| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
This is an additional patch for CVE-2015-0240.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11077#c32
Pair-Programmed-With: Michael Adam <obnox@samba.org>
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
|
|
uninitialized pointer.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11077
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
|
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Mon Nov 17 19:53:22 CET 2014 on sn-devel-104
The last 3 patches address
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10942
cleanup add_string_to_array and usage
|
|
This logic has been moved into the previous EnumJobs(level=3) caller.
The info3 structure only contains two fields that are used, so it
doesn't make sense to have a separate helper for it.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit d772b98283f289917a6a8370808d4d0912899384)
|
|
Until now, these responses have incorrectly carried the printing backend
job identifier (sysjob), rather than the one allocated and returned by
Samba on job submission.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10905
Reported-by: Franz Pförtsch <franz.pfoertsch@brose.com>
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 5e7ab3d2f4f7950099561eb22d6a9a1536297442)
|
|
Until now, these responses have incorrectly carried the printing backend
job identifier (sysjob), rather than the one allocated and returned by
Samba on job submission.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10905
Reported-by: Franz Pförtsch <franz.pfoertsch@brose.com>
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 45abaf81c67b62bab571df208931241afa660802)
|
|
Until now, these responses have incorrectly carried the printing backend
job identifier (sysjob), rather than the one allocated and returned by
Samba on job submission.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10905
Reported-by: Franz Pförtsch <franz.pfoertsch@brose.com>
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 4d7f5d2af6ef6960dccaccf89c6e88947e2591bf)
|
|
Clients issue GetJob requests using the jobid assigned by the spoolss
server. The corresponding printing backend (sysjob) identifier needs to
be resolved to locate the correct print queue entry.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10905
Reported-by: Franz Pförtsch <franz.pfoertsch@brose.com>
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 3a28ae56977235d3c9e3abcd1f24b220e536c50d)
|
|
Currently Samba is inconsistent when returning WERR_UNKNOWN_LEVEL
errors for spoolss EnumJobs requests - if no print jobs are present,
then WERR_OK will be returned, regardless of whether the EnumJobs level
is supported or not.
This change fixes this behaviour, by catching invalid or unsupported
levels prior to the no-jobs response fast-path.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10898
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Oct 28 03:05:35 CET 2014 on sn-devel-104
(cherry picked from commit d4f233a746d89e13aae78008b499c71b695ff882)
|
|
restore existing SIGCHLD handlers.
Bug #10831 - SIGCLD Signal handler not correctly reinstalled on old library code use - smbrun etc.
https://bugzilla.samba.org/show_bug.cgi?id=10831
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
|
|
This will be used in the next patch in winbind.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 16594e7fc0a46249a48d0d0635de0c1050ecd340)
|
|
The printer share inventory should be reloaded on open _and_
enumeration, as there are some clients, such as cupsaddsmb, that do not
perform an enumeration prior to access.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10652
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Aug 8 16:33:50 CEST 2014 on sn-devel-104
(cherry picked from commit 1ad71f79eb473822d36d9629cf52c2fca4c53752)
|
|
Only keep a single definition in server_reload.c
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10652
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 2685df1177ffd39b1af34eb116bd7b24d4b12974)
|
|
Currently, automatic printer share updates are handled in the following
way:
- Background printer process (BPP) forked on startup
- Parent smbd and per-client children await MSG_PRINTER_PCAP messages
- BPP periodically polls the printing backend for printcap data
- printcap data written to printer_list.tdb
- MSG_PRINTER_PCAP sent to all smbd processes following update
- smbd processes all read the latest printer_list.tdb data, and update
their share listings
This procedure is not scalable, as all smbd processes hit
printer_list.tdb in parallel, resulting in a large spike in CPU usage.
This change sees smbd processes only update their printer share lists
only when a client asks for this information, e.g. via NetShareEnum or
EnumPrinters.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10652
Suggested-by: Volker Lendecke <vl@samba.org>
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 4f4501ac1f35ab15f25d207c0d33e7c4d1abdf38)
|
|
We need to call pipe_init_outgoing_data() as the first thing in
process_complete_pdu(). Otherwise the caller may use uninitialized
memory and tries to write a response into the socket.
The problem happens only if a real socket is used, which means
in all cases for master and only with external rpc daemons in v4-0
and v4-1.
The problem looks like this in the logs.
[2014/03/20 14:49:35.531663, 10, pid=7309, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu)
Processing packet type 0
[2014/03/20 14:49:35.531695, 10, pid=7309, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request)
Checking request auth.
[2014/03/20 14:49:35.531738, 10, pid=7309, effective(0, 0), real(0, 0)] ../source3/rpc_server/rpc_server.c:521(named_pipe_packet_process)
Sending 1 fragments in a total of 0 bytes
[2014/03/20 14:49:35.531769, 10, pid=7309, effective(0, 0), real(0, 0)] ../source3/rpc_server/rpc_server.c:526(named_pipe_packet_process)
Sending PDU number: 0, PDU Length: 4294967228
[2014/03/20 14:49:35.531801, 2, pid=7309, effective(0, 0), real(0, 0)] ../source3/rpc_server/rpc_server.c:565(named_pipe_packet_done)
Writev failed!
[2014/03/20 14:49:35.531845, 2, pid=7309, effective(0, 0), real(0, 0)] ../source3/rpc_server/rpc_server.c:595(named_pipe_packet_done)
Fatal error(Message too long). Terminating client(127.0.0.1) connection!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10481
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Guenther Deschner <gd@samba.org
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Thu Mar 20 18:30:17 CET 2014 on sn-devel-104
(cherry picked from commit 5277fc4d0393ffe2e415ad26610b36d2986c62d7)
|
|
Signed-off-by: Gregor Beck <gbeck@sernet.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit b5f30205931a4b9d0b3b257d5855869e606f8b63)
|
|
This old password change mechanism does not provide the plaintext to
validate against password complexity, and it is not used by modern
clients.
The missing features in both implementations (by design) were:
- the password complexity checks (no plaintext)
- the minimum password length (no plaintext)
Additionally, the source3 version did not check:
- the minimum password age
- pdb_get_pass_can_change() which checks the security
descriptor for the 'user cannot change password' setting.
- the password history
- the output of the 'passwd program' if 'unix passwd sync = yes'.
Finally, the mechanism was almost useless, as it was incorrectly
only made available to administrative users with permission
to reset the password. It is removed here so that it is not
mistakenly reinstated in the future.
Andrew Bartlett
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
|
password changes
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
|
|
MSG_PRINTER_DRVUPGRADE message.
Receiving a MSG_PRINTER_DRVUPGRADE causes
smbd to iterate over all printers looking
for ones that uses the driver. This is a very
expensive operation requiring a read of all
registry printer parameters.
On a system with a large number of printers,
this causes the clients to timeout (smbd
can take longer than 60 seconds to respond).
This patch fixes the problem by forwarding
the MSG_PRINTER_DRVUPGRADE to the background
lpq queue updater process and allowing it to
take care of the updating of the changeid
in the registry, allowing the smbd connected
to the client to return to processing requests
immediately.
https://bugzilla.samba.org/show_bug.cgi?id=9942
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Feb 18 17:48:30 CET 2014 on sn-devel-104
(cherry picked from commit cd655715b8ee0a4e681d67b3996f71017b941401)
|
|
samba: tag release samba-4.1.3
|
|
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Jeremy Allison <jra@samba.org>
|
|
Print job notifications currently carry the system print job identifier
from the queue structure. Instead, the spoolss job identifier should be
resolved and returned.
Print clients can use notification job-ids in subsequent spoolss SetJob
requests. Returning an incorrect identifier can result in the failure of
such requests, e.g. spoolss_SetJob(SPOOLSS_JOB_CONTROL_DELETE).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10271
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit 24d025f85d6eea272bff5e1040d4fd2ba0e6b8f3)
|
|
The new v4 driver model used in Windows 8 declares print jobs
intended to bypass the XPS processing layer by setting datatype to
"XPS_PASS" instead of "RAW".
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10267
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit b2815b4c8c3e436a79fb7f07be285a417fd6e8cb)
Autobuild-User(v4-1-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-1-test): Fri Nov 22 13:44:05 CET 2013 on sn-devel-104
|
|
Bug #10118 - Samba is chatty about being unable to open a printer
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Sep 11 03:10:08 CEST 2013 on sn-devel-104
(cherry picked from commit d809cf653b624a9fde48de3b0c2ab58aca705c50)
Autobuild-User(v4-1-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-1-test): Thu Sep 12 11:36:59 CEST 2013 on sn-devel-104
|
|
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
Samba currently always responds to GetPrinter(level = 7) requests with
DSPRINT_UNPUBLISH, regardless of the AD publish status tracked via the
PRINTER_ATTRIBUTE_PUBLISHED flag. This is due to erroneous "objectGUID"
unmarshalling in is_printer_published().
This change splits "objectGUID" retrieval into a separate function, and
adds a pull_reg_sz() call to correctly unmarshall the GUID.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
|
|
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
|
|
This fixes bug 9465.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
|
Before doing the (potentially) costly enumerations,
check if the user has necessary privileges first
Signed-off-by: Shekhar Amlekar <samlekar@in.ibm.com>
Reviewed-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Christian Ambach <ambi@samba.org>
Autobuild-Date(master): Tue May 14 16:22:24 CEST 2013 on sn-devel-104
|
|
those messages are not worth level 0 or 1 and potentially
clutter the system logs
Reviewed-by: Volker Lendecke <vl@samba.org>
Signed-off-by: Christian Ambach <ambi@samba.org>
|
|
Optionally append list of UPN suffixes if PDB module returns non-empty one.
Refactor fill_forest_trust_array() in source3 to allow reuse of the code between
_netr_DsRGetForestTrustInformation() and _netr_GetForestTrustInformation()
Implement a special case of _netr_DsRGetForestTrustInformation in smbd
when trusted_domain_name is NULL (covered by test_DsrEnumerateDomainTrusts()
in rpc.netlogon torture tests, see comment in source4/torture/rpc/netlogon.c).
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Apr 9 22:19:34 CEST 2013 on sn-devel-104
|
|
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Tue Apr 2 17:16:56 CEST 2013 on sn-devel-104
|
|
Reviewed-by: Alexander Bokovoy <ab@samba.org>
|
|
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Mon Mar 18 11:39:27 CET 2013 on sn-devel-104
|
|
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
PR_SET_NAME sets the comm field of a process. This way we can give
processes a name and they are easier to identify.
$ ps afx -o pid,comm
29447 smbd
29452 \_ epmd
29453 \_ lsasd-master
29455 | \_ lsasd-child
29457 | \_ lsasd-child
29459 | \_ lsasd-child
29461 | \_ lsasd-child
29463 | \_ lsasd-child
29454 \_ spoolssd-master
29456 \_ lpqd
29458 \_ spoolssd-child
29460 \_ spoolssd-child
29462 \_ spoolssd-child
29465 \_ spoolssd-child
29466 \_ spoolssd-child
29467 \_ spoolssd-child
29468 \_ spoolssd-child
29469 \_ spoolssd-child
29470 \_ spoolssd-child
29471 \_ spoolssd-child
Reviewed-by: David Disseldorp <ddiss@samba.org>
|
|
Reviewed-by: Alexander Bokovoy <ab@samba.org>
|
|
Reviewed-by: Alexander Bokovoy <ab@samba.org>
|
|
Reviewed-by: Alexander Bokovoy <ab@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
|
|
priviledge -> privilege
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Feb 18 13:57:40 CET 2013 on sn-devel-104
|
|
redundent -> redundant
Signed-off-by: Karolin Seeger <kseeger@samba.org>
|
|
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
|
|
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
|
|
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
|
|
container object.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
|
|
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Jan 21 16:11:02 CET 2013 on sn-devel-104
|
