Björn Jacke [Thu, 4 Aug 2011 14:25:08 +0000 (16:25 +0200)]
s3/swat: use strlcat instead of strncat to fix build on old Linux distros
SLES 9's glibc for example had weird macros where the use of strncat resulted
in the use of strcat which we don't allow.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Björn Jacke <bj@sernet.de>
Autobuild-Date: Thu Aug 4 17:50:24 CEST 2011 on sn-devel-104
(cherry picked from commit d3b4d75364210e2d2a4a1cd806f28b0021f22909)
s3:web/swat: use strtoll() instead of atoi/atol/atoll
This is more portable, as we have a strtoll replacement
in lib/replace.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Sat Aug 6 11:55:45 CEST 2011 on sn-devel-104
(cherry picked from commit a6be0820d09b3f3eabfbb5f4356add303aa8a494)
s3:nmbd_packets: return the used number of sockets in create_listen_fdset() (bug #8276)
Fix bug #7949 (DoS in Winbind and smbd with many file descriptors open)
(commit feb3fcd0fa4bda0967b881315595d7702f4d1752) changed the bahavior,
so that we skipped some sockets.
David Disseldorp [Wed, 16 Feb 2011 16:23:25 +0000 (17:23 +0100)]
s3: increase the log level for missing PIDs on SIGCHLD
Since the fix for bso#7836, the parent smbd is responsible for
maintaining an up-to-date printcap cache. It does this by forking a
child process to asynchronously fetch printcap data from CUPS.
When the child process exits after fetching all printcap data, the
parent smbd is sent SIGCHLD. This triggers smbd_sig_chld_handler() which
looks for the exited process PID on a "children" list.
Child smbd process PIDs are added to the "children" list to ensure
cleanup on unclean shutdown and log level change notification messages.
Printcap update process PIDs are not added to the list as they do not
maintain any state that requires cleanup, nor do they wait on tevent for
messages.
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Thu Feb 17 11:11:45 CET 2011 on sn-devel-104
(cherry picked from commit 9c12232f1ae36e00d04114ad73edd8ba3c2c6a5c)
There is currently a lot of duplicate code included for processing
responses to CUPS_GET_PRINTERS and CUPS_GET_CLASSES requests. This
change splits this code into a separate function.
David Disseldorp [Tue, 24 May 2011 09:46:25 +0000 (11:46 +0200)]
s3-printing: use printcap IDL for IPC
Use printcap IDL for marshalling and unmarshalling messages between cups
child and parent smbd processes. This simplifies the IPC and ensures
the parent is notified of cups errors encountered by the child.
David Disseldorp [Tue, 24 May 2011 09:34:59 +0000 (11:34 +0200)]
s3-printing: an empty cups printer list is treated as an error
cups_async_callback() is called to receive new printcap data from a
child process which requests the information from cupsd.
Newly received printcap information is stored in a temporary printcap
cache (tmp_pcap_cache). Once the child process closes the printcap IPC
file descriptor, the system printcap cache is replaced with the newly
populated tmp_pcap_cache, however this only occurs if tmp_pcap_cache is
non null (has at least one printer).
If the printcap cache is empty, which is the case when cups is not
exporting any printers, the printcap cache is not replaced resulting in
stale data.
David Disseldorp [Mon, 17 Jan 2011 15:09:32 +0000 (16:09 +0100)]
s3-printing: remove pcap_cache_loaded asserts
pcap_cache_loaded() assertions were added to the (re)load_printers()
functions, to ensure the caller had called pcap_cache_reload() prior to
reloading printer shares.
The problem is, pcap_cache_loaded() returns false if the the pcap_cache
contains no printer entries. i.e. pcap_cache_reload() has run but not
detected any printers.
Remove these assertions, correct call ordering is already enforced.
Signed-off-by: Günther Deschner <gd@samba.org>
The last 3 patches address bug #7836 (A newly added printer isn't visbile to
clients).
(cherry picked from commit da9b2d9d58193ed3da36c2f8ff1e41a1e743ba07)
Kai Blin [Tue, 12 Jul 2011 06:08:24 +0000 (08:08 +0200)]
s3 swat: Create random nonce in CGI mode
In CGI mode, we don't get access to the user's password, which would
reduce the hash used so far to parameters an attacker can easily guess.
To work around this, read the nonce from secrets.tdb or generate one if
it's not there.
Also populate the C_user field so we can use that for token creation.
Signed-off-by: Kai Blin <kai@samba.org>
The last 12 patches address bug #8290 (CSRF vulnerability in SWAT).
This addresses CVE-2011-2522 (Cross-Site Request Forgery in SWAT).
Kai Blin [Thu, 7 Jul 2011 08:03:33 +0000 (10:03 +0200)]
s3 swat: Fix possible XSS attack (bug #8289)
Nobuhiro Tsuji of NTT DATA SECURITY CORPORATION reported a possible XSS attack
against SWAT, the Samba Web Administration Tool. The attack uses reflection to
insert arbitrary content into the "change password" page.
This patch fixes the reflection issue by not printing user-specified content on
the website anymore.
Jeremy Allison [Sun, 27 Feb 2011 17:16:20 +0000 (18:16 +0100)]
Fix denial of service - memory corruption.
CVE-2011-0719
Fix bug #7949 (DoS in Winbind and smbd with many file descriptors open).
All current released versions of Samba are vulnerable to
a denial of service caused by memory corruption. Range
checks on file descriptors being used in the FD_SET macro
were not present allowing stack corruption. This can cause
the Samba code to crash or to loop attempting to select
on a bad file descriptor set.
A connection to a file share, or a local account is needed
to exploit this problem, either authenticated or unauthenticated
(guest connection).
Currently we do not believe this flaw is exploitable
beyond a crash or causing the code to loop, but on the
advice of our security reviewers we are releasing fixes
in case an exploit is discovered at a later date.
Volker Lendecke [Sun, 12 Dec 2010 17:55:06 +0000 (18:55 +0100)]
s3: Add an async smbsock_connect
This connects to 445 and after 5 milliseconds also to 139. It treats a netbios
session setup failure as equivalent as a TCP connect failure. So if 139 is
faster but fails the nb session setup, the 445 still has the chance to succeed.
(cherry picked from commit 35bbc2231760badaf0debc9f8f39ebdf00cfe8ad)
Volker Lendecke [Wed, 17 Nov 2010 15:56:28 +0000 (08:56 -0700)]
s3: Make winbind recover from a signing error
When winbind sees a signing error on the smb connection to a DC (for whatever
reason, our bug, network glitch, etc) it should recover properly. The "old"
code in clientgen.c just closed the socket in this case. This is the right
thing to do, this connection is spoiled anyway. The new, async code did not do
this so far, which led to the code in winbindd_cm.c not detect that we need to
reconnect.
Jeremy Allison [Tue, 27 Jul 2010 08:54:01 +0000 (01:54 -0700)]
Fix bug 7590 - offline login fails because winbind deletes cache on every startup.
Sync lib/tdb_validate.c with the change in current master.
Change tdb_validate_open() to always use O_RDWR instead of O_RDONLY,
as (from the bug report): "db_check() will always return failure for a read-only database.
Silently, without any log output, when _tdb_lockall() fails."
s3-winbind: Fix Bug #7568: Make sure cm_connect_lsa_tcp does not reset the secure channel.
This is an important fix as the following could and is happening:
* winbind authenticates a user via schannel secured netlogon samlogonex call,
current secure channel cred state is stored in winbind state, winbind
sucessfully decrypts session key from the info3
* winbind sets up a new schannel ncacn_ip_tcp lsa pipe (and thereby resets the
secure channel on the dc)
* subsequent samlogonex calls use the new secure channel creds on the dc to
encrypt info3 session key, while winbind tries to use old schannel creds for
decryption
projects / thirdparty / samba.git / log
