:46 +0200)]
s3-vfs_gpfs: Fix bug #9003, posix acl on gpfs
gpfs2smb_acl can leave errno!=0 around even if it returned a correct
result!=NULL. We can only rely on errno being set if another error
condition (in this case result==NULL) indicates an error. If
result!=NULL, errno is undefined and can be anything. This leads to
SAFE_FREE(result) further down even in the success case.
Jeremy Allison [Mon, 18 Jun 2012 23:24:12 +0000 (16:24 -0700)]
Same fix as bug 8989 - Samba 3.5.x (and probably all other versions of Samba) does not send correct responses to NT Transact Secondary when no data and no params
Jeremy Allison [Mon, 18 Jun 2012 23:23:13 +0000 (16:23 -0700)]
Fix Bug 8989 - Samba 3.5.x (and probably all other versions of Samba) does not send correct responses to NT Transact Secondary when no data and no params
Volker Lendecke [Fri, 26 Aug 2011 14:54:18 +0000 (16:54 +0200)]
s3: Fix a winbind race leading to 100% CPU
This fixes a race condition that leads to the winbindd_children list becoming
corrupted. It happens when on a busy winbind SIGCHLD is a bit late.
Imagine a winbind with multiple requests in the queue for a single child. Child
dies, and before the SIGCHLD handler is called we find the socket to be dead.
wb_child_request_done is called, receiving an error from wb_simple_trans_recv.
It closes the socket. Then immediately the wb_child_request_trigger will do
another fork_domain_child before the signal handler is called. This means that
we do another fork_domain_child, we have child->sock==-1 at this point.
fork_domain_child will do a DLIST_ADD(winbindd_children, child) a second time
where the child is already part of that list. This corrupts the list. Then the
signal handler kicks in, spinning in
Matthieu Patou [Fri, 1 Jun 2012 22:33:04 +0000 (15:33 -0700)]
s3-winbindd: call dump_core_setup after command line option has been parsed
Without this fix in some situations winbindd can't coredump.
Such cases append when samba is compiled in a custom prefix (ie.
/home/build/mat/prod/1/) in this case get_dyn_LOGFILEBASE or basename(lp_logfile)
before the configuration file and the command line is parsed will be something like /home/build/mat/prod/1/var
which might not exists on the host where you run it (where it's most
probably more "normal" directories).
Specifying --log-basename didn't help as dump_core_setup is called before the command line and
the config file is read so it didn't help getting a correct value in dump_core_setup.
We fix this issue by calling dump_core_setup() also after the command
line has been read and also after the configfile has been parsed so that
the final location for the coredump is coherent with the final logile
location.
Jeremy Allison [Mon, 23 Apr 2012 23:19:50 +0000 (16:19 -0700)]
Fix bug #8882 - Broken processing of %U with vfs_full_audit when force user is set.
When doing a "force user" we need to remember what the "sanitized_username"
was from the original connect.
(cherry picked from commit 0529cf9d039d0ae449f4b167952b42b2039238be)
Andrew Bartlett [Fri, 18 May 2012 12:02:57 +0000 (22:02 +1000)]
s3-utils: Use ads_do_search_retry in net ads search
This makes it possible to search against a slow server, as will
fallback from 1000 to (eventually) 125 users at a time.
Andrew Bartlett
The last 4 patches addres bug #8943 (Slow but responsive DC can lock up winbindd
for > 10 minutes at a time).
(cherry picked from commit 76c570fe6be4d6b5b254ec3264a97cb13864a6df)
Jeremy Allison [Mon, 30 Apr 2012 23:32:51 +0000 (16:32 -0700)]
Fix the loop unrolling inside resolve_ads().
If we don't get an IP list don't use interpret_string_addr(), as this only returns one address, use interpret_string_addr_internal() instead.
The last 4 patches address bug #8910 (resolve_ads() code can return zero
addresses and miss valid DC IP addresses).
(cherry picked from commit b9d3f8258396873d6ec8b6ea9ad066e2f1f8e973)
Jeremy Allison [Mon, 30 Apr 2012 23:29:19 +0000 (16:29 -0700)]
Protect all of the name resolution methods from returning null addrs. Ensure all returns go through remove_duplicate_addrs2().
(cherry picked from commit 6d5aae1d9680657c7021af2974db9b0dc2336f13)
Jeremy Allison [Mon, 30 Apr 2012 23:16:39 +0000 (16:16 -0700)]
Fix remove_duplicate_addrs2 to do exactly what it says. Previously it could leave zero addresses in the list.
(cherry picked from commit 8e9db61b447d22bad84a8c9ae450a71d9c3e6d58)
projects / thirdparty / samba.git / log
