Karolin Seeger [Fri, 6 Dec 2013 19:19:23 +0000 (20:19 +0100)]
WHATSNEW: Add release notes for Samba 3.0.22.
Bug 10185 - CVE-2013-4408: DCERPC frag_len not checked
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10185
Bug 10306 - CVE-2012-6150: Fail authentication if user isn't member of *any*
require_membership_of specified groups
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10306
(BUG: https://bugzilla.samba.org/show_bug.cgi?id=10300)
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Noel Power [Wed, 16 Oct 2013 15:30:55 +0000 (16:30 +0100)]
CVE-2012-6150: Fail authentication for single group name which cannot be converted to sid
furthermore if more than one name is supplied and no sid is converted
then also fail.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10300
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10306
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
[ddiss@samba.org: fixed incorrect bugzilla tag I added to master commit]
Jeremy Allison [Tue, 19 Nov 2013 22:10:15 +0000 (14:10 -0800)]
CVE-2013-4408:s3:Ensure LookupRids() replies arrays are range checked.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185
Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Jeremy Allison [Tue, 19 Nov 2013 22:04:19 +0000 (14:04 -0800)]
CVE-2013-4408:s3:Ensure LookupNames replies arrays are range checked.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Jeremy Allison <jra@samba.org>
Jeremy Allison [Tue, 19 Nov 2013 21:53:32 +0000 (13:53 -0800)]
CVE-2013-4408:s3:Ensure LookupSids replies arrays are range checked.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Jeremy Allison <jra@samba.org>
Jeremy Allison [Tue, 22 Oct 2013 22:34:12 +0000 (15:34 -0700)]
CVE-2013-4408:s3:Ensure we always check call_id when validating an RPC reply.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Wed, 16 Oct 2013 12:17:49 +0000 (14:17 +0200)]
CVE-2013-4408:libcli/util: add some size verification to tstream_read_pdu_blob_done()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 16 Oct 2013 12:17:49 +0000 (14:17 +0200)]
CVE-2013-4408:s3:util_tsock: add some overflow detection to tstream_read_packet_done()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 16 Oct 2013 12:17:49 +0000 (14:17 +0200)]
CVE-2013-4408:async_sock: add some overflow detection to read_packet_handler()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Tue, 24 Sep 2013 03:03:40 +0000 (05:03 +0200)]
CVE-2013-4408:s4:dcerpc_sock: check for invalid frag_len within sock_complete_packet()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 25 Sep 2013 21:25:12 +0000 (23:25 +0200)]
CVE-2013-4408:s4:dcerpc_smb2: check for invalid frag_len in send_read_request_continue()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 25 Sep 2013 21:25:12 +0000 (23:25 +0200)]
CVE-2013-4408:s4:dcerpc_smb: check for invalid frag_len in send_read_request_continue()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 25 Sep 2013 21:25:12 +0000 (23:25 +0200)]
CVE-2013-4408:s4:dcerpc: check for invalid frag_len in ncacn_pull()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 25 Sep 2013 21:25:12 +0000 (23:25 +0200)]
CVE-2013-4408:s3:rpc_client: verify frag_len at least contains the header size
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 25 Sep 2013 21:25:12 +0000 (23:25 +0200)]
CVE-2013-4408:s3:rpc_client: check for invalid frag_len in dcerpc_pull_ncacn_packet()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Tue, 24 Sep 2013 03:03:40 +0000 (05:03 +0200)]
CVE-2013-4408:librpc: check for invalid frag_len within dcerpc_read_ncacn_packet_next_vector()
We should do this explicit instead of relying on
tstream_readv_pdu_ask_for_next_vector() to catch the overflow.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Tue, 24 Sep 2013 03:03:40 +0000 (05:03 +0200)]
CVE-2013-4408:librpc: check for invalid frag_len within dcerpc_read_ncacn_packet_done()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Karolin Seeger [Fri, 29 Nov 2013 08:55:15 +0000 (09:55 +0100)]
VERSION: Bump version up to 3.6.22.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
(cherry picked from commit
d57a4d130bcbf88b7f060439a33797be89353e29)
Karolin Seeger [Thu, 28 Nov 2013 09:40:40 +0000 (10:40 +0100)]
WHATSNEW: Add release notes for Samba 3.6.21.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
(cherry picked from commit
c458263e352328db49becec65157e9ec477bdacc)
Arvid Requate [Thu, 21 Nov 2013 11:35:20 +0000 (12:35 +0100)]
spoolss: accept XPS_PASS datatype used by Windows 8
The new v4 driver model used in Windows 8 declares print jobs
intended to bypass the XPS processing layer by setting datatype to
"XPS_PASS" instead of "RAW".
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10267
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
b2815b4c8c3e436a79fb7f07be285a417fd6e8cb)
(cherry picked from commit
4cfd6597bceeb0ef10d14bb7a48badd2264e85a6)
Jeremy Allison [Tue, 12 Nov 2013 20:17:26 +0000 (12:17 -0800)]
xattr: fix listing EAs on *BSD for non-root users
Thanks to Stefan Rompf for reporting.
This fixes bug #10247
Back-ported to 3.6.next from master commit
374b2cfde74e0c61f4b2da724b30d0e430596092
Signed-off-by: Bjoern Jacke <bj@sernet.de>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
d984e764073df34729e5410026d6fa618699126f)
Korobkin [Tue, 29 Oct 2013 10:25:12 +0000 (11:25 +0100)]
Fix bug #10118 - Samba is chatty about being unable to open a printer.
(cherry picked from commit
906db4fe8e6de2de67afa4655603e67d887c370b)
Volker Lendecke [Tue, 15 Oct 2013 08:23:10 +0000 (08:23 +0000)]
nsswitch: Fix short writes in winbind_write_sock
We set the socket to nonblocking and don't handle EAGAIN right. We do
a poll anyway, so wait for writability, which should fix this.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10195
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
c6909887c26d4e827633acd50b11cf08c6aee0f7)
Signed-off-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
3dfbea723553b268008063b280c808bb30951fdc)
Andreas Schneider [Thu, 10 Oct 2013 08:03:32 +0000 (10:03 +0200)]
s3-winbind: Send online/offline message of the domain to the parent.
https://bugzilla.samba.org/show_bug.cgi?id=10194
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Oct 11 13:37:56 CEST 2013 on sn-devel-104
(cherry picked from commit
275f6586c4d4547978c6ff2f04670b0d8f89fd4b)
(cherry picked from commit
80a5575849c903a3cb4a9bd74f029e5b7c293aa3)
Andreas Schneider [Thu, 10 Oct 2013 08:02:27 +0000 (10:02 +0200)]
s3-winbind: Register handlers for domain online/offline messages.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10194
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
fc5941622010843d823b5c245eccc68d1d3bce19)
(cherry picked from commit
920f8013ad5c57aaa941d5c7aea335726ed0bbae)
Andreas Schneider [Thu, 10 Oct 2013 08:01:40 +0000 (10:01 +0200)]
s3-winbind: Add functions for domain online/offline handling.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10194
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
447ec17a6bec814a2ac5cadb74dbef5789f07c52)
(cherry picked from commit
2d226b2717d0a30186636d17a8d890e1b7de8151)
Andreas Schneider [Thu, 10 Oct 2013 07:15:57 +0000 (09:15 +0200)]
idl: Add a new message for winbind domain states.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10194
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
1a884636542ba0e54c6d209662a5d1613d727a85)
(cherry picked from commit
272a22e2dba836f60a1f628206c14fe1a24f49c5)
Jeremy Allison [Tue, 8 Oct 2013 22:01:38 +0000 (15:01 -0700)]
Fix bug #10187 - Missing talloc_free can leak stackframe in error path.
Fix error path.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Wed Oct 9 03:50:56 CEST 2013 on sn-devel-104
(cherry picked from commit
63f370bdbad94d6aba7a4783d4238fcfc524b055)
Jeremy Allison [Thu, 12 Sep 2013 21:44:58 +0000 (14:44 -0700)]
Fix is_legal_name() to not emit character conversion error messages.
Using next_codepoint() does the same check, but without the conversion
message.
Signed-off-by: Jeremy Allison <jra@samba.org>
Fix bug #10139 - valid utf8 filenames cause "invalid conversion error" messages.
(cherry picked from commit
ee0ef2a5b4b06fdb723a5232f90212fda5e853d1)
Jeremy Allison [Thu, 26 Sep 2013 09:55:19 +0000 (02:55 -0700)]
s3: smb2 server - fix bug 10167 smb2 breaks "smb encryption = mandatory
Refuse an SMB2 tcon on a share wher eencryption is required.
SMB2 doesn't support this.
Signed-off-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
e00a2c90847b3c85f089b4f3c96ec6c66b949576)
Karolin Seeger [Mon, 11 Nov 2013 10:53:00 +0000 (11:53 +0100)]
VERSION: Bump version up to 3.6.21.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
(cherry picked from commit
c2287276eb6533586ca1eac8b445ac1f93bcee98)
Karolin Seeger [Thu, 7 Nov 2013 11:49:34 +0000 (12:49 +0100)]
WHATSNEW: Add release notes for Samba 3.6.20.
Bug 10235 - CVE-2013-4475: No access check verification on stream files.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Jeremy Allison [Thu, 31 Oct 2013 20:48:42 +0000 (13:48 -0700)]
Fix bug #10229 - No access check verification on stream files.
https://bugzilla.samba.org/show_bug.cgi?id=10229
We need to check if the requested access mask
could be used to open the underlying file (if
it existed), as we're passing in zero for the
access mask to the base filename.
Signed-off-by: Jeremy Allison <jra@samba.org>
Fix Bug #10235 - CVE-2013-4475: No access check verification on stream files.
https://bugzilla.samba.org/show_bug.cgi?id=10235
Karolin Seeger [Wed, 2 Oct 2013 07:18:08 +0000 (09:18 +0200)]
WHATSNEW: Start release notes for Samba 3.6.20.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
(cherry picked from commit
b63dbd748636adfe5c98050133b14c2b61396d11)
Karolin Seeger [Wed, 2 Oct 2013 07:12:42 +0000 (09:12 +0200)]
VERSION: Bump version up to 3.6.20.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
(cherry picked from commit
ca43d23fb64735f35c9865e306f82bd31d4730c9)
Karolin Seeger [Wed, 18 Sep 2013 08:40:16 +0000 (10:40 +0200)]
WHATSNEW: Prepare release notes for Samba 3.6.19.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
(cherry picked from commit
153fe1298a904b1225c60d8817118e71f05752da)
Christian Ambach [Tue, 5 Mar 2013 10:44:03 +0000 (11:44 +0100)]
s3:libnet increase timeout for machine password change
DCs might run password filter modules that can delay the setting of
the machine password for a significant amount of time
use the same timeout as in the other paths of domain join
(e.g. rpccli_netlogon_set_trust_password)
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
9755541ed156d71df98607375ee3b925266c3c74)
The last 2 patches address bug #8955 - NetrServerPasswordSet2 timeout is too
short.
(cherry picked from commit
d1bf6e401a41172a47684518b9836899844fdefd)
Volker Lendecke [Fri, 22 Jun 2012 12:26:45 +0000 (14:26 +0200)]
s3: Give machine password changes 10 minutes of time
This is what we do at domain join time as well, see
lib/netapi/joindomain.c:141
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
b9a15f1bfad30a824f9ec87bc9f7c65adf50dae0)
(cherry picked from commit
a43c682553e5a731f9fbca8649ba042ae2bb5eba)
Günther Deschner [Fri, 6 Sep 2013 16:08:45 +0000 (18:08 +0200)]
s3-serverid: call serverid_init_readonly() from commandline tools.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
The last 4 patches are follow-up patches for bug #10127 - smbstatus stopped
working as non-root user.
(cherry picked from commit
037f9ead5fc490e7e463671b76e8e8474a8728f5)
Günther Deschner [Fri, 6 Sep 2013 15:44:49 +0000 (17:44 +0200)]
s3-serverid: add a readonly variant of the serverid init code.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
11d5d3d49ecec0d2ae924ff843e97cc39fa64a16)
Günther Deschner [Fri, 6 Sep 2013 15:43:50 +0000 (17:43 +0200)]
s3-serverid: restructure serverid initialization.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
ec1948d3a6adec3dd659abc8ab9c49a334c1e6a7)
Günther Deschner [Fri, 6 Sep 2013 16:08:23 +0000 (18:08 +0200)]
s3-sessionid: move sessionid init call to the only function where it is needed.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
4b8b385042ace68c4ec59fea81bf8b284b34c356)
Günther Deschner [Wed, 4 Sep 2013 14:57:17 +0000 (16:57 +0200)]
s3-sessionid: use sessionid_init_readonly() from cmdline tools.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
The last 3 patches address bug #10127 - smbstatus stopped working as non-root
user.
(cherry picked from commit
5978eab3cdbbc8971ed7f0fd9f0aadb02c98aba7)
Günther Deschner [Wed, 4 Sep 2013 14:55:11 +0000 (16:55 +0200)]
s3-sessionid: change session_db_ctx() to always return the session_id_ctx pointer.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
d1352013bb694a30480282e398e29238470b0768)
Günther Deschner [Wed, 4 Sep 2013 14:45:32 +0000 (16:45 +0200)]
s3-sessionid: make sure to call sessionid_init() also from the cmdline tools.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
039171a9d1fc72de39ee8aa51830a37221988859)
Jeremy Allison [Tue, 3 Sep 2013 21:07:43 +0000 (14:07 -0700)]
Optimization. Don't do the retry logic if sitename_fetch() returned NULL, we already did a NULL query.
Bug 5917 - Samba does not work on site with Read Only Domain Controller
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Sep 4 01:19:05 CEST 2013 on sn-devel-104
(cherry picked from commit
bdab6f9431715fbfd28f8cc0dfb4dde2966f22f3)
(cherry picked from commit
66b9ebd961efe91b87156abf1bb5e1b8f2b87c38)
Jeremy Allison [Tue, 3 Sep 2013 19:20:52 +0000 (12:20 -0700)]
Move the retry logic when site_name is passed in a NULL or "" to the wrapper function.
Bug 5917 - Samba does not work on site with Read Only Domain Controller
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Richard Sharpe <rsharpe@samba.org>
(cherry picked from commit
68e7b1c9446c7d1274b0fb85b59b90ac1a7f6041)
(cherry picked from commit
f3d767ac0f6e3b07abf5672ae488ae57bc557677)
Jeremy Allison [Tue, 3 Sep 2013 19:08:46 +0000 (12:08 -0700)]
Move the manipulation of site_name into the caller function dsgetdcname().
Leave dsgetdcname_internal() only using const char *site_name.
Bug 5917 - Samba does not work on site with Read Only Domain Controller
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Richard Sharpe <rsharpe@samba.org>
(cherry picked from commit
181c11066bd53b07015a199f56eb71182e89ff71)
(cherry picked from commit
c968f9cb46b44a4d1b257a89381898d16086ae26)
Jeremy Allison [Tue, 3 Sep 2013 19:04:37 +0000 (12:04 -0700)]
Refactor dsgetdcname to be called via a wrapper function.
Bug 5917 - Samba does not work on site with Read Only Domain Controller
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Richard Sharpe <rsharpe@samba.org>
(cherry picked from commit
66006be7ef703b2935334633d27641050cee5f58)
(cherry picked from commit
ac4ce44d787f448e8dce7b2eca558cecdc75499e)
Jeremy Allison [Tue, 3 Sep 2013 19:13:45 +0000 (12:13 -0700)]
dsgetdcname_cache_fetch() doesn't use the site_name parameter so don't pass it.
Bug 5917 - Samba does not work on site with Read Only Domain Controller
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Richard Sharpe <rsharpe@samba.org>
(cherry picked from commit
dd12bfbcbf359c1642cc2e968aec62ae904aad5d)
(cherry picked from commit
deac844f4ec4bca559285744e8c6ba924c8f492a)
Volker Lendecke [Tue, 27 Aug 2013 09:40:19 +0000 (09:40 +0000)]
smbd: Correctly return INFO_LENGTH_MISMATCH for smb1
This is required if the client offered less buffer than the fixed portion
of the info level data requires
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10106
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
1b1935b876a14154ef74e447bf53eb7cd0a5dde9)
(cherry picked from commit
41a7d66a399c3e1ad999dce5d14570d60c4d53d2)
Volker Lendecke [Tue, 27 Aug 2013 09:39:17 +0000 (09:39 +0000)]
smbd: Fix error return for STREAM_INFO
The stream_info marshalling follows its own rules. This needs unifying
eventually...
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10106
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
5634f240fd4273cb7327111140ccbea0fd41e3fc)
(cherry picked from commit
a63ca3ed840ca4ab19b4b4bd9238b663228ac2a6)
Volker Lendecke [Tue, 27 Aug 2013 09:38:29 +0000 (09:38 +0000)]
smbd: Revert
a93f9c3
This was too broad and has been replaced by finer-grained error checks
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10106
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
b37edda32930fec372d6467d442f67532c3fbd33)
(cherry picked from commit
c8e72447345bb5b737e8383cba069098f387de0a)
Volker Lendecke [Tue, 27 Aug 2013 09:37:34 +0000 (09:37 +0000)]
smbd: Correctly return BUFFER_OVERFLOW in smb2_getinfo
Also, don't overflow the client buffer
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10106
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
40f60024ca19e33cbbe9825b42692f386a8f1dd9)
(cherry picked from commit
f5dfa2ac931d52b4517f4e5e07cf9730e6939967)
Volker Lendecke [Tue, 27 Aug 2013 09:36:03 +0000 (09:36 +0000)]
smbd: Correctly return INFO_LENGTH_MISMATCH in smb2_getinfo
We have to return this error if the client offered less than the fixed
portion of the infolevel data requires
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10106
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
91939614760837b2ac2c6bb8b5daac108a4f4670)
(cherry picked from commit
9818b31167531f41cbf08fccf89d60ca128c3d4d)
Volker Lendecke [Tue, 27 Aug 2013 09:06:27 +0000 (09:06 +0000)]
smbd: qfsinfo has fixed/variable buffers
The error message will have to change depending whether the buffer is
too small for the fixed or variable buffers
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10106
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
ac41df91a5a425633fc716ca02187e753879d795)
(cherry picked from commit
a3d041438f2f0fde9644ec27b89f19ded3146f50)
Volker Lendecke [Tue, 27 Aug 2013 09:06:27 +0000 (09:06 +0000)]
smbd: qfilepathinfo has fixed/variable buffers
The error message will have to change depending whether the buffer is
too small for the fixed or variable buffers
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10106
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
53123996033594f68a3fc9037474aada3aef0750)
(cherry picked from commit
d0f6c38f9638173b34e1a174b8811df83e045f5c)
Volker Lendecke [Mon, 26 Aug 2013 08:36:14 +0000 (08:36 +0000)]
smbd: Use #defines in smb2_getinfo_send
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Tue Aug 27 15:08:08 CEST 2013 on sn-devel-104
(cherry picked from commit
323cccd35d06c7327c19dc5cb891043507624d7d)
(cherry picked from commit
5efd0ca590670a142631db1c2133450a1020ba60)
Ralph Wuerthner [Wed, 10 Jul 2013 14:43:39 +0000 (16:43 +0200)]
s3:smbd: allow info class SMB_QUERY_FS_ATTRIBUTE_INFO to return partial data
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <Volker.Lendecke@SerNet.DE>
(cherry picked from commit
270d29a743a030653037cb176f3764bec3c79b6c)
(cherry picked from commit
65d4f0b5125ebea659d0277916bb74db2c3b9cc0)
Ralph Wuerthner [Wed, 10 Jul 2013 13:52:06 +0000 (15:52 +0200)]
s3:smbd: allow info class SMB_QUERY_FS_VOLUME_INFO to return partial data
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <Volker.Lendecke@SerNet.DE>
(cherry picked from commit
ec46f6b91941e38dd92f8e0fb0f278592e3157b6)
(cherry picked from commit
84eabf7b012fba624e900f2cc0294f2f1c598a46)
Ralph Wuerthner [Fri, 5 Jul 2013 09:32:27 +0000 (11:32 +0200)]
s3:smbd: allow status code in smbd_do_qfsinfo() to be set by information class handler
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <Volker.Lendecke@SerNet.DE>
(cherry picked from commit
616777f029e462f53c5118d79de8c6405a5fb7c1)
(cherry picked from commit
a410c51fca3644ebf7a32512dc1075a23bfc8d38)
Ralph Wuerthner [Fri, 5 Jul 2013 09:03:16 +0000 (11:03 +0200)]
s3:smbd: allow GetInfo responses with STATUS_BUFFER_OVERFLOW to return partial, but valid data
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <Volker.Lendecke@SerNet.DE>
(cherry picked from commit
a91d2b05bab329a8a9772c2c79a3b1e02933182e)
(cherry picked from commit
331a0e8e85727724466d7a795435b8eca36b3e17)
Ralph Wuerthner [Wed, 10 Jul 2013 06:59:58 +0000 (08:59 +0200)]
s3:smbd: return NT_STATUS_INFO_LENGTH_MISMATCH for GetInfo in case output_buffer_length is too small
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <Volker.Lendecke@SerNet.DE>
(cherry picked from commit
a93f9c3d33e442c84d0c9da7eb5d25ca4b54fc33)
(cherry picked from commit
f351fbe1fc9236ddbf52afecf872cdf7e53cae85)
Volker Lendecke [Wed, 28 Aug 2013 22:42:22 +0000 (15:42 -0700)]
smbd: Simplify dropbox special case in unix_convert
EACCESS needs special treatment: If we want to create a fresh file,
return OBJECT_PATH_NOT_FOUND, so that the client will continue creating
the file. If the client wants us to open a potentially existing file,
we need to correctly return ACCESS_DENIED.
This patch makes this behaviour hopefully a bit clearer than the code
before did.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
The last 2 patches address bug #10114 - Dropbox (write-only-directory) case
isn't handled correctly in pathname lookup.
(cherry picked from commit
0150086d44e90351634a68aced1e44ad076a693c)
Volker Lendecke [Wed, 28 Aug 2013 22:39:41 +0000 (15:39 -0700)]
smbd: Fix a profile problem
When trying to read a profile, under certain circumstances Windows tries
to read with its machine account first. The profile previously written
was stored with an ACL that only allows access for the user and not
the machine. Windows should get an NT_STATUS_ACCESS_DENIED when using
the machine account, making it retry with the user account (which would
then succeed).
Samba under these circumstances erroneously gives
NT_STATUS_OBJECT_PATH_NOT_FOUND, which makes Windows give up and not
retry. The reasons is the "dropbox" patch in unix_convert, turning EACCESS
on the last path component to OBJECT_PATH_NOT_FOUND. This patch makes
the dropbox behaviour only kick in when we are creating a file. I think
this is an abstraction violation. unix_convert() should not have to know
about the create_disposition, but given that we have pathname resolution
separated from the core open code right now this is the best we can do.
Signed-off-by: Volker Lendecke <Volker.Lendecke@SerNet.DE>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
b55072ccf8d801726aec49a925f5a69277a10494)
Günther Deschner [Mon, 12 Aug 2013 15:23:12 +0000 (17:23 +0200)]
s3-winbindd: fix fallback to ncacn_np in cm_connect_lsat().
Fallback to lsa named-pipe connection when tcp connection has failed twice (it
could be a trusted domain connection where we cannot setup a secure channel).
Guenther
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9615
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9899
Signed-off-by: Günther Deschner <gd@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Tested-by: Christof Schmitt <christof.schmitt@us.ibm.com>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Aug 13 20:55:33 CEST 2013 on sn-devel-104
(cherry picked from commit
87adc2118677b7cabc3f3b476313b254856f5f9d)
Richard Sharpe [Mon, 19 Aug 2013 20:14:55 +0000 (13:14 -0700)]
Fix bug #10097 - MacOSX 10.9 will not follow path-based DFS referrals handed out by Samba.
Windows overloads the EA Length field in the DIRECTORY INFO leves of FIND FIRST/FIND NEXT.
This field indicates either the REPARSE_TAG if the file/folder has a reparse proint or
the EA Length if it has EAs, and is the fundamental reason you cannot have both on a
file or folder.
Signed-off-by: Richard Sharpe <rsharpe@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
3dd2f645a054b47d709a6b6f6968f86b9e916d49)
Karolin Seeger [Tue, 13 Aug 2013 09:04:50 +0000 (11:04 +0200)]
docs: Fix variable list in man vfs_crossrename.
The varlist entries need a paragraph, otherwise the list is broken and the list
entries end with ".RE".
Fix bug #10076 - varlist in man vfs_crossrename broken.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Aug 20 04:19:42 CEST 2013 on sn-devel-104
(cherry picked from commit
1808316b1245290fd4a4aa87a801410899e4c1e3)
(cherry picked from commit
db77fc0184eea3ee1a73111b84a2e1ad976ad612)
Andreas Schneider [Mon, 5 Aug 2013 07:25:11 +0000 (09:25 +0200)]
s3-libads: Print a message if no realm has been specified.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Aug 5 12:24:44 CEST 2013 on sn-devel-104
(cherry picked from commit
6659f0164c6b8d7ad522bcd6c2c6748c3d9bca81)
The last 2 patches address bug #10073 - net ads join - segmentation fault in
create_local_private_krb5_conf_for_domain.
(cherry picked from commit
8d40163e7a25091bcdbe90d5c91bcec088b097d5)
Günther Deschner [Fri, 17 May 2013 13:14:35 +0000 (15:14 +0200)]
s3-libads: Fail create_local_private_krb5_conf_for_domain() if parameters missing.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
6dc7c63efa95d0c04b542667d9b6a6621c8139bf)
(cherry picked from commit
c472ffab2854537b9e5d6238e68c04bfe2bd5e69)
Andreas Schneider [Thu, 11 Jul 2013 11:44:53 +0000 (13:44 +0200)]
s3-winbind: Do not delete an existing valid credential cache.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9994
Thanks to David Woodhouse <dwmw2@infradead.org>.
Reviewed-by: Günther Deschner <gd@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Jul 15 12:48:46 CEST 2013 on sn-devel-104
(cherry picked from commit
0529b59fbe3f96509893fc4e93a75d6928b5a532)
(cherry picked from commit
64732d3d317be8bb3b3579455ce3b3d5c81b6ad8)
Karolin Seeger [Wed, 14 Aug 2013 07:56:58 +0000 (09:56 +0200)]
WHATWNEW: Start release notes for Samba 3.6.19.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
(cherry picked from commit
f14cd4118cc8e27bbc58ab5f815d0ae8d882bec5)
Karolin Seeger [Wed, 14 Aug 2013 07:52:57 +0000 (09:52 +0200)]
VERSION: Bump version up to 3.6.19.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
(cherry picked from commit
bfdf8da16d02f5a8b1e34c61f07280fa39bafc4c)
Karolin Seeger [Mon, 12 Aug 2013 07:20:38 +0000 (09:20 +0200)]
WHATSNEW: Prepare release notes for Samba 3.6.18.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
(cherry picked from commit
3a8cab366ce6ce0f2a32a6df2f6f8fcf549a9dd3)
Ralph Wuerthner [Wed, 31 Jul 2013 23:33:48 +0000 (16:33 -0700)]
Ensure gpfs kernel leases are wrapped in a become_root()/unbecome_root() pair.
Ensures correct lease owner for signal delivery.
Signed-off-by: Ralph Wuerthner <ralphw@de.ibm.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Simo Sorce <idra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Aug 1 03:57:11 CEST 2013 on sn-devel-104
The last 2 patches address bug #10064 - Linux kernel oplock breaks can miss
signals.
(cherry picked from commit
9ef80fcff6e0d03e30bd675cd7ebfc88608e81d6)
Jeremy Allison [Wed, 31 Jul 2013 23:32:20 +0000 (16:32 -0700)]
Wrap setting leases in become_root()/unbecome_root() to ensure correct delivery of signals.
Remove workaround for Linux kernel bug https://bugzilla.kernel.org/show_bug.cgi?id=43336
as we don't need to set capabilities when we're already root.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Simo Sorce <idra@samba.org>
(cherry picked from commit
363025491d97171e130a7b8dd03296b9559799a0)
Gregor Beck [Thu, 1 Aug 2013 12:16:24 +0000 (14:16 +0200)]
Fix bug 9678 - Windows 8 Roaming profiles fail
Windows 8 tries to set 'ATTRIBUTE_SECURITY_INFORMATION' on some
dirs. Ignoring it makes roaming profiles work again.
Just like w2k3 gracefully ignore all the other bits.
Signed-off-by: Gregor Beck <gbeck@sernet.de>
(cherry picked from commit
b085c39d9e39d305b715fd73c267eff0fc5fd4c4)
Gregor Beck [Wed, 31 Jul 2013 13:28:51 +0000 (15:28 +0200)]
security.idl: add new security_secinfo bits
[MS-DTYP].pdf 2.4.7
Signed-off-by: Gregor Beck <gbeck@sernet.de>
(cherry picked from commit
326ebbdaca4d13fa498779f960a202955531576b)
Björn Jacke [Wed, 20 Feb 2013 18:57:24 +0000 (19:57 +0100)]
build:autoconf: fix output of syslog-facility check
thanks to Thomas Bork for reporting!
Signed-off-by: Bjoern Jacke <bj@sernet.de>
Fix bug #9983 - configure and syslog facility and disk-quotas support.
(cherry picked from commit
dbb52ee98b84659386d70f0e75b0fa93fada1a97)
Alexander Bokovoy [Wed, 6 Feb 2013 08:17:57 +0000 (10:17 +0200)]
PIDL: fix parsing linemarkers in preprocessor output
When PIDL calls out to C preprocessor to expand IDL files
and parse the output, it filters out linemarkers and line control
information as described in http://gcc.gnu.org/onlinedocs/cpp/Preprocessor-Output.html
and http://gcc.gnu.org/onlinedocs/cpp/Line-Control.html#Line-Control
With gcc 4.8 stdc-predef.h is included automatically and linemarker for the
file has extended flags that PIDL couldn't parse ('system header that needs to
be extern "C" protected for C++')
Thanks to Jakub Jelinek <jakub@redhat.com> for explanation of the linemarker format.
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=906517
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
6ba7ab5c14801aecae96373d5a9db7ab82957526)
Signed-off-by: Andreas Schneider <asn@samba.org>
Fix bug #9636 - pidl can't parse new linemarkers in preprocessor output.
(cherry picked from commit
643571470f2e4cd2f58bd60ac7189abb826d33cc)
(cherry picked from commit
b5a8afd6550e9091d169d3010751913bb483fc4b)
Michael Adam [Fri, 14 Oct 2011 12:05:09 +0000 (14:05 +0200)]
libreplace: add a missing "eval" to the AC_VERIFY_C_PROTOTYPE macro
Without this eval, upon test success the corresponding actions
(like defining corresponding variables) are not taken.
Found by Timur I. Bakeyev, and based on his patch for 3.5.
(cherry picked from commit
0ef506d4f31d206c300e4f3f326edac2b60bdc15)
(cherry picked from commit
e98d3b7648fe298f03e408ab91b8b53904bab8ca)
Björn Jacke [Wed, 15 May 2013 13:52:25 +0000 (15:52 +0200)]
docs: mention AD prerequirements for using idmap_ad
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
c3057f69a274f0d8e0e66183bd5e8be7703b6750)
Reviewed-by: David Disseldorp <ddiss@samba.org>
The last 2 patches address bug #9880 - Use of wrong RFC2307 primary group field.
(cherry picked from commit
006ba0cc73a3fe484452f594a25dd3bfee9b39fd)
Björn Jacke [Tue, 14 May 2013 14:51:28 +0000 (16:51 +0200)]
winbind/idmap_ad: be verbose about the user that we fail to map
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
f08205be7003f6c0a15fd5fd99d01951164ad15c)
Reviewed-by: David Disseldorp <ddiss@samba.org>
(cherry picked from commit
17794737fedf095212cf45920dd1e29b5a1a9fa0)
Jeremy Allison [Tue, 9 Apr 2013 23:56:24 +0000 (16:56 -0700)]
Ensure we test the dirsort module in make test.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Apr 11 21:17:21 CEST 2013 on sn-devel-104
The last 10 patches address bug #9777 - vfs_dirsort uses non-stackable calls,
dirfd(), malloc instead of talloc and doesn't cope with directories being
modified whilst reading.
(cherry picked from commit
1f601d14d0ee440126d7202924e5cf7af88f6ea3)
Jeremy Allison [Tue, 9 Apr 2013 18:02:58 +0000 (11:02 -0700)]
Remove unneeded initializations (we already talloc_zero).
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
8a1ec80ee233405f2f484c31a8d6e4b2702678e0)
Jeremy Allison [Tue, 9 Apr 2013 17:50:55 +0000 (10:50 -0700)]
Remove the use of dirfd inside the vfs_dirsort.c.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
ffc2d250d2d0fd59a1524e15c4be5cf53d5b0135)
Jeremy Allison [Tue, 9 Apr 2013 17:43:53 +0000 (10:43 -0700)]
Convert mtime from a time_t to a struct timespec.
In preparation for removing the dirfd and using fsp_stat()
and VFS_STAT functions.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
8a761c7806fddd0faa919f343a079f8d4f343316)
Jeremy Allison [Tue, 9 Apr 2013 17:38:24 +0000 (10:38 -0700)]
Check SMB_VFS_NEXT_OPENDIR return in dirsort_opendir().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
052f74c2122301a3be19ab84ee4551f3259a3ee5)
Jeremy Allison [Tue, 9 Apr 2013 17:29:47 +0000 (10:29 -0700)]
Clean error paths in opendir and fd_opendir by only setting handle data on success.
Pass extra struct dirsort_privates * to open_and_sort_dir() function
to avoid it having to re-read the handle data.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
a2da5a78c48e9be6ec2ecad99ddd23d4773b2267)
Jeremy Allison [Mon, 8 Apr 2013 23:40:35 +0000 (16:40 -0700)]
Protect open_and_sort_dir() from the directory changing size.
Otherwise there could be an error between initial count, allocation
and re-read.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
582d8ca565ad12133a4319650e886f58246b3bd9)
Jeremy Allison [Mon, 8 Apr 2013 23:38:03 +0000 (16:38 -0700)]
Use an index i rather than re-using a state variable.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
f81822166d8d41c6c3ee6f17924ebe87e4303211)
Jeremy Allison [Mon, 8 Apr 2013 23:31:53 +0000 (16:31 -0700)]
Protect against early error in SMB_VFS_NEXT_READDIR.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
f34063ed9cd3d6a4542c39ad576c6ecc807878e8)
Jeremy Allison [Mon, 8 Apr 2013 22:11:28 +0000 (15:11 -0700)]
Change source3/modules/vfs_dirsort.c from MALLOC -> TALLOC.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
e2118fd251ac64f47a9ee4ea18a441ae1941fe4e)
Karolin Seeger [Mon, 5 Aug 2013 10:46:58 +0000 (12:46 +0200)]
WHATSNEW: Start release notes for Samba 3.6.18.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
(cherry picked from commit
cb48b067251c3a523b1bdc10bf4b3ff4fc8b104f)
Karolin Seeger [Mon, 5 Aug 2013 10:44:46 +0000 (12:44 +0200)]
VERSION: Bump version number up to 3.6.18.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
(cherry picked from commit
dda0d8da02a41be149af5b66e6b77dae2fd6f227)
Karolin Seeger [Mon, 29 Jul 2013 18:55:18 +0000 (20:55 +0200)]
WHATSNEW: Add release notes for Samba 3.6.17.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Jeremy Allison [Thu, 11 Jul 2013 00:10:17 +0000 (17:10 -0700)]
Fix bug #10010 - Missing integer wrap protection in EA list reading can cause server to loop with DOS.
Ensure we never wrap whilst adding client provided input.
CVE-2013-4124
Signed-off-by: Jeremy Allison <jra@samba.org>
Karolin Seeger [Wed, 19 Jun 2013 08:53:41 +0000 (10:53 +0200)]
WHATSNEW: Start release notes for Samba 3.6.17.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
(cherry picked from commit
1e064e91759b541bfee81c9f0df9392d12ba9e84)
Karolin Seeger [Wed, 19 Jun 2013 08:47:13 +0000 (10:47 +0200)]
VERSION: Bump version number up to 3.6.17.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
(cherry picked from commit
35c13477545df38c279ba83eeba5fe3273bdf41f)
Karolin Seeger [Wed, 19 Jun 2013 07:33:11 +0000 (09:33 +0200)]
WHATSNEW: Add another fix since 3.6.15.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
(cherry picked from commit
c81635ab7a6f2d6ed68cba92809053ea036dae76)
git.samba.org / samba.git / log