Karolin Seeger [Sun, 22 Feb 2015 14:11:32 +0000 (15:11 +0100)]
WHATSNEW: Add release notes for Samba 3.6.25.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11077
CVE-2015-0240: talloc free on uninitialized stack pointer in netlogon server
could lead to security vulnerability.
Pair-Programmed-With: Michael Adam <obnox@samba.org>
Pair-Programmed-With: Andreas Schneider <asn@samba.org> Signed-off-by: Michael Adam <obnox@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
Pair-Programmed-With: Michael Adam <obnox@samba.org>
Pair-Programmed-With: Andreas Schneider <asn@samba.org> Signed-off-by: Michael Adam <obnox@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
Jiří Šašek [Mon, 15 Sep 2014 17:23:55 +0000 (19:23 +0200)]
CVE-2014-0178 patch for 3.6
Samba 3.6.23 patch for:
FSCTL_GET_SHADOW_COPY_DATA: Initialize output array to, zero
...derived from Christof Schmitt <christof.schmitt@us.ibm.com>'s patch for Samba 4.0
http://www.samba.org/samba/ftp/patches/security/samba-4.0.17-CVE-2014-0178-CVE-2014-0239.patch
Karolin Seeger [Mon, 23 Jun 2014 06:03:27 +0000 (08:03 +0200)]
WHATSNEW: Add release notes for Samba 3.6.24.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10633
CVE-2014-0244: nmbd denial of service
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10654
CVE-2014-3493: Segmentation fault in smbd_marshall_dir_entry()'s
SMB_FIND_FILE_UNIX handler because push_ascii() has returned(uint32_t)-1
via srvstr_push(), incrementing p by 4GB
Andrew Bartlett [Tue, 5 Nov 2013 03:16:46 +0000 (16:16 +1300)]
CVE-2013-4496:samr: Remove ChangePasswordUser
This old password change mechanism does not provide the plaintext to
validate against password complexity, and it is not used by modern
clients.
The missing features in both implementations (by design) were:
- the password complexity checks (no plaintext)
- the minimum password length (no plaintext)
Additionally, the source3 version did not check:
- the minimum password age
- pdb_get_pass_can_change() which checks the security
descriptor for the 'user cannot change password' setting.
- the password history
- the output of the 'passwd program' if 'unix passwd sync = yes'.
Finally, the mechanism was almost useless, as it was incorrectly
only made available to administrative users with permission
to reset the password. It is removed here so that it is not
mistakenly reinstated in the future.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Karolin Seeger [Fri, 6 Dec 2013 19:19:23 +0000 (20:19 +0100)]
WHATSNEW: Add release notes for Samba 3.0.22.
Bug 10185 - CVE-2013-4408: DCERPC frag_len not checked
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10185
Bug 10306 - CVE-2012-6150: Fail authentication if user isn't member of *any*
require_membership_of specified groups
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10306
(BUG: https://bugzilla.samba.org/show_bug.cgi?id=10300)
Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
[ddiss@samba.org: fixed incorrect bugzilla tag I added to master commit]
Arvid Requate [Thu, 21 Nov 2013 11:35:20 +0000 (12:35 +0100)]
spoolss: accept XPS_PASS datatype used by Windows 8
The new v4 driver model used in Windows 8 declares print jobs
intended to bypass the XPS processing layer by setting datatype to
"XPS_PASS" instead of "RAW".
Jeremy Allison [Tue, 8 Oct 2013 22:01:38 +0000 (15:01 -0700)]
Fix bug #10187 - Missing talloc_free can leak stackframe in error path.
Fix error path.
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Wed Oct 9 03:50:56 CEST 2013 on sn-devel-104
(cherry picked from commit 63f370bdbad94d6aba7a4783d4238fcfc524b055)
Jeremy Allison [Thu, 31 Oct 2013 20:48:42 +0000 (13:48 -0700)]
Fix bug #10229 - No access check verification on stream files.
https://bugzilla.samba.org/show_bug.cgi?id=10229
We need to check if the requested access mask
could be used to open the underlying file (if
it existed), as we're passing in zero for the
access mask to the base filename.
Signed-off-by: Jeremy Allison <jra@samba.org>
Fix Bug #10235 - CVE-2013-4475: No access check verification on stream files.
https://bugzilla.samba.org/show_bug.cgi?id=10235
s3:libnet increase timeout for machine password change
DCs might run password filter modules that can delay the setting of
the machine password for a significant amount of time
use the same timeout as in the other paths of domain join
(e.g. rpccli_netlogon_set_trust_password)
Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 9755541ed156d71df98607375ee3b925266c3c74)
s3-serverid: call serverid_init_readonly() from commandline tools.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
The last 4 patches are follow-up patches for bug #10127 - smbstatus stopped
working as non-root user.
(cherry picked from commit 037f9ead5fc490e7e463671b76e8e8474a8728f5)
s3-sessionid: use sessionid_init_readonly() from cmdline tools.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
The last 3 patches address bug #10127 - smbstatus stopped working as non-root
user.
(cherry picked from commit 5978eab3cdbbc8971ed7f0fd9f0aadb02c98aba7)
Jeremy Allison [Tue, 3 Sep 2013 21:07:43 +0000 (14:07 -0700)]
Optimization. Don't do the retry logic if sitename_fetch() returned NULL, we already did a NULL query.
Bug 5917 - Samba does not work on site with Read Only Domain Controller
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Sep 4 01:19:05 CEST 2013 on sn-devel-104
Volker Lendecke [Mon, 26 Aug 2013 08:36:14 +0000 (08:36 +0000)]
smbd: Use #defines in smb2_getinfo_send
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Tue Aug 27 15:08:08 CEST 2013 on sn-devel-104
Volker Lendecke [Wed, 28 Aug 2013 22:42:22 +0000 (15:42 -0700)]
smbd: Simplify dropbox special case in unix_convert
EACCESS needs special treatment: If we want to create a fresh file,
return OBJECT_PATH_NOT_FOUND, so that the client will continue creating
the file. If the client wants us to open a potentially existing file,
we need to correctly return ACCESS_DENIED.
This patch makes this behaviour hopefully a bit clearer than the code
before did.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
The last 2 patches address bug #10114 - Dropbox (write-only-directory) case
isn't handled correctly in pathname lookup.
(cherry picked from commit 0150086d44e90351634a68aced1e44ad076a693c)
Volker Lendecke [Wed, 28 Aug 2013 22:39:41 +0000 (15:39 -0700)]
smbd: Fix a profile problem
When trying to read a profile, under certain circumstances Windows tries
to read with its machine account first. The profile previously written
was stored with an ACL that only allows access for the user and not
the machine. Windows should get an NT_STATUS_ACCESS_DENIED when using
the machine account, making it retry with the user account (which would
then succeed).
Samba under these circumstances erroneously gives
NT_STATUS_OBJECT_PATH_NOT_FOUND, which makes Windows give up and not
retry. The reasons is the "dropbox" patch in unix_convert, turning EACCESS
on the last path component to OBJECT_PATH_NOT_FOUND. This patch makes
the dropbox behaviour only kick in when we are creating a file. I think
this is an abstraction violation. unix_convert() should not have to know
about the create_disposition, but given that we have pathname resolution
separated from the core open code right now this is the best we can do.
Signed-off-by: Volker Lendecke <Volker.Lendecke@SerNet.DE> Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit b55072ccf8d801726aec49a925f5a69277a10494)
Günther Deschner [Mon, 12 Aug 2013 15:23:12 +0000 (17:23 +0200)]
s3-winbindd: fix fallback to ncacn_np in cm_connect_lsat().
Fallback to lsa named-pipe connection when tcp connection has failed twice (it
could be a trusted domain connection where we cannot setup a secure channel).
Signed-off-by: Günther Deschner <gd@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Tested-by: Christof Schmitt <christof.schmitt@us.ibm.com>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Aug 13 20:55:33 CEST 2013 on sn-devel-104
(cherry picked from commit 87adc2118677b7cabc3f3b476313b254856f5f9d)
Richard Sharpe [Mon, 19 Aug 2013 20:14:55 +0000 (13:14 -0700)]
Fix bug #10097 - MacOSX 10.9 will not follow path-based DFS referrals handed out by Samba.
Windows overloads the EA Length field in the DIRECTORY INFO leves of FIND FIRST/FIND NEXT.
This field indicates either the REPARSE_TAG if the file/folder has a reparse proint or
the EA Length if it has EAs, and is the fundamental reason you cannot have both on a
file or folder.
Signed-off-by: Richard Sharpe <rsharpe@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 3dd2f645a054b47d709a6b6f6968f86b9e916d49)
Karolin Seeger [Tue, 13 Aug 2013 09:04:50 +0000 (11:04 +0200)]
docs: Fix variable list in man vfs_crossrename.
The varlist entries need a paragraph, otherwise the list is broken and the list
entries end with ".RE".
Fix bug #10076 - varlist in man vfs_crossrename broken.
Signed-off-by: Karolin Seeger <kseeger@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Aug 20 04:19:42 CEST 2013 on sn-devel-104
(cherry picked from commit 1808316b1245290fd4a4aa87a801410899e4c1e3)
(cherry picked from commit db77fc0184eea3ee1a73111b84a2e1ad976ad612)
s3-libads: Print a message if no realm has been specified.
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Aug 5 12:24:44 CEST 2013 on sn-devel-104
The last 2 patches address bug #10073 - net ads join - segmentation fault in
create_local_private_krb5_conf_for_domain.
(cherry picked from commit 8d40163e7a25091bcdbe90d5c91bcec088b097d5)
Ralph Wuerthner [Wed, 31 Jul 2013 23:33:48 +0000 (16:33 -0700)]
Ensure gpfs kernel leases are wrapped in a become_root()/unbecome_root() pair.
Ensures correct lease owner for signal delivery.
Signed-off-by: Ralph Wuerthner <ralphw@de.ibm.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Simo Sorce <idra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Aug 1 03:57:11 CEST 2013 on sn-devel-104
Gregor Beck [Thu, 1 Aug 2013 12:16:24 +0000 (14:16 +0200)]
Fix bug 9678 - Windows 8 Roaming profiles fail
Windows 8 tries to set 'ATTRIBUTE_SECURITY_INFORMATION' on some
dirs. Ignoring it makes roaming profiles work again.
Just like w2k3 gracefully ignore all the other bits.
PIDL: fix parsing linemarkers in preprocessor output
When PIDL calls out to C preprocessor to expand IDL files
and parse the output, it filters out linemarkers and line control
information as described in http://gcc.gnu.org/onlinedocs/cpp/Preprocessor-Output.html
and http://gcc.gnu.org/onlinedocs/cpp/Line-Control.html#Line-Control
With gcc 4.8 stdc-predef.h is included automatically and linemarker for the
file has extended flags that PIDL couldn't parse ('system header that needs to
be extern "C" protected for C++')
Thanks to Jakub Jelinek <jakub@redhat.com> for explanation of the linemarker format.
Reviewed-by: David Disseldorp <ddiss@samba.org>
The last 2 patches address bug #9880 - Use of wrong RFC2307 primary group field.
(cherry picked from commit 006ba0cc73a3fe484452f594a25dd3bfee9b39fd)
Jeremy Allison [Tue, 9 Apr 2013 23:56:24 +0000 (16:56 -0700)]
Ensure we test the dirsort module in make test.
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Apr 11 21:17:21 CEST 2013 on sn-devel-104
The last 10 patches address bug #9777 - vfs_dirsort uses non-stackable calls,
dirfd(), malloc instead of talloc and doesn't cope with directories being
modified whilst reading.
(cherry picked from commit 1f601d14d0ee440126d7202924e5cf7af88f6ea3)
projects / thirdparty / samba.git / log
