summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2015-02-23Imported Upstream version 4.1.17+dfsgupstream/4.1.17+dfsgupstream_4.1Ivo De Decker91-182/+247
2015-02-22Imported Upstream version 4.1.16+dfsgupstream/4.1.16+dfsgIvo De Decker184-774/+2278
2015-02-21VERSION: Disable git snapshots for the 4.1.17 release.Karolin Seeger1-1/+1
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11077 CVE-2015-0240: talloc free on uninitialized stack pointer in netlogon server could lead to security vulnerability. Signed-off-by: Karolin Seeger <kseeger@samba.org>
2015-02-21WHATSNEW: Add release notes for Samba 4.1.17.Karolin Seeger1-3/+59
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11077 CVE-2015-0240: talloc free on uninitialized stack pointer in netlogon server could lead to security vulnerability. Signed-off-by: Karolin Seeger <kseeger@samba.org>
2015-02-21s3-netlogon: Make sure we do not deference a NULL pointer.Andreas Schneider1-1/+6
This is an additional patch for CVE-2015-0240. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11077#c32 Pair-Programmed-With: Michael Adam <obnox@samba.org> Pair-Programmed-With: Andreas Schneider <asn@samba.org> Signed-off-by: Michael Adam <obnox@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
2015-02-21CVE-2015-0240: s3: netlogon: Ensure we don't call talloc_free on an ↵Jeremy Allison1-1/+5
uninitialized pointer. Bug: https://bugzilla.samba.org/show_bug.cgi?id=11077 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2015-02-10VERSION: Re-enable git snapshots.Karolin Seeger1-1/+1
Signed-off-by: Karolin Seeger <kseeger@samba.org>
2015-02-10VERSION: Bump version up to 4.1.17.Karolin Seeger1-1/+1
Signed-off-by: Karolin Seeger <kseeger@samba.org> (cherry picked from commit c4e46cd4e32ef5bf25f3a21f74bb40dfb1dd3c0d)
2015-01-12VERSION: Disable git snapshots for the 4.1.16 release.Karolin Seeger1-1/+1
Signed-off-by: Karolin Seeger <kseeger@samba.org>
2015-01-12WHATSNEW: Add release notes for Samba 4.1.16.Karolin Seeger1-3/+52
Signed-off-by: Karolin Seeger <kseeger@samba.org>
2015-01-12CVE-2014-8143:dsdb-samldb: Check for extended access rights before we allow ↵Andrew Bartlett5-6/+221
changes to userAccountControl This requires an additional control to be used in the LSA server to add domain trust account objects. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10993 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2015-01-12CVE-2014-8143:dsdb: Allow use of dsdb_autotransaction_request outside util.cAndrew Bartlett1-2/+2
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10993 Change-Id: If6bc90305a1e9a5a92562a01ba7e44330de91cc1 Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2015-01-12CVE-2014-8143:pydsdb: Pull in UF_USE_AES_KEYS flagAndrew Bartlett1-0/+1
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10993 Change-Id: I36ad5ebc5d8a4811c41b59af90a3add4ae5fd857 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2015-01-12CVE-2014-8143:auth: Force talloc type of session_info pointer to matchAndrew Bartlett1-0/+5
This helps us keep things safe in LDB where we put this in a opaque pointer. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10993 Andrew Bartlett Change-Id: I46fe53ba655ca0810c276b72fbca524884cdf22d Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2015-01-12VERSION: Bump version up to 4.1.16...Karolin Seeger1-2/+2
and re-enable git snapshots. Signed-off-by: Karolin Seeger <kseeger@samba.org> (cherry picked from commit 9f52de75088380915835e815217bdcd0afa8dc85)
2015-01-11VERSION: Disable git snapshots for the 4.1.15 release.Karolin Seeger1-1/+1
Signed-off-by: Karolin Seeger <kseeger@samba.org>
2015-01-11WHATSNEW: Add release notes for Samba 4.1.15.Karolin Seeger1-3/+86
Signed-off-by: Karolin Seeger <kseeger@samba.org>
2015-01-11nsswitch: fix soname of linux nss_*.so.2 modulesStefan Metzmacher2-13/+18
Bug: https://bugzilla.samba.org/show_bug.cgi?id=9299 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> (similar to commit 575b093dac3c509b1bfaab0b4ad29b9b4214e487) Autobuild-User(v4-1-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-1-test): Sun Jan 11 16:15:06 CET 2015 on sn-devel-104
2015-01-11selftest: use shared/libnss_wrapper_winbind.so.2Stefan Metzmacher2-2/+2
This library is always available in make test. nss-wrapper strictly requires the linux nss api. Bug: https://bugzilla.samba.org/show_bug.cgi?id=9299 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (similar to commit 4eb24fa545234be506eb1330ccbbfd5c2b9e0d82)
2015-01-11wafsamba: add optional keep_underscore=True to SAMBA_LIBRARY()Stefan Metzmacher1-1/+5
Bug: https://bugzilla.samba.org/show_bug.cgi?id=9299 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (similar to commit 82e583b04b04e560c121163850d70c52d2fce78d)
2015-01-11winbind: Retry after SESSION_EXPIRED error in ping-dcChristof Schmitt1-0/+8
Trying to establish a netlogon connection when the service ticket expires might fail with NT_STATUS_NETWORK_SESSION_EXPIRED. The underlying client code already marks the session as invalid, so retry the netlogon connect in this case. Signed-off-by: Christof Schmit <cs@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Jan 6 02:58:57 CET 2015 on sn-devel-104 (cherry picked from commit a2670f15dea27c10e3827216adf572f9c3894f85) BUG: https://bugzilla.samba.org/show_bug.cgi?id=11034
2015-01-11winbind: Retry LogonControl RPC in ping-dc after session expirationChristof Schmitt1-0/+10
When the underlying session expires, the LogonControl RPC call used in ping-dc returns NT_STATUS_IO_DEVICE_ERROR. Retry once in this case, instead of returning the error to the caller. Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Dec 23 02:46:34 CET 2014 on sn-devel-104 (cherry picked from commit 2fdc55160309cec89aeb88243cb18d058c67e918) BUG: https://bugzilla.samba.org/show_bug.cgi?id=11034
2015-01-11librpc/ndr_drsuapi: Allow ndrdump to dump dsinfo52 blobsMatthieu Patou1-0/+34
Change-Id: I6968b25c67587296b928b2193a9d48093c69c01a Signed-off-by: Matthieu Patou <mat@matws.net> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 1ac96a416d7d6db2476f56129166fd9e018e7306) The last 6 patches address BUG: https://bugzilla.samba.org/show_bug.cgi?id=11006 'domain join' fails - 'drsuapi.DsBindInfoFallBack' has no attribute 'supported_extensions'.
2015-01-11idl:drsuapi: Manage all possible lengths of drsuapi_DsBindInfoSamuel Cabrero9-7/+179
Signed-off-by: Samuel Cabrero <scabrero@zentyal.com> Reviewed-by: Kamen Mazdrashki <kamenim@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Kamen Mazdrashki <kamenim@samba.org> (cherry picked from commit d747372d28273542298f86530e715e8faaf907f2)
2015-01-11librpc-idl: change the drsuapi_DsBindInfoCtr so that it match what is on the ↵Matthieu Patou2-9/+204
wire both in NDR32 and NDR64. Previous implementation had a problem with NDR64 with uint32 and uint3264 being in the wrong order Signed-off-by: Matthieu Patou <mat@matws.net> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Wed Oct 30 10:16:02 CET 2013 on sn-devel-104 (cherry picked from commit 8dc931bafca00c1c61a4366ffb6cfa72a98bb412)
2015-01-11librpc-idl: replace int32 by uint32 as the values are always > 0Stefan Metzmacher1-2/+2
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 1e2e421632c275f8cf7529935f72ef3639ddea14)
2015-01-11librpc-idl: replace int32 by the enumeration as it's the type that we use in ↵Matthieu Patou1-10/+10
union's switch drsuapi_DsGetDCInfoCtrLevels Signed-off-by: Matthieu Patou <mat@matws.net> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 568bf16dfadb4bd3003ed18b19098a3d1473f2fe)
2015-01-11drsuapi.idl: change the range for attribute values to 26214400 bytes.Stefan Metzmacher1-1/+1
This matches the IDL from [MS-DRSR]. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Matthieu Patou <mat@matws.net> (cherry picked from commit 51d8eba8417c58c2ade30d58a838441008209542)
2014-12-18libcli/smb: only force signing of smb2 session setups when binding a new sessionStefan Metzmacher1-1/+6
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10958 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Dec 12 23:11:40 CET 2014 on sn-devel-104 (cherry picked from commit daff0f5d709eca621a7f319c892ecaba7b03e5c2) Autobuild-User(v4-1-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-1-test): Thu Dec 18 23:00:51 CET 2014 on sn-devel-104
2014-12-18s3:smb2_server: allow reauthentication without signingStefan Metzmacher2-5/+4
If signing is not required we should not require it for reauthentication. Windows clients would otherwise fail to reauthenticate. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10958 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 382019656ee164fd21455ed7d7b5e9e18bd0ca72)
2014-12-18s3:smb2_server: use the global signing key to check if signing is requiredStefan Metzmacher1-1/+1
If we have a channel session key, we also always have a global session key. For multi-channel it's possible that the channel session key is not in place yet, in that case the global session key needs to be used. In both cases (reauth or session bind) we session setup requests need to be signed. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> (cherry picked from commit 7e006d11134cdc37ea0fc13110fe5bbfb9de3f14)
2014-12-18testprogs/test_ldb: check rootdse search with extended-dn controlStefan Metzmacher1-0/+2
Verifies BUG: https://bugzilla.samba.org/show_bug.cgi?id=10949 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Fri Dec 12 20:15:46 CET 2014 on sn-devel-104 (cherry picked from commit 7e81fe282540a5b52dcb8c5396321a67733790d2)
2014-12-18s4:dsdb/rootdse: expand extended dn values with the AS_SYSTEM controlStefan Metzmacher1-4/+2
Otherwise we can't find the GUID of the 'serverName' attribute as ANONYMOUS. This results in root@ub1204-161:~# ldbsearch -U% -H ldap://172.31.9.161 -b '' -s base --extended-dn serverName search error - LDAP error 1 LDAP_OPERATIONS_ERROR - <00002020: operations error at ../source4/dsdb/samdb/ldb_modules/rootdse.c:567> <> While it works as system: root@ub1204-161:~# ldbsearch -U% -H /var/lib/samba/private/sam.ldb -b '' -s base --extended-dn serverName # record 1 dn: serverName: <GUID=348c35e1-04e3-4988-a32c-32478d584551>;CN=UB1204-161,CN=Serve rs,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=s4xdom,DC=base # returned 1 records # 1 entries # 0 referrals Bug: https://bugzilla.samba.org/show_bug.cgi?id=10949 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> (cherry picked from commit a6ecef4532e4529a819219cd814e2979c2df0797)
2014-12-18s3:utils/profiles fix a use after freeChristian Ambach1-3/+3
path is a talloc-child of subkeys, so subkeys should not be freed before calling verbose_output Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Christian Ambach <ambi@samba.org> Autobuild-Date(master): Wed Dec 3 00:43:19 CET 2014 on sn-devel-104 (cherry picked from commit 3b90bfb1089e6a4b7e05e7ed62bb642521f57917)
2014-12-18s3:registry/regfio fix some valgrind warningsChristian Ambach1-2/+2
Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 4b41489901b7f1a78ffd479128c3e0d309e53b53)
2014-12-18s3:registry/regfio read SD from the correct locationChristian Ambach1-2/+4
try to find the security descriptor at the data pointer, not at the beginning of the hbin Bug: https://bugzilla.samba.org/show_bug.cgi?id=9629 Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 217a0189c15761f6c7b24c9d7bfdbccf85de8e1d)
2014-12-08s3: modules: Fix *allocate* calls to follow POSIX error return convention.Jeremy Allison3-13/+13
Fix up the ceph, time_audit and streams_xattr modules to follow the -1,errno convention for errors. Reported by Jones <jones.kstw@gmail.com> who provided the initial patch. This patch tested and confirmed working by him as well. Signed-off-by: Jeremy Allison <jra@samba.org> Autobuild-User(v4-1-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-1-test): Mon Dec 8 12:29:00 CET 2014 on sn-devel-104
2014-12-08s3: smbd: Fix *allocate* calls to follow POSIX error return convention.Jeremy Allison1-11/+11
Fix vfs_allocate_file_space(), vfs_slow_fallocate(), vfs_fill_sparse() to follow the -1,errno convention for errors. Standardize on the -1,errno convention. Reported by Jones <jones.kstw@gmail.com> who provided the initial patch. This patch tested and confirmed working by him as well. https://bugzilla.samba.org/show_bug.cgi?id=10982 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: David Disseldorp <ddiss@suse.de> (cherry picked from commit cc1f91cec627cb3e4fc89b96aae1e7e4c539cd1c)
2014-12-08s3: smbd: Fix *allocate* calls to follow POSIX error return convention.Jeremy Allison1-5/+12
vfswrap_fallocate() is broken in that it can call posix_fallocate() which returns an int error (and doesn't set errno) but can also call Linux fallocate() which returns -1 and sets errno. Standardize on the -1,errno convention. Reported by Jones <jones.kstw@gmail.com> who provided the initial patch. This patch tested and confirmed working by him as well. https://bugzilla.samba.org/show_bug.cgi?id=10982 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: David Disseldorp <ddiss@suse.de> (cherry picked from commit c9235deee0fc49c99cfaf2329b7af526d9dd12d0)
2014-12-08s3-libsmb: Duplicate the memory before we free it.Andreas Schneider1-3/+6
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10279 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> (cherry picked from commit 8c41795c81d85114e383e694ba7421e95bacb912)
2014-12-08s3-libsmb: Set the netbios_name in use_ccache case too.Andreas Schneider1-0/+9
If we do not set the netbios_name we are not able to connect to a Windows DC. BUG: https://bugzilla.samba.org/show_bug.cgi?id=10279 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> (cherry picked from commit 206f25d815024248214f076fd60c35862e9de8a1)
2014-12-08s3-lib: Do not require a password with --use-ccache.Andreas Schneider2-3/+4
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10279 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> (cherry picked from commit 1e148a91fd20053f823b57e19d757665fa30c53d)
2014-12-08pam_winbind: fix warn_pwd_expire implementation.Günther Deschner1-1/+4
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9056 warn_pwd_expire parameter is not working as documented in pam_winbind manual page. This patch adds missing bit and allows disabling warning message fully, i.e. setting warn time to zero days. Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Wed Dec 3 21:36:49 CET 2014 on sn-devel-104
2014-12-04libcli: SMB2: Pure SMB2-only negprot fix to make us behave as a Windows ↵Jeremy Allison2-0/+13
client does. Required as some servers return zero when asked for zero credits in an initial SMB2-only negprot. Back-port of c426f97238e4f664d1b13781101ca9c942aa7d0d from master. https://bugzilla.samba.org/show_bug.cgi?id=10966 Signed-off-by: Jeremy Allison <jra@samba.org> Autobuild-User(v4-1-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-1-test): Thu Dec 4 21:55:16 CET 2014 on sn-devel-104
2014-12-04s3-smbstatus: Fix exit code of profile output.Andreas Schneider1-2/+5
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10961 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2014-12-04s3-smbclient: Return success if we listed the shares.Andreas Schneider1-1/+1
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10960 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2014-12-04s4-rpc: dnsserver: Fix enumeration of IPv4 and IPv6 addressesGuenter Kukkukk4-38/+151
In the initial implementation only IPv4 addresses were supported. Add IPv6 (and mixed IPv4/IPv6) support and all further needed conversion routines to support w2k, dotnet, longhorn clients. Signed-off-by: Guenter Kukkukk <linux@kukkukk.com> Reviewed-by: Amitay Isaacs <amitay@gmail.com> Autobuild-User(master): Amitay Isaacs <amitay@samba.org> Autobuild-Date(master): Wed Nov 26 03:44:07 CET 2014 on sn-devel-104 (cherry picked from commit 3ac4355f3e7f79bc0045c43bc818697dc6b08850) The last 3 patches address BUG: https://bugzilla.samba.org/show_bug.cgi?id=10952 samba-tool dns serverinfo <server> is broken for IPv6 - also in mixed IPv4/IPv6 environments.
2014-12-04samba-tool: Fix the IP output of "samba-tool dns serverinfo <some_server>"Guenter Kukkukk1-5/+8
Avoid hardcoded IP-strings, use standard python IP functions to format IPv4 and IPv6 addresses correctly. I have removed the display of the port number. MS-DNSP 2.2.3.2.2.1 DNS_ADDR: (from May 15, 2014) Port Number (2bytes): Senders MUST set this to zero, and receivers MUST ignore it. Signed-off-by: Guenter Kukkukk <linux@kukkukk.com> Reviewed-by: Amitay Isaacs <amitay@gmail.com> (cherry picked from commit d5af53c5372866a33a0195cabbd64232ac53bad4)
2014-12-04samba-tool: Fix enum values in dns.pyGuenter Kukkukk1-1/+1
DNS_ZONE_UPDATE_SECURE was used twice, DNS_ZONE_UPDATE_UNSECURE was missing. Signed-off-by: Guenter Kukkukk <linux@kukkukk.com> Reviewed-by: Amitay Isaacs <amitay@gmail.com> (cherry picked from commit 4bda589c8e68cd66ca3b0ea9496cb1b11febcae6)
2014-11-27VERSION: Bump version up to 4.1.15...Karolin Seeger1-2/+2
and re-enable git snapshots. Signed-off-by: Karolin Seeger <kseeger@samba.org>
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-09 03:02:28 +0000