Age | Commit message (Collapse) | Author | Files | Lines |
|
one horror (pstring_clean_name()) which will have to
remain until I've removed all pstrings from the client code.
Jeremy.
(This used to be commit 1ea3ac80146b83c2522b69e7747c823366a2b47d)
|
|
== Subject: Remote code execution in Samba's WINS
== server daemon (nmbd) when processing name
== registration followed name query requests.
==
== CVE ID#: CVE-2007-5398
==
== Versions: Samba 3.0.0 - 3.0.26a (inclusive)
...
Secunia Research reported a vulnerability that allows for
the execution of arbitrary code in nmbd. This defect may
only be exploited when the "wins support" parameter has
been enabled in smb.conf.
(This used to be commit e40c372e0ddf631dd9162c1fdfaaa49c29915f23)
|
|
set on wrong fd (-1).
Jeremy.
(This used to be commit 52fe04df8e8c08126afe61d509fc1d3cb676e327)
|
|
Jeremy.
(This used to be commit 7a1de5b44e84a7474e78518c6ba33b3fedc42b5f)
|
|
Jeremy.
(This used to be commit 2a0173743d2cf615d52278f3dd87cc804abe2d16)
|
|
Each cli struct has it's own local copy of this variable,
so use that in client code. In the smbd server, add one
static to smbd/proccess.c and use that inside smbd. Fix
a bunch of places where smb_rw_error could be set by
calling read_data() in places where we weren't reading
from the SMB client socket (ie. winbindd).
Jeremy.
(This used to be commit 255c2adf7b6ef30932b5bb9f142ccef4a5d3d0db)
|
|
callers.
Jeremy.
(This used to be commit 35aaa36f82c70964cee5d0778eb04547b226dd3f)
|
|
The point is doing the following associations:
- non discardable state data (all TDB files that may need to be backed
up) go to statedir
- shared data (codepage stuff) go to codepagedir
The patch *does not change* the default location for these
directories. So, there is no behaviour change when applying it.
The main change is for samba developers who have to think when dealing
with files that previously pertained to libdir whether they:
- go in statedir
- go in codepagedir
- stay in libdir
(This used to be commit d6cdbfd875bb2653e831d314726c3240beb0a96b)
|
|
at debug level 0.
metze
(This used to be commit 95f76ae7a52c6b22db22d03fed6b0848d2a61bee)
|
|
to struct sockaddr_storage in most places that matter (ie.
not the nmbd and NetBIOS lookups). This passes make test
on an IPv4 box, but I'll have to do more work/testing on
IPv6 enabled boxes. This should now give us a framework
for testing and finishing the IPv6 migration. It's at
the state where someone with a working IPv6 setup should
(theorecically) be able to type :
smbclient //ipv6-address/share
and have it work.
Jeremy.
(This used to be commit 98e154c3125d5732c37a72d74b0eb5cd7b6155fd)
|
|
metze
(This used to be commit 97f47e39139cef738a5f02980a0792417e0d365e)
|
|
where we meant int. Fix this. Thanks to metze for
pointing this out.
Jeremy.
(This used to be commit 793a9d24a163cb6cf5a3a0aa5ae30e9f8cf4744a)
|
|
jra: POPT_ARG_VAL arguments need int values.
I assume there're more places like this
in the cmdline tools.
Please fix this properly, as my commit is just
a hack to get make test working again.
in samba4 we have a workaround for this see
smbd/server.c
metze
(This used to be commit 9cb1937fe8601e526b5c924930500e0a3b52abd5)
|
|
bugs in various places whilst doing this (places that assumed
BOOL == int). I also need to fix the Samba4 pidl generation
(next checkin).
Jeremy.
(This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f)
|
|
IPv6 in winbindd, but moves most of the socket functions that were
wrongly in lib/util.c into lib/util_sock.c and provides generic
IPv4/6 independent versions of most things. Still lots of work
to do, but now I can see how I'll fix the access check code.
Nasty part that remains is the name resolution code which is
used to returning arrays of in_addr structs.
Jeremy.
(This used to be commit 3f6bd0e1ec5cc6670f3d08f76fc2cd94c9cd1a08)
|
|
(This used to be commit 5c6c8e1fe93f340005110a7833946191659d88ab)
|
|
the ripple effects this causes. utmp has to change etc. Remove some
global varables and store address/port in the unexpected db.
Jeremy.
(This used to be commit 18c6a2211d9e25233d01715b3f78977edcd6d869)
|
|
always consistent. Return -1 on error, and ensure
we check for this. In cases where the dest is already
specified and we've been asked to terminate with a
null, ensure we always do so even on error.
Jeremy.
(This used to be commit abedd967869ade9a43c3a8e1b889c60d4aca81cf)
|
|
Jeremy.
(This used to be commit 764574ee05ea4f13cdd30c0a0668ffeb81756989)
|
|
to unix_convert().
Jeremy.
(This used to be commit 39c211a702e91c34c1a5a689e1b0c4530ea8a1ac)
|
|
Jeremy.
(This used to be commit f789186086b55a81c52e05d1f8c97c33b69131bd)
|
|
This adds the two functions talloc_stackframe() and talloc_tos().
* When a new talloc stackframe is allocated with talloc_stackframe(), then
* the TALLOC_CTX returned with talloc_tos() is reset to that new
* frame. Whenever that stack frame is TALLOC_FREE()'ed, then the reverse
* happens: The previous talloc_tos() is restored.
*
* This API is designed to be robust in the sense that if someone forgets to
* TALLOC_FREE() a stackframe, then the next outer one correctly cleans up and
* resets the talloc_tos().
The original motivation for this patch was to get rid of the
sid_string_static & friends buffers. Explicitly passing talloc context
everywhere clutters code too much for my taste, so an implicit
talloc_tos() is introduced here. Many of these static buffers are
replaced by a single static pointer.
The intended use would thus be that low-level functions can rather
freely push stuff to talloc_tos, the upper layers clean up by freeing
the stackframe. The more of these stackframes are used and correctly
freed the more exact the memory cleanup happens.
This patch removes the main_loop_talloc_ctx, tmp_talloc_ctx and
lp_talloc_ctx (did I forget any?)
So, never do a
tmp_ctx = talloc_init("foo");
anymore, instead, use
tmp_ctx = talloc_stackframe()
:-)
Volker
(This used to be commit 6585ea2cb7f417e14540495b9c7380fe9c8c717b)
|
|
- use poptPrintUsage() to give the user more info
metze
(This used to be commit a95d9d1ef99d6a2f77a289f8d2011cae482821b1)
|
|
smbd, nmbd and winbindd can be started with invalid options currently.
The first patch attached would be a possible solution.
It contains an exit if an invalid option has been used. The main problem
is, that existing setups with wrong options or missing arguments in start
scripts will break (which is the right behaviour from my point of view).
metze
(This used to be commit 8532e3182ab44d4ac84823e9798293f156192aaf)
|
|
add in any cluster addresses. We need to response to these,
but not listen on them. This allows us to run nmbd on every
node in the cluster, and have all of them register with a
WINS server correctly
metze
(This used to be commit 98c57562c4dcf04b72a1e4ad5d9f5cf48e7d0b28)
|
|
(This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07)
|
|
systems. Rather than trying to fix this, it's much better just to
remove the code, as it serves no purpose at all (the message that is
generated is ignored by smbd).
This sort of parsing should really be done by PIDL generated code.
(This used to be commit 22e8404cef4961f7468a9f24e23024c827233b84)
|
|
Jeremy.
(This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
|
|
<nakabayashi@miraclelinux.com>.
Jeremy.
(This used to be commit 3f70c1b10589965ee95ef7497ff6fb7c39475569)
|
|
Long overdue fix....
Jeremy.
(This used to be commit 073fdc5a58139796dbaa7ea9833dca5308f11282)
|
|
failed expression in SMB_ASSERT.
(This used to be commit 171dc060e2a576d724eed1ca65636bdafffd7713)
|
|
code :-). Thanks Volker !
Jeremy.
(This used to be commit e3f33a2a503ada232aa1165e2321822584a026bd)
|
|
allow SIGTERM to cause nmbd to exit on awaiting
an interface to come up. Debian bug #168079
Jeremy.
(This used to be commit 9ee310f3d68426da552f084ebcffef6b8ebbf612)
|
|
doing this because for the clustering the marshalling is needed in more
than one place, so I wanted a decent routine to marshall a message_rec
struct which was not there before.
Tridge, this seems about the same speed as it used to be before, the
librpc/ndr overhead in my tests was under the noise.
Volker
(This used to be commit eaefd00563173dfabb7716c5695ac0a2f7139bb6)
|
|
(This used to be commit a8082a3c7c3d1e68c27fc3bf42f3d44402cc6f9f)
|
|
(This used to be commit cc92ce665dcfe9054d09429219883b18a4cab090)
|
|
(This used to be commit 330946ad2307ca34f0a8d068a0193fcb8a0d6036)
|
|
(This used to be commit 6d210fb8a13e93fe5b7bc160a343f74878dea727)
|
|
connections_traverse
and connections_forall. This centralizes all the routines that did individual
tdb_open("connections.tdb") and direct tdb_traverse.
Volker
(This used to be commit e43e94cda1ad8876b3cb5d1129080b57fa6ec214)
|
|
patch.
This changes "struct process_id" to "struct server_id", keeping both is
just too much hassle. No functional change (I hope ;-))
Volker
(This used to be commit 0ad4b1226c9d91b72136310d3bbb640d2c5d67b8)
|
|
of the various flags explicit.
(This used to be commit 19c929c6330a50f278ac322ac5fcb83d03734ea2)
|
|
to all callers of smb_setlen (via set_message()
calls). This will allow the server to reflect back
the correct encryption context.
Jeremy.
(This used to be commit 2d80a96120a5fe2fe726f00746d36d85044c4bdb)
|
|
Jeremy.
(This used to be commit c3e2207cb40386c565b23fcabc8c7384b10216de)
|
|
redundent. Remove it.
Jeremy.
(This used to be commit 140881cfbb59ce4a699b5900efe02bf315be7bd5)
|
|
suggested. I now use :
BOOL is_offset_safe(const char *buf_base, size_t buf_len, char *ptr, size_t off)
char *get_safe_ptr(const char *buf_base, size_t buf_len, char *ptr, size_t off)
char *get_safe_str_ptr(const char *buf_base, size_t buf_len, char *ptr, size_t off)
int get_safe_SVAL(const char *buf_base, size_t buf_len, char *ptr, size_t off, int failval)
int get_safe_IVAL(const char *buf_base, size_t buf_len, char *ptr, size_t off, int failval)
Volker, please criticize and comment. Thanks,
Jeremy.
(This used to be commit d47af7c9263f519e7307859b6a696d854c5dfca3)
|
|
(This used to be commit a4c1c770a227390f745c9db07efe468bdcd31339)
|
|
but I've no option.
Jeremy.
(This used to be commit c3a565081d70b209a4f9e6e8f1859bf7194a5f74)
|
|
and fix all compiler warnings in the users
metze
(This used to be commit 3a28443079c141a6ce8182c65b56ca210e34f37f)
|
|
which matches what samba4 has.
also fix all the callers to prevent compiler warnings
metze
(This used to be commit fa322f0cc9c26a9537ba3f0a7d4e4a25941317e7)
|
|
void message_register(int msg_type,
void (*fn)(int msg_type, struct process_id pid,
- void *buf, size_t len))
+ void *buf, size_t len,
+ void *private_data),
+ void *private_data)
{
struct dispatch_fns *dfn;
So this adds a (so far unused) private pointer that is passed from
message_register to the message handler. A prerequisite to implement a tiny
samba4-API compatible wrapper around our messaging system. That itself is
necessary for the Samba4 notify system.
Yes, I know, I could import the whole Samba4 messaging system, but I want to
do it step by step and I think getting notify in is more important in this
step.
Volker
(This used to be commit c8ae60ed65dcce9660ee39c75488f2838cf9a28b)
|