Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11077
CVE-2015-0240: talloc free on uninitialized stack pointer in netlogon server
could lead to security vulnerability.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11077
CVE-2015-0240: talloc free on uninitialized stack pointer in netlogon server
could lead to security vulnerability.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
|
|
This is an additional patch for CVE-2015-0240.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11077#c32
Pair-Programmed-With: Michael Adam <obnox@samba.org>
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
|
|
uninitialized pointer.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11077
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Karolin Seeger <kseeger@samba.org>
|
|
Signed-off-by: Karolin Seeger <kseeger@samba.org>
(cherry picked from commit c4e46cd4e32ef5bf25f3a21f74bb40dfb1dd3c0d)
|
|
Signed-off-by: Karolin Seeger <kseeger@samba.org>
|
|
Signed-off-by: Karolin Seeger <kseeger@samba.org>
|
|
changes to userAccountControl
This requires an additional control to be used in the
LSA server to add domain trust account objects.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10993
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
|
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10993
Change-Id: If6bc90305a1e9a5a92562a01ba7e44330de91cc1
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
|
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10993
Change-Id: I36ad5ebc5d8a4811c41b59af90a3add4ae5fd857
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
|
This helps us keep things safe in LDB where we put this in a opaque pointer.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10993
Andrew Bartlett
Change-Id: I46fe53ba655ca0810c276b72fbca524884cdf22d
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
|
and re-enable git snapshots.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
(cherry picked from commit 9f52de75088380915835e815217bdcd0afa8dc85)
|
|
Signed-off-by: Karolin Seeger <kseeger@samba.org>
|
|
Signed-off-by: Karolin Seeger <kseeger@samba.org>
|
|
Bug: https://bugzilla.samba.org/show_bug.cgi?id=9299
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(similar to commit 575b093dac3c509b1bfaab0b4ad29b9b4214e487)
Autobuild-User(v4-1-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-1-test): Sun Jan 11 16:15:06 CET 2015 on sn-devel-104
|
|
This library is always available in make test.
nss-wrapper strictly requires the linux nss api.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=9299
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(similar to commit 4eb24fa545234be506eb1330ccbbfd5c2b9e0d82)
|
|
Bug: https://bugzilla.samba.org/show_bug.cgi?id=9299
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(similar to commit 82e583b04b04e560c121163850d70c52d2fce78d)
|
|
Trying to establish a netlogon connection when the service ticket
expires might fail with NT_STATUS_NETWORK_SESSION_EXPIRED. The
underlying client code already marks the session as invalid, so retry
the netlogon connect in this case.
Signed-off-by: Christof Schmit <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jan 6 02:58:57 CET 2015 on sn-devel-104
(cherry picked from commit a2670f15dea27c10e3827216adf572f9c3894f85)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11034
|
|
When the underlying session expires, the LogonControl RPC call used in
ping-dc returns NT_STATUS_IO_DEVICE_ERROR. Retry once in this case,
instead of returning the error to the caller.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Dec 23 02:46:34 CET 2014 on sn-devel-104
(cherry picked from commit 2fdc55160309cec89aeb88243cb18d058c67e918)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11034
|
|
Change-Id: I6968b25c67587296b928b2193a9d48093c69c01a
Signed-off-by: Matthieu Patou <mat@matws.net>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 1ac96a416d7d6db2476f56129166fd9e018e7306)
The last 6 patches address
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11006
'domain join' fails - 'drsuapi.DsBindInfoFallBack' has no attribute
'supported_extensions'.
|
|
Signed-off-by: Samuel Cabrero <scabrero@zentyal.com>
Reviewed-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Kamen Mazdrashki <kamenim@samba.org>
(cherry picked from commit d747372d28273542298f86530e715e8faaf907f2)
|
|
wire both in NDR32 and NDR64.
Previous implementation had a problem with NDR64 with uint32 and
uint3264 being in the wrong order
Signed-off-by: Matthieu Patou <mat@matws.net>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Oct 30 10:16:02 CET 2013 on sn-devel-104
(cherry picked from commit 8dc931bafca00c1c61a4366ffb6cfa72a98bb412)
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 1e2e421632c275f8cf7529935f72ef3639ddea14)
|
|
union's switch drsuapi_DsGetDCInfoCtrLevels
Signed-off-by: Matthieu Patou <mat@matws.net>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 568bf16dfadb4bd3003ed18b19098a3d1473f2fe)
|
|
This matches the IDL from [MS-DRSR].
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Matthieu Patou <mat@matws.net>
(cherry picked from commit 51d8eba8417c58c2ade30d58a838441008209542)
|
|
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10958
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Dec 12 23:11:40 CET 2014 on sn-devel-104
(cherry picked from commit daff0f5d709eca621a7f319c892ecaba7b03e5c2)
Autobuild-User(v4-1-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-1-test): Thu Dec 18 23:00:51 CET 2014 on sn-devel-104
|
|
If signing is not required we should not require it for reauthentication.
Windows clients would otherwise fail to reauthenticate.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10958
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 382019656ee164fd21455ed7d7b5e9e18bd0ca72)
|
|
If we have a channel session key, we also always have a global session key.
For multi-channel it's possible that the channel session key is not in place
yet, in that case the global session key needs to be used.
In both cases (reauth or session bind) we session setup requests need to be
signed.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
(cherry picked from commit 7e006d11134cdc37ea0fc13110fe5bbfb9de3f14)
|
|
Verifies BUG: https://bugzilla.samba.org/show_bug.cgi?id=10949
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Fri Dec 12 20:15:46 CET 2014 on sn-devel-104
(cherry picked from commit 7e81fe282540a5b52dcb8c5396321a67733790d2)
|
|
Otherwise we can't find the GUID of the 'serverName' attribute
as ANONYMOUS.
This results in
root@ub1204-161:~# ldbsearch -U% -H ldap://172.31.9.161 -b '' -s base --extended-dn serverName
search error - LDAP error 1 LDAP_OPERATIONS_ERROR - <00002020: operations error at ../source4/dsdb/samdb/ldb_modules/rootdse.c:567> <>
While it works as system:
root@ub1204-161:~# ldbsearch -U% -H /var/lib/samba/private/sam.ldb -b '' -s base --extended-dn serverName
# record 1
dn:
serverName: <GUID=348c35e1-04e3-4988-a32c-32478d584551>;CN=UB1204-161,CN=Serve
rs,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=s4xdom,DC=base
# returned 1 records
# 1 entries
# 0 referrals
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10949
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit a6ecef4532e4529a819219cd814e2979c2df0797)
|
|
path is a talloc-child of subkeys, so subkeys should not be freed before calling
verbose_output
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Christian Ambach <ambi@samba.org>
Autobuild-Date(master): Wed Dec 3 00:43:19 CET 2014 on sn-devel-104
(cherry picked from commit 3b90bfb1089e6a4b7e05e7ed62bb642521f57917)
|
|
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 4b41489901b7f1a78ffd479128c3e0d309e53b53)
|
|
try to find the security descriptor at the data pointer, not at the beginning of the hbin
Bug: https://bugzilla.samba.org/show_bug.cgi?id=9629
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 217a0189c15761f6c7b24c9d7bfdbccf85de8e1d)
|
|
Fix up the ceph, time_audit and streams_xattr modules to follow
the -1,errno convention for errors.
Reported by Jones <jones.kstw@gmail.com> who provided the
initial patch. This patch tested and confirmed working
by him as well.
Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User(v4-1-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-1-test): Mon Dec 8 12:29:00 CET 2014 on sn-devel-104
|
|
Fix vfs_allocate_file_space(), vfs_slow_fallocate(),
vfs_fill_sparse() to follow the -1,errno convention
for errors.
Standardize on the -1,errno convention.
Reported by Jones <jones.kstw@gmail.com> who provided the
initial patch. This patch tested and confirmed working
by him as well.
https://bugzilla.samba.org/show_bug.cgi?id=10982
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Disseldorp <ddiss@suse.de>
(cherry picked from commit cc1f91cec627cb3e4fc89b96aae1e7e4c539cd1c)
|
|
vfswrap_fallocate() is broken in that it can call posix_fallocate()
which returns an int error (and doesn't set errno) but can also
call Linux fallocate() which returns -1 and sets errno.
Standardize on the -1,errno convention.
Reported by Jones <jones.kstw@gmail.com> who provided the
initial patch. This patch tested and confirmed working
by him as well.
https://bugzilla.samba.org/show_bug.cgi?id=10982
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Disseldorp <ddiss@suse.de>
(cherry picked from commit c9235deee0fc49c99cfaf2329b7af526d9dd12d0)
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10279
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit 8c41795c81d85114e383e694ba7421e95bacb912)
|
|
If we do not set the netbios_name we are not able to connect to a
Windows DC.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10279
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit 206f25d815024248214f076fd60c35862e9de8a1)
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10279
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit 1e148a91fd20053f823b57e19d757665fa30c53d)
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9056
warn_pwd_expire parameter is not working as documented in pam_winbind manual
page. This patch adds missing bit and allows disabling warning message fully,
i.e. setting warn time to zero days.
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Wed Dec 3 21:36:49 CET 2014 on sn-devel-104
|
|
client does.
Required as some servers return zero when asked for
zero credits in an initial SMB2-only negprot.
Back-port of c426f97238e4f664d1b13781101ca9c942aa7d0d
from master.
https://bugzilla.samba.org/show_bug.cgi?id=10966
Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User(v4-1-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-1-test): Thu Dec 4 21:55:16 CET 2014 on sn-devel-104
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10961
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10960
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
In the initial implementation only IPv4 addresses were supported.
Add IPv6 (and mixed IPv4/IPv6) support and all further needed conversion
routines to support w2k, dotnet, longhorn clients.
Signed-off-by: Guenter Kukkukk <linux@kukkukk.com>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Wed Nov 26 03:44:07 CET 2014 on sn-devel-104
(cherry picked from commit 3ac4355f3e7f79bc0045c43bc818697dc6b08850)
The last 3 patches address
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10952
samba-tool dns serverinfo <server> is broken for IPv6 - also in mixed IPv4/IPv6
environments.
|
|
Avoid hardcoded IP-strings, use standard python IP functions to format
IPv4 and IPv6 addresses correctly.
I have removed the display of the port number.
MS-DNSP 2.2.3.2.2.1 DNS_ADDR: (from May 15, 2014)
Port Number (2bytes): Senders MUST set this to zero, and receivers MUST ignore
it.
Signed-off-by: Guenter Kukkukk <linux@kukkukk.com>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit d5af53c5372866a33a0195cabbd64232ac53bad4)
|
|
DNS_ZONE_UPDATE_SECURE was used twice, DNS_ZONE_UPDATE_UNSECURE was missing.
Signed-off-by: Guenter Kukkukk <linux@kukkukk.com>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit 4bda589c8e68cd66ca3b0ea9496cb1b11febcae6)
|
|
and re-enable git snapshots.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
|