Re: [Samba] Samba 4 Slow Performance
On 07/27/2013 08:20 AM, Kinglok, Fong wrote: Dear all, After using samba 3 for two years, I have just spent totally one week finishing setting up a samba 4 file system in my working school. There are about 200 computers, 80+ staff, 1000 students and 10 printers. The AD was properly setup, mandatory profile and one GPO policy (which is printer download trust) is effective for all users. Logon script is for mapping four shares and 10 printers from the file server. Also, I have setup two additional DCs (with AD replication and DHCP server) for two other subnets in the hope to speed up the logon process. The benefits of Samba 4 are clear: more robust file serving (supporting the windows ACL), speedy printing (with the help of point and printer driver) and administration of AD through with windows remote admin tool. However, logon speed is just far from good. In the days of Samba 3.6, users can logon the system within 20 seconds, even with more than 80 users logon in the same time (two classes students login during computer lesson). Now, with only one user logging in (who is me), it takes nearly 60 seconds to do the logon. I have tried disabling drive and printer mapping in logon script and applying a registry hack (note 1) shorten the profile waiting time in windows 7 client side but it makes no difference in logon speed. I have taken a look on the document in sambaXP 2013: http://sambaxp.org/fileadmin/user_upload/SambaXP2013-DATA/thu/track1/Matthieu_Patou-Smaller_Faster_Scalier.pdf and two thread in samba-technical mailing list: https://lists.samba.org/archive/samba-technical/2013-January/089755.html https://lists.samba.org/archive/samba-technical/2013-May/092332.html It seems that samba team is doing some great work in spotting the unindexed search in LDB as one of block in performance. Certainly, I can wait for the new version 4.0.X for the boost of performance. However, I am in deep panic when lessons are going to be launched on 1st September 2013 here in Hong Kong. Are there any patches so that I can a hot / dirty fix? I don't think the problem is in the database in your case, can you do a tcpdump trace starting just before the client is logging on and stopping it after the logon (ie the 60 sec or so), see https://wiki.samba.org/index.php/Capture_Packets on how to the tcpdump capture. With this trace we should be able to see where is the delay. Matthieu. -- Matthieu Patou Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Managing a Samba4 AD DC using a Win7 workstation
Le Fri, 2 Aug 2013 16:52:56 +0200, Georg Bretschneider georg+mailinglists.sa...@georgb.de a écrit : Hi, are you sure you started the management software as a domain admin? (You know, right click and then start as.) Since you joined your client to the AD, there shouldn't be a problem. Can you resolve the domain name? Bye Georg Hi Georg. Yes I launched the management software as a domain admin because I'm logged in the Win7 workstation as the domain administrator account. I can also resole and ping the domain controller. Thanks for your help. -- Emmanuel Lesouef CRBN/DSI/SITI e: e.leso...@crbn.fr gpg keyid : FCAB0C55 signature.asc Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Joining DC
On Mon, 2013-08-05 at 16:03 +1200, Andrew Bartlett wrote: On Fri, 2013-08-02 at 13:58 +1000, Alex Ferrara wrote: I am having some trouble joining a new samba4 server as a DC. I am pretty sure this stems from trying to use OpenChange and subsequently removing it. The new samba4 machine is running 4.0.7 and the existing is running 4.0.1. I am a little hesitant to do an in-place upgrade of the last working DC, so I wanted a replica to fall back on in case things go bad. On the existing DC logs [2013/08/02 13:53:04, 0] ../source4/rpc_server/drsuapi/getncchanges.c:220(get_nc_changes_build_object) ../source4/rpc_server/drsuapi/getncchanges.c:220: Failed to find attribute in schema for attrid 2786216 mentioned in replPropertyMetaData of CN=Recipient Update Service (DOMAIN)\0ADEL:cbf078d9-a0ff-4609-a05b-743816af619d,CN=Deleted Objects,CN=Configuration,DC=domain,DC=local This is really interesting. We are fighting with this in our automated testing, but we assumed it was due to runtime schema changes. Presuming you have restarted Samba since the last schema change, this points as a more sinister issue. Can you take a clone of this sever, and on an isolated network upgrade this to git master, and try to join another git master server to it? If that fails in the same way, we may wish to get a dump of this object (and potentially the database via a secure route) so we can investigate further. Can you show me the output of 'dbcheck --cross-ncs' with this patch? Please do this on a backup of the domain. Don't run dbcheck --fix because I know the test and fix is at least partially bogus, but I'm just curious to see what this shows up. Thanks, Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz From 172888cf867739bd69f17789c49a2e1710ffe478 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett abart...@samba.org Date: Mon, 5 Aug 2013 19:13:15 +1200 Subject: [PATCH] dbcheck: FIXME Try and find replication metadata that does not match the sent objects The issue with the test is that if an attribute is deleted, then it needs to be in the metadata, but not have any values. The important test should actually be that we can at least translate each metadata entry. Andrew Bartlett --- python/samba/dbchecker.py | 52 +++-- 1 file changed, 46 insertions(+), 6 deletions(-) diff --git a/python/samba/dbchecker.py b/python/samba/dbchecker.py index 8b175c2..0317824 100644 --- a/python/samba/dbchecker.py +++ b/python/samba/dbchecker.py @@ -606,6 +606,19 @@ newSuperior: %s % (str(from_dn), str(to_rdn), str(to_base))) Failed to fix metadata for attribute %s % attr): self.report(Fixed metadata for attribute %s % attr) +def fix_extra_metadata(self, dn, attr): +'''remove replPropertyMetaData elements for a single attribute for a +object. This is used to fix extra replPropertyMetaData elements''' +res = self.samdb.search(base = dn, scope=ldb.SCOPE_BASE, attrs = [attr], +controls = [search_options:1:2, show_recycled:1]) +msg = res[0] +nmsg = ldb.Message() +nmsg.dn = dn +nmsg[attr] = ldb.MessageElement([], ldb.FLAG_MOD_REPLACE, attr) +if self.do_modify(nmsg, [relax:0, provision:0, show_recycled:1], + Failed to remove extra metadata for not-existing attribute %s % attr): +self.report(Removed extra metadata for attribute %s % attr) + def ace_get_effective_inherited_type(self, ace): if ace.flags security.SEC_ACE_FLAG_INHERIT_ONLY: return None @@ -900,6 +913,12 @@ newSuperior: %s % (str(from_dn), str(to_rdn), str(to_base))) if attrname == 'dn': continue +flag = self.samdb_schema.get_systemFlags_from_lDAPDisplayName(attrname) +if (not flag dsdb.DS_FLAG_ATTR_NOT_REPLICATED +and not flag dsdb.DS_FLAG_ATTR_IS_CONSTRUCTED +and not self.samdb_schema.get_linkId_from_lDAPDisplayName(attrname)): +list_attrs_seen.append(str(attrname).lower()) + if str(attrname).lower() == 'replpropertymetadata': list_attrs_from_md = self.process_metadata(obj[attrname]) got_repl_property_meta_data = True @@ -956,12 +975,6 @@ newSuperior: %s % (str(from_dn), str(to_rdn), str(to_base))) error_count += 1 continue -flag = self.samdb_schema.get_systemFlags_from_lDAPDisplayName(attrname) -if (not flag dsdb.DS_FLAG_ATTR_NOT_REPLICATED -and not flag dsdb.DS_FLAG_ATTR_IS_CONSTRUCTED -and not self.samdb_schema.get_linkId_from_lDAPDisplayName(attrname)): -
[Samba] [Announce] Samba 4.0.8, 3.6.17 and 3.5.22 Security Releases Available for Download
Release Announcements - Samba 4.0.8, 3.6.17 and 3.5.22 have been issued as security releases in order to address CVE-2013-4124 (Denial of service - CPU loop and memory allocation). o CVE-2013-4124: All current released versions of Samba are vulnerable to a denial of service on an authenticated or guest connection. A malformed packet can cause the smbd server to loop the CPU performing memory allocations and preventing any further service. A connection to a file share, or a local account is needed to exploit this problem, either authenticated or unauthenticated if guest connections are allowed. This flaw is not exploitable beyond causing the code to loop allocating memory, which may cause the machine to exceed memory limits. Changes: o Jeremy Allison j...@samba.org * BUG 10010: CVE-2013-4124: Missing integer wrap protection in EA list reading can cause server to loop with DOS. ### Reporting bugs Development Discussion ### Please discuss this release on the samba-technical mailing list or by joining the #samba-technical IRC channel on irc.freenode.net. If you do report problems then please try to send high quality feedback. If you don't provide vital information to help us track down the problem then you will probably be ignored. All bug reports should be filed under the Samba 4.0 product in the project's Bugzilla database (https://bugzilla.samba.org/). == == Our Code, Our Bugs, Our Responsibility. == The Samba Team == Download Details The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded from: http://download.samba.org/samba/ftp/stable/ The release notes are available online at: http://www.samba.org/samba/history/samba-4.0.8.html http://www.samba.org/samba/history/samba-3.6.17.html http://www.samba.org/samba/history/samba-3.5.22.html Binary packages will be made available on a volunteer basis from http://download.samba.org/samba/ftp/Binary_Packages/ Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] winbind sometimes only get partial groups
hi: I setup samba4 DC server with windows client and 6 linux workstations.windows client works fine, but linux samba client is strange. I have one user, which belongs to 21 AD groups. but groups my-user only return some of them. at one workstation, it may return all the 21 groups, but others retrun 18 or 19 groups. and at one specific workstation, only return 1 group!! I backup /var/lib/samba/*.tdb and issue command: service winbind stop; rm -f /var/lib/samba/*; service winbind start. then I get all 21 groups with groups my-user. after that I restore the backup of /var/lib/samba/*.tdb. I only get a few groups as before. the most strange part is if I delete the tdb file at var/lib/samba one by one, the returned information of groups my-user won't change. only when I remove all the tdb files at once, then I get different result of groups my-user. I have good and broken /var/lib/samba/*.tdb files in hand if someone want to check. my server and client environment below. thanks a lot for help!! server enviroment: scientific linux 6.4 64bit with samba 4.0.5, 4.0.7 (I compiled and test these two versions). client environment: scientific linux 6.4 64bit with samba 3.6.9 (come with the linux distribution). samba4 server configuration: [global] workgroup = MY-DOMAIN realm = AD.MY-DOMAIN.COM netbios name = DC server role = active directory domain controller dns forwarder = 10.11.1.3 idmap_ldb:use rfc2307 = yes # resolve interface bug interfaces = 127.0.0.1 10.11.1.2 bind interfaces only = Yes strict allocate = yes # disable printing load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes winbind use default domain = yes # winbind nss info = rfc2307 # DC won't read rfc2307 shell and home # template homedir = /share/samba/home/%U template shell = /sbin/nologin [netlogon] path = /usr/local/samba/var/locks/sysvol/ad.my-domain.com/scripts read only = No [sysvol] path = /usr/local/samba/var/locks/sysvol read only = No samba3 client workstation configuration. all 6 clients are the same: [global] workgroup = MY-DOMAIN realm = AD.MY-DOMAIN.COM security = ads idmap config *:backend = tdb idmap config *:range = 3001-4000 idmap config MY-DOMAIN:backend = ad idmap config MY-DOMAIN:default = yes idmap config MY-DOMAIN:range = 1000-3000 idmap config MY-DOMAIN:schema_mode = rfc2307 winbind nss info = rfc2307 winbind enum users = yes winbind enum groups = yes winbind nested groups = no winbind use default domain = yes winbind offline logon = yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] TLS between winbind and openldap
Hi, I'm working hard to setup winbind and openLDAP work together with TLS My networks contains: - a windows server 2008 R2 domain controller - a debian 6 based file server (openmediavault v0.4) running OpenLDAP 2.4.23 and Samba v3.5.6 - a debian 7 computer running winbind 3.6.6 I want to let OpenLDAP store SID = uig/gid mapping to ensure constant uid and gid for users on all linux based computers and then use both CIFS and NFS. I'm trying to solve my issue on openmediavault (debian 6) only for now, because I get the exact same issue when trying to establish communication between winbind 3.6.6 (on debian 7) and OpenLDAP (on Debian 6). I created a self signed certificate authority with openssl and created a private key and a certificate for te file server. I used the same certificate authority to create an other key and certificate for my debian 7 computer. OpenLDAP uses his key and is configured to check clients certificates. winbind on the same computer uses the same key and certificate to communicate with openLDAP and is configured to check the openLDAP's certificate. When running winbind in interactive debug mode everything is running file and wbinfo -i user is able to allocate an uid to the user. an other try shows the uid assigned is effectively retrived from openLDAP. The command line I'm using to test winbind is : winbindd -F -i -d idmap:10. I tried also to run openLDAP in debug mode with the command line slapd -d 1. the logs produced show that openLDAP and winbind work together with encryption in both directions. When I run winbind daemon with the command line service winbind start, the TLS connection cannot be initiated and I cannot allocate a uid to any user using wbinfo -i user. Let's see the configuration files (domain name obsfucated) : ##cn=config.ldif dn: cn=config objectClass: olcGlobal cn: config olcArgsFile: /var/run/slapd/slapd.args olcLogLevel: none olcPidFile: /var/run/slapd/slapd.pid olcToolThreads: 1 structuralObjectClass: olcGlobal entryUUID: e61f99ae-9076-1032-9144-9f2ad5621c65 creatorsName: cn=config createTimestamp: 20130803105505Z olcTLSCACertificateFile: /etc/ssl/certs/ca-certificates.crt olcTLSCertificateKeyFile: /etc/ssl/private/omv-domain-local.key olcTLSCertificateFile: /etc/ssl/certs/omv-domain-local.crt olcTLSVerifyClient: demand entryCSN: 20130803125708.704922Z#00#000#00 modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth modifyTimestamp: 20130803125708Z ##smb.conf #=== Global Settings === [global] workgroup = DOMAIN server string = %h server include = /etc/samba/dhcp.conf dns proxy = no log level = 0 syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 syslog only = yes panic action = /usr/share/samba/panic-action %d encrypt passwords = true passdb backend = tdbsam obey pam restrictions = yes unix password sync = no passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . pam password change = yes socket options = TCP_NODELAY IPTOS_LOWDELAY guest account = nobody load printers = no disable spoolss = yes printing = bsd printcap name = /dev/null unix extensions = yes wide links = no create mask = 0777 directory mask = 0777 use sendfile = no null passwords = no local master = yes time server = no wins support = no password server = * realm = DOMAIN.LOCAL security = ads allow trusted domains = no ; ; samba 3.5.6 idmap configuration ; idmap backend = ldap:ldap://omv.domain.local ldap admin dn = cn=winbind-idmap,dc=domain,dc=local ldap idmap suffix = ou=Idmap ldap suffix = dc=domain,dc=local ldap ssl = start tls ldap debug level = 4 ldap debug threshold = 1 idmap uid = 16777216-5000 idmap gid = 16777216-5000 idmap config * : backend = ldap idmap config * : ldap_url = ldap://omv.domain.local idmap config * : ldap_anon = no idmap config * : ldap_base_dn = ou=Idmap,dc=domain,dc=local idmap config * : ldap_user_dn = cn=winbind-idmap,dc=domain,dc=local idmap config * : range = 16777216-5000 idmap alloc backend = ldap idmap alloc config : ldap_url = ldap://omv.domain.local idmap alloc config : ldap_base_dn = ou=Idmap,dc=domain,dc=local idmap alloc config : ldap_user_dn = cn=winbind-idmap,dc=domain,dc=local winbind use default domain = true winbind offline logon = false ; disable enum users/groups on medium or large organization (affects performance) ; if disabled this will disable domain users/groups enumeration with getent winbind enum users = yes winbind enum groups = yes winbind separator = / winbind nested groups = yes ;winbind normalize names = yes winbind refresh tickets = yes ;template primary group = users template shell = /bin/bash template homedir = /home/%D/%U socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 client ntlmv2 auth = yes client use spnego = yes #=== Share Definitions === #=== Home
Re: [Samba] Debian Package Updates
On 5 August 2013 01:28, Andrew Bartlett abart...@samba.org wrote: On Fri, 2013-08-02 at 14:41 +0100, Dominic Evans wrote: The debian package of samba4 is still sitting at 4.0.3 in experimental. Please could someone (Andrew?) upload an updated package now that we are up to 4.0.7? http://packages.qa.debian.org/s/samba4.html We have toiled mightily, and have new experimental packages. They are stuck in the NEW queue, and have been for a month: http://ftp-master.debian.org/new.html (This is because we have additional package names, as part of the merge with the 'samba' package). Once that's in, I expect a 4.0.7 will follow shortly. Wonderful news. Thanks very much Andrew. I look forward to testing. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Windows 7 Dynamic DNS updates problem
Hi list, I´m running Samba 4.0.7 updated from Samba 4 stable. Running DNS updates with Windows Xp works ok. When I want to do the same with W7 It doesn´t work. I run tshark and it seems that windows 7 complains about the CNAME registry that is missing. I have allowed signed and unsigned updates in my smb.conf Any hel? Thanks in advance! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 4 as member server
Hello list, I'm trying to setup a small samba4 domain ( 1 DC, 1 member server, 12 Win7 clients) on Ubuntu with the packages shipped with Ubuntu 13.04 (Samba 4.0.0), I also tried on Ubuntu 13.10 (Samba 4.0.3). DC seems to work fine, I can manage users an gpo, clients can join and logon. But I cannot the member server working. My smb.conf: [global] workgroup = VERWALTUNG security = ads realm = VERWALTUNG.LEIBNIZ-REMSCHEID.DE encrypt passwords = true server services = +smb -s3fs idmap config *:backend = tdb idmap config *:range = 70001-8 idmap config VERWALTUNG:backend = ad idmap config VERWALTUNG:schema_mode = rfc2307 idmap config VERWALTUNG:range = 500-4 winbind nss info = rfc2307 winbind trusted domains only = no winbind use default domain = yes winbind enum users = yes winbind enum groups = yes server role = domain controller dcerpc endpoint servers = -winreg -srvsvc [verwaltung] path = /srv/shares read only = no [sysvol] path = /var/lib/samba/sysvol read only = no [netlogon] path = /var/lib/samba/sysvol/VERWALTUNG.LEIBNIZ-REMSCHEID.DE/scripts read only = no I did 'samba-tool domain join VERWALTUNG -UAdministrator' with success: Joined domain SID. The server is listet in AD Tools. But 'samba -i -M single -d1' stops working with: samba: /usr/lib/x86_64-linux-gnu/libwbclient.so.0: no version information available (required by /usr/lib/x86_64-linux-gnu/samba/libauth4.so) samba version 4.0.3 started. Copyright Andrew Tridgell and the Samba Team 1992-2012 samba: using 'single' process model task_server_terminate: [ldap_server: no LDAP server required in member server configuration] task_server_terminate: [cldap_server: no CLDAP server required in member server configuration] task_server_terminate: [kdc: no KDC required in member server configuration] task_server_terminate: [dreplsrv: no DSDB replication required in domain member configuration] task_server_terminate: [Cannot start Winbind (domain member): Failed to find record for VERWALTUNG in /var/lib/samba/private/secrets.ldb: No such object: (null): Have you joined the VERWALTUNG domain?] samba_terminate: Cannot start Winbind (domain member): Failed to find record for VERWALTUNG in /var/lib/samba/private/secrets.ldb: No such object: (null): Have you joined the VERWALTUNG domain? root@server04:/var/lib/samba/private# ls -la insgesamt 3784 drwxr-xr-x 3 root root4096 Aug 5 21:50 . drwxr-xr-x 7 root root4096 Aug 5 21:47 .. -rw--- 1 root root 1286144 Aug 5 21:50 privilege.ldb -rw--- 1 root root 696 Aug 5 21:50 randseed.tdb -rw--- 1 root root 1286144 Aug 5 21:50 sam.ldb -rw--- 1 root root 1286144 Aug 5 21:50 secrets.ldb drwxr-xr-x 3 root root4096 Aug 5 21:50 smbd.tmp Please help! Thx, Klaus -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [PATCH] Allow dbcheck to fix Rid Set records
Am 05.08.2013 06:52, schrieb Andrew Bartlett Thank you very much, applied the patch to sernet-samba 4.0.8 sources and deployed packages, now samba-tool dbcheck reported an error but did not break. Afterwards samba-tool dbcheck --fix also managed to fix the rid issue. Achim Gottinger The attached patch should resolve this issue. Let me know if it helps. Thanks, Andrew Bartlett -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 as member server
On Mon, 2013-08-05 at 22:25 +0200, Klaus Rörig wrote: I cannot the member server working. My smb.conf: Hi Leave the domain and remove the .tdb files in /var/lib/smb. Then rejoin with this: [global] workgroup = VERWALTUNG security = ads realm = VERWALTUNG.LEIBNIZ-REMSCHEID.DE encrypt passwords = true idmap config *:backend = tdb idmap config *:range = 70001-8 idmap config VERWALTUNG:backend = ad idmap config VERWALTUNG:schema_mode = rfc2307 idmap config VERWALTUNG:range = 500-4 winbind nss info = rfc2307 winbind trusted domains only = no winbind use default domain = yes winbind enum users = yes winbind enum groups = yes [verwaltung] path = /srv/shares read only = no Start it with: smbd; winbindd Prolly not perfect, but should get you a bit close. hth Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] XP network breaks when shares are accessed by Fedora 19 smbclient
I'll try again with a (hopefully) simpler example. I am having a strange problem when accessing XP shared folders. My XP box connects to internet via dialup, hosts my ethernet lan and provides Internet Connection Sharing to the lan. The XP lan base is 192.168.0.0 and the XP user Owner is on 192.168.0.1 and hostname is WILLY. My Fedora 19 laptop is dual boot win7/fedora19. Booted to win7 I can see XP shares fine. Booted to F19 I have problems. That ends up on 192.168.0.148 with hostname f19.splurge.org. I do have an initial smb.conf but I am just trying to connect to xp via smbclient at this point. --- So here's what happens: If I try to use smbclient to access XP shares on willy an alert box comes up on xp and dialup is broken. If XP machine is NOT dialed up I do not get willy and instead get listing for f19. Example: --- Attempt to connect to XP box WILLY via samba. First with XP NOT connected to internet: ~ smbclient -L WILLY Enter howdy's password: Domain=[WORKGROUP] OS=[Unix] Server=[Samba 4.0.6] Sharename Type Comment - --- Share Disk IPC$IPC IPC Service (Samba Server Version 4.0.6) Brother-HL-2240-series Printer Brother HL-2240 series howdyDisk Home Directories Domain=[WORKGROUP] OS=[Unix] Server=[Samba 4.0.6] Server Comment ---- f19 Samba Server Version 4.0.6 WorkgroupMaster ---- WORKGROUP I see NO mention of any shares I have on WILLY. Everything there relates to f19.splurg.org's samba server. Share is the name of a share I designated in /etc/samba/smb.conf howdy is my /home/howdy directory which is also designated to be shared. Why don't I see any WILLY stuff??? Oddly, I think this is being sent to me from WILLY When WILLY is rebooting I get this until it is fully loaded: ~ smbclient -L WILLY Enter howdy's password: Connection to WILLY failed (Error NT_STATUS_UNSUCCESSFUL) NOW I start dial up on the XP machine and try same: ~ smbclient -L WILLY Enter howdy's password: Domain=[WILLY] OS=[Windows 5.1] Server=[Windows 2000 LAN Manager] Sharename Type Comment - --- PDFCreator Printer eDoc Printer My DocumentsDisk BrotherHPrinter HL-2240 IPC$IPC Remote IPC SharedDocs Disk print$ Disk Printer Drivers testdir Disk D- CD PlayerDisk downloads Disk Buzzshare Disk cprogs Disk MightyFAX Printer MightyFAX Printer Driver Printer Printer HP PSC 1500 series Domain=[WILLY] OS=[Windows 5.1] Server=[Windows 2000 LAN Manager] Server Comment ---- WorkgroupMaster ---- This is where the XP alert box comes up. DNS is disabled for internet use but I can access files. Above is listing showing my new user Buzz's shares as well as others. I can browse and transfer ok: ~ smbclient //WILLY/Buzzshare Enter howdy's password: Domain=[WILLY] OS=[Windows 5.1] Server=[Windows 2000 LAN Manager] smb: \ LS .DR0 Mon Aug 5 12:05:15 2013 .. DR0 Mon Aug 5 12:05:15 2013 desktop.ini AHS 75 Mon Aug 5 11:52:29 2013 My Music DR0 Mon Aug 5 11:52:29 2013 My Pictures DR0 Mon Aug 5 11:52:29 2013 testdir D0 Mon Aug 5 12:05:15 2013 Visual Studio 2008 D0 Fri Oct 5 03:06:06 2012 38154 blocks of size 1048576. 16213 blocks available smb: \ cd testdir smb: \testdir\ ls .D0 Mon Aug 5 12:05:15 2013 .. D0 Mon Aug 5 12:05:15 2013 test-1.txt A 54 Mon Aug 5 11:56:16 2013 smb: \testdir\ quit ~ cat test-1.txt test file to test sharing to samba on f19 blah blah but at this point XP internet connection is severely insulted. As said above an alert box pops up and dns lookup is disabled. The alert box remains open waiting for my input: file report y/n If I do not make a selection I can still ping and browse using numeric addresses. When I do make a selection I cannot get to internet on either machine and I can not disconnect the dialup manually. So I reboot. Ideas Bones... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] XP network breaks when shares are accessed by Fedora 19 smbclient
On Mon, Aug 5, 2013 at 4:21 PM, How_F19 how0...@freeshell.org wrote: The XP lan base is 192.168.0.0 and the XP user Owner is on 192.168.0.1 and hostname is WILLY. I'm translating this all as: XP box is named willy and has the IP 192.168.0.1. what's the workgroup name? appears to be workgroup which is fine. also, smbclient will use smb.conf too. what do you have set for the workgroup? Attempt to connect to XP box WILLY via samba. First with XP NOT connected to internet: ~ smbclient -L WILLY Enter howdy's password: Domain=[WORKGROUP] OS=[Unix] Server=[Samba 4.0.6] this is extra extra weird. something is very wrong with how the names are being resolved. at this point, can you ping willy and get the 192.168.0.1 address? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 4 and DFS replication
I realize that Samba 4 doesn't yet support DFS replication. But my question is if Samba 4 as an AD server supports DFS replication within the environment. For example, if all we have are Samba 4 servers for AD domain controllers, and we have 2+ Windows servers doing DFS between each other (where the Samba 4 file server isn't involved at all), is that supported? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 and DFS replication
On Mon, 2013-08-05 at 17:24 -0500, Kristofer Pettijohn wrote: I realize that Samba 4 doesn't yet support DFS replication. But my question is if Samba 4 as an AD server supports DFS replication within the environment. For example, if all we have are Samba 4 servers for AD domain controllers, and we have 2+ Windows servers doing DFS between each other (where the Samba 4 file server isn't involved at all), is that supported? That should be fine, we just don't implement that protocol yet. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] XP network breaks when shares are accessed by Fedora 19 smbclient
On 08/05/2013 05:34 PM, Chris Weiss wrote: On Mon, Aug 5, 2013 at 4:21 PM, How_F19 how0...@freeshell.org wrote: The XP lan base is 192.168.0.0 and the XP user Owner is on 192.168.0.1 and hostname is WILLY. I'm translating this all as: XP box is named willy and has the IP 192.168.0.1. what's the workgroup name? appears to be workgroup which is fine. also, smbclient will use smb.conf too. what do you have set for the workgroup? Thanks for reply. Yes, xp box is willy and on 192.168.0.1 and: ~ cat /etc/samba/smb.conf [global] workgroup = WORKGROUP server string = Samba Server Version %v log file = /var/log/samba/log.%m max log size = 50 ;idmap config * : backend = tdb cups options = raw [homes] comment = Home Directories read only = No browseable = No [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No [Share] path = /home/share read only = No Attempt to connect to XP box WILLY via samba. First with XP NOT connected to internet: ~ smbclient -L WILLY Enter howdy's password: Domain=[WORKGROUP] OS=[Unix] Server=[Samba 4.0.6] this is extra extra weird. something is very wrong with how the names are being resolved. at this point, can you ping willy and get the 192.168.0.1 address? When I ping willy I get nothing returned but it causes that same alert box comes up on XP box and dns is disabled. I can still ping numeric addresses including 192.168.0.1. I need to reboot XP to reset. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] XP network breaks when shares are accessed by Fedora 19 smbclient
On 08/05/2013 10:32 PM, How_F19 wrote: When I ping willy I get nothing returned So I added line in /etc/hosts 192.168.0.1 WILLY Now I can ping, list and browse willy shares whether dialed up or not with no alert box! Is that a good fix? or is it just patching something that is still messed up? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] XP network breaks when shares are accessed by Fedora 19 smbclient
I also added line for f19 in /etc/hosts. So there I have: -- 127.0.0.1 f19.splurge.org localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.0.1 WILLY 192.168.0.148 f19 -- Does any of that look problematic? Also I wondered about these two things in the output below: - WORKGROUP is listed as f19's domain - values for Server, Comment, Workgroup and Master are missing at bottom of willy's output. -- ~ smbclient -L f19 Enter howdy's password: Domain=[WORKGROUP] OS=[Unix] Server=[Samba 4.0.6] Sharename Type Comment - --- homes Disk Home Directories Share Disk a repos for global files IPC$IPC IPC Service (Samba Server Version 4.0.6) how2Disk Home Directories Domain=[WORKGROUP] OS=[Unix] Server=[Samba 4.0.6] Server Comment ---- F19 Samba Server Version 4.0.6 WorkgroupMaster ---- WORKGROUPF19 ~ smbclient -L willy Enter howdy's password: Domain=[WILLY] OS=[Windows 5.1] Server=[Windows 2000 LAN Manager] Sharename Type Comment - --- My DocumentsDisk testdir Disk Domain=[WILLY] OS=[Windows 5.1] Server=[Windows 2000 LAN Manager] Server Comment ---- WorkgroupMaster ---- -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Announce] Samba 4.0.8, 3.6.17 and 3.5.22 Security Releases Available for Download
Release Announcements - Samba 4.0.8, 3.6.17 and 3.5.22 have been issued as security releases in order to address CVE-2013-4124 (Denial of service - CPU loop and memory allocation). o CVE-2013-4124: All current released versions of Samba are vulnerable to a denial of service on an authenticated or guest connection. A malformed packet can cause the smbd server to loop the CPU performing memory allocations and preventing any further service. A connection to a file share, or a local account is needed to exploit this problem, either authenticated or unauthenticated if guest connections are allowed. This flaw is not exploitable beyond causing the code to loop allocating memory, which may cause the machine to exceed memory limits. Changes: o Jeremy Allison j...@samba.org * BUG 10010: CVE-2013-4124: Missing integer wrap protection in EA list reading can cause server to loop with DOS. ### Reporting bugs Development Discussion ### Please discuss this release on the samba-technical mailing list or by joining the #samba-technical IRC channel on irc.freenode.net. If you do report problems then please try to send high quality feedback. If you don't provide vital information to help us track down the problem then you will probably be ignored. All bug reports should be filed under the Samba 4.0 product in the project's Bugzilla database (https://bugzilla.samba.org/). == == Our Code, Our Bugs, Our Responsibility. == The Samba Team == Download Details The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded from: http://download.samba.org/samba/ftp/stable/ The release notes are available online at: http://www.samba.org/samba/history/samba-4.0.8.html http://www.samba.org/samba/history/samba-3.6.17.html http://www.samba.org/samba/history/samba-3.5.22.html Binary packages will be made available on a volunteer basis from http://download.samba.org/samba/ftp/Binary_Packages/ Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via b699d40 auth/credentials: use CRED_CALLBACK_RESULT after a callback via 8ea36a8 auth/credentials: simplify password_tries state via 26a7420 auth/credentials: get the old password from secrets.tdb via 9325bd9 auth/credentials: keep cli_credentials private via bbd63dd s4:ntlm_auth: make use of cli_credentials_[set_]callback_data* via d47bf46 s4:torture/rpc: make use of cli_credentials_set_netlogon_creds() via d36fcaa s4:torture/gentest: make use of cli_credentials_get_username() via 36b3c95 s4:torture/shell: simplify cli_credentials_set_password() call via cfeeb3c s3:ntlm_auth: remove pointless credentials-priv_data = NULL; via b3cd44d auth/credentials: add cli_credentials_shallow_copy() via 6ff6778 auth/credentials: add cli_credentials_[set_]callback_data* via b8f0922 auth/credentials: remove pointless talloc_reference() from cli_credentials_get_principal_and_obtained() via 9535029 auth/credentials: remove pointless talloc_reference() from cli_credentials_get_unparsed_name() from cae48e9 tevent: Add echo server sample code http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit b699d404bb5d4385a757b5aa5d0e792cf9d5de59 Author: Stefan Metzmacher me...@samba.org Date: Wed Jul 31 14:32:36 2013 +0200 auth/credentials: use CRED_CALLBACK_RESULT after a callback We only do this if it's still CRED_CALLBACK after the callback, this allowes the callback to overwrite it. Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Mon Aug 5 09:36:05 CEST 2013 on sn-devel-104 commit 8ea36a8e58d499aa7bf342b365ca00cb39f295b6 Author: Stefan Metzmacher me...@samba.org Date: Wed Jul 31 14:25:54 2013 +0200 auth/credentials: simplify password_tries state Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit 26a7420c1c4307023b22676cd85d95010ecbf603 Author: Stefan Metzmacher me...@samba.org Date: Wed Jul 31 13:39:17 2013 +0200 auth/credentials: get the old password from secrets.tdb Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit 9325bd9cb6bb942ea989f4e32799c76ea8af3d3e Author: Stefan Metzmacher me...@samba.org Date: Wed Jul 31 12:41:40 2013 +0200 auth/credentials: keep cli_credentials private Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit bbd63dd8a17468d3e332969a30c06e2b2f1540fc Author: Stefan Metzmacher me...@samba.org Date: Wed Jul 31 13:24:21 2013 +0200 s4:ntlm_auth: make use of cli_credentials_[set_]callback_data* Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit d47bf469b8a9064f4f7033918b1fe519adfa0c26 Author: Stefan Metzmacher me...@samba.org Date: Wed Jul 31 13:23:41 2013 +0200 s4:torture/rpc: make use of cli_credentials_set_netlogon_creds() Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit d36fcaa5f3c4d1ad54d767f4a7c5fa6c8d69c00e Author: Stefan Metzmacher me...@samba.org Date: Wed Jul 31 13:23:08 2013 +0200 s4:torture/gentest: make use of cli_credentials_get_username() Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit 36b3c9506c1ac5549a38140e7ffd57644290069f Author: Stefan Metzmacher me...@samba.org Date: Wed Jul 31 13:22:10 2013 +0200 s4:torture/shell: simplify cli_credentials_set_password() call All we want is to avoid a possible callback... Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit cfeeb3ce3de5d1df07299fb83327ae258da0bf8d Author: Stefan Metzmacher me...@samba.org Date: Wed Jul 31 13:20:13 2013 +0200 s3:ntlm_auth: remove pointless credentials-priv_data = NULL; Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit b3cd44d50cff99fa77611679d68d2d57434fefa4 Author: Stefan Metzmacher me...@samba.org Date: Wed Jul 31 13:21:14 2013 +0200 auth/credentials: add cli_credentials_shallow_copy() This is useful for testing. Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit 6ff6778bdc60f1cd4d52cba83bd47d3398fe5a20 Author: Stefan Metzmacher me...@samba.org Date: Wed Jul 31 12:52:17 2013 +0200 auth/credentials: add cli_credentials_[set_]callback_data* Signed-off-by: Stefan Metzmacher
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via be8c916 Announce Samba 4.0.8, 3.6.17 and 3.5.22. from 70b8e7b Announce Samba 4.1.0rc1. http://gitweb.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit be8c91649d8c43db3d2429d567c48721707b5abf Author: Karolin Seeger ksee...@samba.org Date: Mon Aug 5 10:35:06 2013 +0200 Announce Samba 4.0.8, 3.6.17 and 3.5.22. Signed-off-by: Karolin Seeger ksee...@samba.org --- Summary of changes: generated_news/latest_10_bodies.html| 57 ++-- generated_news/latest_10_headlines.html |5 +- generated_news/latest_2_bodies.html | 47 ++-- history/header_history.html |3 + history/samba-3.5.22.html | 49 + history/samba-3.6.17.html | 49 + history/samba-4.0.8.html| 49 + history/security.html | 17 +++ latest_stable_release.html |6 +- security/CVE-2013-4124.html | 73 +++ 10 files changed, 324 insertions(+), 31 deletions(-) create mode 100755 history/samba-3.5.22.html create mode 100755 history/samba-3.6.17.html create mode 100755 history/samba-4.0.8.html create mode 100644 security/CVE-2013-4124.html Changeset truncated at 500 lines: diff --git a/generated_news/latest_10_bodies.html b/generated_news/latest_10_bodies.html index 206cdcf..803edd0 100644 --- a/generated_news/latest_10_bodies.html +++ b/generated_news/latest_10_bodies.html @@ -1,3 +1,47 @@ + h5a name=4.0.805 August 2013/a/h5 + p class=headlineSamba 4.0.8, 3.6.17 and 3.5.22 bSecurity + Releases/b Available for Download/p + pThese are security releases in order to address + a + href=http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4124;CVE-2013-4124/a + (Samba 3.0.x to 4.0.7 are affected by a bdenial of service attack on authenticated + or guest connections)/b./p + + pThe uncompressed tarballs and patch files have been signed + using GnuPG (ID 6568B7EA)./p + p + The source code can be downloaded here: + lia href=http://samba.org/samba/ftp/stable/samba-4.0.8.tar.gz;download + Samba 4.0.8/a,/li + lia href=http://samba.org/samba/ftp/stable/samba-3.6.17.tar.gz;download + Samba 3.6.17/a,/li + lia href=http://samba.org/samba/ftp/stable/samba-3.5.22.tar.gz;download + Samba 3.5.22/a./li + /p + + p + Patches against the parents are also available: + lia + href=http://samba.org/samba/ftp/patches/patch-4.0.7-4.0.8.diffs.gz;patch + Samba 4.0.7/4.0.7/a,/li + lia + href=http://samba.org/samba/ftp/patches/patch-3.6.16-3.6.17.diffs.gz;patch + Samba 3.6.16/3.6.17/a,/li + lia + href=http://samba.org/samba/ftp/patches/patch-3.5.21-3.5.222.diffs.gz;patch + Samba 3.5.21/3.5.22/a./li +/p + +p +Please see the release notes for more info: +lia href=http://samba.org/samba/history/samba-4.0.8.html;release notes + Samba 4.0.8/a,/li +lia href=http://samba.org/samba/history/samba-3.6.17.html;release notes + Samba 3.6.17/a,/li +lia href=http://samba.org/samba/history/samba-3.5.22.html;release notes + Samba 3.5.22/a./li +/p + h5a name=4.1.0rc111 July 2013/a/h5 p class=headlineSamba 4.1.0rc1 Available for Download/p pThis is the first release candidate of the upcoming Samba 4.1 release series./p @@ -112,16 +156,3 @@ now/a. A a href=http://download.samba.org/samba/ftp/patches/patch-4.0.3-4.0 patch against Samba 4.0.3/a is also available. See a href=http://samba.org/samba/history/samba-4.0.4.html; the release notes for more info/a./p - - - h5a name=3.6.1318 March 2013/a/h5 - p class=headlineSamba 3.6.13 Available for Download/p - pThis is the latest stable release of the Samba 3.6 series./p - -pThe uncompressed tarballs and patch files have been signed -using GnuPG (ID 6568B7EA). The source code can be -a href=http://samba.org/samba/ftp/stable/samba-3.6.13.tar.gz;downloaded -now/a. A a href=http://samba.org/samba/ftp/patches/patch-3.6.12-3.6.13.diffs.gz; -patch against Samba 3.6.12/a is also available. -See a href=http://samba.org/samba/history/samba-3.6.13.html; -the release notes for more info/a./p diff --git a/generated_news/latest_10_headlines.html b/generated_news/latest_10_headlines.html index 3dcbebe..476bad9 100644 --- a/generated_news/latest_10_headlines.html +++ b/generated_news/latest_10_headlines.html @@ -1,4 +1,7 @@ ul + li 05 August 2013 a href=#4.0.8Samba 4.0.8, 3.6.17 and 3.5.22 + Security Releases Available for Download (CVE-2013-4124)/a/li + li 02 July 2013 a href=#4.0.7Samba 4.0.7 Available for Download/a/li li
[SCM] Samba Shared Repository - branch v4-0-stable updated
The branch, v4-0-stable has been updated via dbf87d3 WHATSNEW: Add release notes for Samba 4.0.8. via 03656a7 Fix bug #10010 - Missing integer wrap protection in EA list reading can cause server to loop with DOS. via b4bfcdf Fix bug #10010 - Missing integer wrap protection in EA list reading can cause server to loop with DOS. via 4df0ef0 VERSION: Bump version number up to 4.0.8. from 5e3a301 VERSION: Disable git snapshots for the 4.0.7 release. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-stable - Log - commit dbf87d3867c1771a09029b733c8de1e134e270e4 Author: Karolin Seeger ksee...@samba.org Date: Thu Aug 1 20:41:57 2013 +0200 WHATSNEW: Add release notes for Samba 4.0.8. Signed-off-by: Karolin Seeger ksee...@samba.org commit 03656a7c1ea68d4cea585f0bd4a3720be7f1cc13 Author: Jeremy Allison j...@samba.org Date: Thu Jul 11 09:36:01 2013 -0700 Fix bug #10010 - Missing integer wrap protection in EA list reading can cause server to loop with DOS. Fix client-side parsing also. Found by David Disseldorp dd...@suse.de CVE-2013-4124 Signed-off-by: Jeremy Allison j...@samba.org commit b4bfcdf921aeee05c4608d7b48618fdfb1f134dc Author: Jeremy Allison j...@samba.org Date: Wed Jul 10 17:10:17 2013 -0700 Fix bug #10010 - Missing integer wrap protection in EA list reading can cause server to loop with DOS. Ensure we never wrap whilst adding client provided input. Signed-off-by: Jeremy Allison j...@samba.org commit 4df0ef084be147c70f57e39d052f9c69c145d3b0 Author: Karolin Seeger ksee...@samba.org Date: Thu Aug 1 20:44:03 2013 +0200 VERSION: Bump version number up to 4.0.8. Signed-off-by: Karolin Seeger ksee...@samba.org --- Summary of changes: VERSION |2 +- WHATSNEW.txt| 60 +- source3/smbd/nttrans.c | 12 source4/libcli/raw/raweas.c |7 +++- 4 files changed, 76 insertions(+), 5 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index e98b7e8..68f3383 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=0 -SAMBA_VERSION_RELEASE=7 +SAMBA_VERSION_RELEASE=8 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 6ab15c8..503aff0 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,4 +1,60 @@ = + Release Notes for Samba 4.0.8 + August 05, 2013 + = + + +This is a security release in order to address +CVE-2013-4124 (Missing integer wrap protection in EA list reading can cause +server to loop with DOS). + +o CVE-2013-4124: + All current released versions of Samba are vulnerable to a denial of + service on an authenticated or guest connection. A malformed packet + can cause the smbd server to loop the CPU performing memory + allocations and preventing any further service. + + A connection to a file share, or a local account is needed to exploit + this problem, either authenticated or unauthenticated if guest + connections are allowed. + + This flaw is not exploitable beyond causing the code to loop + allocating memory, which may cause the machine to exceed memory + limits. + + +Changes since 4.0.7: + + +o Jeremy Allison j...@samba.org +* BUG 10010: CVE-2013-4124: Missing integer wrap protection in EA list + reading can cause server to loop with DOS. + + +## +Reporting bugs Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 4.0 product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +== + + +Release notes for older releases follow: + + + = Release Notes for Samba 4.0.7 July 2, 2013 = @@ -103,8
[SCM] Samba Shared Repository - branch v3-6-stable updated
The branch, v3-6-stable has been updated via e03ad14 WHATSNEW: Add release notes for Samba 3.6.17. via efdbcab Fix bug #10010 - Missing integer wrap protection in EA list reading can cause server to loop with DOS. from b45411c WHATSNEW: Start release notes for Samba 3.6.17. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-stable - Log - commit e03ad1401fd1cca54f9f5c4c1e98ec9ad87b5565 Author: Karolin Seeger ksee...@samba.org Date: Mon Jul 29 20:55:18 2013 +0200 WHATSNEW: Add release notes for Samba 3.6.17. Signed-off-by: Karolin Seeger ksee...@samba.org commit efdbcabbe97a594572d71d714d258a5854c5d8ce Author: Jeremy Allison j...@samba.org Date: Wed Jul 10 17:10:17 2013 -0700 Fix bug #10010 - Missing integer wrap protection in EA list reading can cause server to loop with DOS. Ensure we never wrap whilst adding client provided input. CVE-2013-4124 Signed-off-by: Jeremy Allison j...@samba.org --- Summary of changes: WHATSNEW.txt | 23 +++ source3/smbd/nttrans.c | 12 2 files changed, 31 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index a921e4a..4291736 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,19 +1,34 @@ == Release Notes for Samba 3.6.17 - August 14, 2013 + August 05, 2013 == -This is is the latest stable release of Samba 3.6. +This is a security release in order to address +CVE-2013-4124 (Missing integer wrap protection in EA list reading can cause +server to loop with DOS). + +o CVE-2013-4124: + All current released versions of Samba are vulnerable to a denial of + service on an authenticated or guest connection. A malformed packet + can cause the smbd server to loop the CPU performing memory + allocations and preventing any further service. + + A connection to a file share, or a local account is needed to exploit + this problem, either authenticated or unauthenticated if guest + connections are allowed. -Major enhancements in Samba 3.6.17 include: + This flaw is not exploitable beyond causing the code to loop + allocating memory, which may cause the machine to exceed memory + limits. -o Changes since 3.6.16: - o Jeremy Allison j...@samba.org +* BUG 10010: CVE-2013-4124: Missing integer wrap protection in EA list + reading can cause server to loop with DOS. ## diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index ea9d417..5fc3a09 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -989,7 +989,19 @@ struct ea_list *read_nttrans_ea_list(TALLOC_CTX *ctx, const char *pdata, size_t if (next_offset == 0) { break; } + + /* Integer wrap protection for the increment. */ + if (offset + next_offset offset) { + break; + } + offset += next_offset; + + /* Integer wrap protection for while loop. */ + if (offset + 4 offset) { + break; + } + } return ea_list_head; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-stable updated
The branch, v3-5-stable has been updated via eb18d5d WHATSNEW: Add release notes for Samba 3.5.22. via 6ef0e33 Fix bug #10010 - Missing integer wrap protection in EA list reading can cause server to loop with DOS. from 81aa6c38 VERSION: Bump Version number up to 3.5.22. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-stable - Log - commit eb18d5d2492632fcccd71a5c3fc0364465def609 Author: Karolin Seeger ksee...@samba.org Date: Wed Jul 24 20:53:49 2013 +0200 WHATSNEW: Add release notes for Samba 3.5.22. Signed-off-by: Karolin Seeger ksee...@samba.org commit 6ef0e33fe8afa0ebb81652b9d42b42d20efadf04 Author: Jeremy Allison j...@samba.org Date: Wed Jul 10 17:10:17 2013 -0700 Fix bug #10010 - Missing integer wrap protection in EA list reading can cause server to loop with DOS. Ensure we never wrap whilst adding client provided input. CVE-2013-4124 Signed-off-by: Jeremy Allison j...@samba.org --- Summary of changes: WHATSNEW.txt | 60 ++- source3/smbd/nttrans.c | 12 + 2 files changed, 70 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index a7766a9..7a36ab6 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,4 +1,60 @@ == + Release Notes for Samba 3.5.22 + August 05, 2013 + == + + +This is a security release in order to address +CVE-2013-4124 (Missing integer wrap protection in EA list reading can cause +server to loop with DOS). + +o CVE-2013-4124: + All current released versions of Samba are vulnerable to a denial of + service on an authenticated or guest connection. A malformed packet + can cause the smbd server to loop the CPU performing memory + allocations and preventing any further service. + + A connection to a file share, or a local account is needed to exploit + this problem, either authenticated or unauthenticated if guest + connections are allowed. + + This flaw is not exploitable beyond causing the code to loop + allocating memory, which may cause the machine to exceed memory + limits. + + +Changes since 3.5.21: +- + +o Jeremy Allison j...@samba.org +* BUG 10010: CVE-2013-4124: Missing integer wrap protection in EA list + reading can cause server to loop with DOS. + + +## +Reporting bugs Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 3.5 product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +== + + +Release notes for older releases follow: + + + == Release Notes for Samba 3.5.21 January 30, 2013 == @@ -61,8 +117,8 @@ database (https://bugzilla.samba.org/). == -Release notes for older releases follow: - +-- + == Release Notes for Samba 3.5.20 diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index 2ca14f4..2559769 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -934,7 +934,19 @@ struct ea_list *read_nttrans_ea_list(TALLOC_CTX *ctx, const char *pdata, size_t if (next_offset == 0) { break; } + + /* Integer wrap protection for the increment. */ + if (offset + next_offset offset) { + break; + } + offset += next_offset; + + /* Integer wrap protection for while loop. */ + if (offset + 4 offset) { + break; + } + } return ea_list_head; -- Samba Shared Repository
[SCM] Samba Shared Repository - annotated tag samba-4.0.8 created
The annotated tag, samba-4.0.8 has been created at 1099bb0105ce5f5b2f31be0fc646c6eddeab2ccd (tag) tagging dbf87d3867c1771a09029b733c8de1e134e270e4 (commit) replaces samba-4.0.7 tagged by Karolin Seeger on Fri Aug 2 20:04:53 2013 +0200 - Log - samba: tag release samba-4.0.8 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iD8DBQBR+/TFbzORW2Vot+oRAu/yAKCX9dr4zzgr9yyp5NEs3MRBsyFDwwCeIJte z8bFdTtBE8R4gFZwmZyjVLg= =c/SH -END PGP SIGNATURE- Jeremy Allison (2): Fix bug #10010 - Missing integer wrap protection in EA list reading can cause server to loop with DOS. Fix bug #10010 - Missing integer wrap protection in EA list reading can cause server to loop with DOS. Karolin Seeger (2): VERSION: Bump version number up to 4.0.8. WHATSNEW: Add release notes for Samba 4.0.8. --- -- Samba Shared Repository
[SCM] Samba Shared Repository - annotated tag samba-3.6.17 created
The annotated tag, samba-3.6.17 has been created at 2af9f795c318ac2c31c3bc06223bcd4969a832e1 (tag) tagging e03ad1401fd1cca54f9f5c4c1e98ec9ad87b5565 (commit) replaces samba-3.6.16 tagged by Karolin Seeger on Mon Aug 5 09:29:40 2013 +0200 - Log - tag samba-3.6.17 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iD8DBQBR/1RqbzORW2Vot+oRAjI+AJ9giT8XLm0DI9OiKcXPcd0M/Y84MgCfc+gy dH0sGcFNKSwSBmg5qGsgo30= =5D9x -END PGP SIGNATURE- Jeremy Allison (1): Fix bug #10010 - Missing integer wrap protection in EA list reading can cause server to loop with DOS. Karolin Seeger (3): VERSION: Bump version number up to 3.6.17. WHATSNEW: Start release notes for Samba 3.6.17. WHATSNEW: Add release notes for Samba 3.6.17. --- -- Samba Shared Repository
[SCM] Samba Shared Repository - annotated tag samba-3.5.22 created
The annotated tag, samba-3.5.22 has been created at 3efcd1a538bd2bb9a758d3e045ccd46bb9ddda6c (tag) tagging eb18d5d2492632fcccd71a5c3fc0364465def609 (commit) replaces samba-3.5.21 tagged by Karolin Seeger on Mon Aug 5 09:31:18 2013 +0200 - Log - tag samba-3.5.22 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iD8DBQBR/1TSbzORW2Vot+oRAlE6AJ9VrH5X9Os6MVg439RRjdCr2RLMmACfVNK9 weHdinayf3HWaq55Imdc8LQ= =6zjL -END PGP SIGNATURE- Jeremy Allison (1): Fix bug #10010 - Missing integer wrap protection in EA list reading can cause server to loop with DOS. Karolin Seeger (2): VERSION: Bump Version number up to 3.5.22. WHATSNEW: Add release notes for Samba 3.5.22. --- -- Samba Shared Repository
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 33c92ee Fix typos. from be8c916 Announce Samba 4.0.8, 3.6.17 and 3.5.22. http://gitweb.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 33c92ee0ae51ab3fc63c10daaa1ace95198f5aa3 Author: Karolin Seeger ksee...@samba.org Date: Mon Aug 5 10:42:15 2013 +0200 Fix typos. Signed-off-by: Karolin Seeger ksee...@samba.org --- Summary of changes: generated_news/latest_10_bodies.html |4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/generated_news/latest_10_bodies.html b/generated_news/latest_10_bodies.html index 803edd0..2e0351b 100644 --- a/generated_news/latest_10_bodies.html +++ b/generated_news/latest_10_bodies.html @@ -23,12 +23,12 @@ Patches against the parents are also available: lia href=http://samba.org/samba/ftp/patches/patch-4.0.7-4.0.8.diffs.gz;patch - Samba 4.0.7/4.0.7/a,/li + Samba 4.0.7/4.0.8/a,/li lia href=http://samba.org/samba/ftp/patches/patch-3.6.16-3.6.17.diffs.gz;patch Samba 3.6.16/3.6.17/a,/li lia - href=http://samba.org/samba/ftp/patches/patch-3.5.21-3.5.222.diffs.gz;patch + href=http://samba.org/samba/ftp/patches/patch-3.5.21-3.5.22.diffs.gz;patch Samba 3.5.21/3.5.22/a./li /p -- Samba Website Repository
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via ec801b7 Fix typos. from 33c92ee Fix typos. http://gitweb.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit ec801b746fa8fe65a825772a9a84e101708feda7 Author: Karolin Seeger ksee...@samba.org Date: Mon Aug 5 10:43:03 2013 +0200 Fix typos. Signed-off-by: Karolin Seeger ksee...@samba.org --- Summary of changes: generated_news/latest_2_bodies.html |4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/generated_news/latest_2_bodies.html b/generated_news/latest_2_bodies.html index 38519a7..281199f 100644 --- a/generated_news/latest_2_bodies.html +++ b/generated_news/latest_2_bodies.html @@ -23,12 +23,12 @@ Patches against the parents are also available: lia href=http://samba.org/samba/ftp/patches/patch-4.0.7-4.0.8.diffs.gz;patch - Samba 4.0.7/4.0.7/a,/li + Samba 4.0.7/4.0.8/a,/li lia href=http://samba.org/samba/ftp/patches/patch-3.6.16-3.6.17.diffs.gz;patch Samba 3.6.16/3.6.17/a,/li lia - href=http://samba.org/samba/ftp/patches/patch-3.5.21-3.5.222.diffs.gz;patch + href=http://samba.org/samba/ftp/patches/patch-3.5.21-3.5.22.diffs.gz;patch Samba 3.5.21/3.5.22/a./li /p -- Samba Website Repository
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via 221cffa s4-lib/socket: Allocate a the larger sockaddr_un and not just a sockaddr_in in unixdom_get_my_addr() via 85db68b s4-lib/socket: Allocate a the larger sockaddr_un and not just a sockaddr_in in unixdom_get_peer_addr() via 93d4207 s4:server: avoid calling into nss_winbind from within 'samba' via 45349be s4:rpc_server: make sure we don't terminate a connection with pending requests (bug #9820) via a1a7349 s4-winbindd: Do not terminate a connection that is still pending (bug #9820) via c257e3b service_stream: Log if the connection termination is deferred or not (bug #9820) via a629507 s4-winbind: Add special case for BUILTIN domain via 7ded0ce pam_winbind: update documentation for DIR krb5ccname pragma. via 7ce7020 s3-winbindd: support the DIR pragma for raw kerberos user pam authentication. via 98393f9 wbinfo: allow to define a custom krb5ccname for kerberized pam auth. from 64dce3c s3-netlogon: enumerate UPN suffixes from PASSDB when available http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 221cffa25510b6115490b5c48d60ec231357a068 Author: Stefan Metzmacher me...@samba.org Date: Wed Jul 24 10:19:26 2013 +1200 s4-lib/socket: Allocate a the larger sockaddr_un and not just a sockaddr_in in unixdom_get_my_addr() This caused crashes in _tsocket_address_bsd_from_sockaddr() when we read past the end of the allocation. (similar to commit e9ae36e9683372b86f1efbd29904722a33fea083) Bug: https://bugzilla.samba.org/show_bug.cgi?id=10042 Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Wed Jul 24 14:37:43 CEST 2013 on sn-devel-104 (cherry picked from commit 077dfd0a89a854c21b91b0f871d034fd9fe82a9a) Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Mon Aug 5 11:54:46 CEST 2013 on sn-devel-104 commit 85db68b26c7572e7ea7bc820d14045658803f188 Author: Andrew Bartlett abart...@samba.org Date: Wed Jul 24 10:19:26 2013 +1200 s4-lib/socket: Allocate a the larger sockaddr_un and not just a sockaddr_in in unixdom_get_peer_addr() This caused crashes in _tsocket_address_bsd_from_sockaddr() when we read past the end of the allocation. Andrew Bartlett Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Jeremy Allison j...@samba.org (cherry picked from commit e9ae36e9683372b86f1efbd29904722a33fea083) commit 93d42071056980a9a438cfe4660154a6050226dc Author: Stefan Metzmacher me...@samba.org Date: Wed Jul 10 14:48:18 2013 +0200 s4:server: avoid calling into nss_winbind from within 'samba' The most important part is that the 'winbind_server' doesn't recurse into itself. This could happen if the krb5 libraries call getlogin(). As we may run in single process mode, we need to set _NO_WINBINDD=1 everywhere, the only exception is the forked 'smbd'. Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org The last 5 patches address bug #9820 - crash of winbind after ls -l /usr/local/samba/var/locks/sysvol. commit 45349be04011579f0a65ae687c13c90beaeda684 Author: Stefan Metzmacher me...@samba.org Date: Tue Jul 9 16:38:59 2013 +0200 s4:rpc_server: make sure we don't terminate a connection with pending requests (bug #9820) Sadly we may have nested event loops, which won't work correctly with broken connections, that's why we have to do this... Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Wed Jul 10 08:47:38 CEST 2013 on sn-devel-104 (cherry picked from commit e6a58d370403e818bc2cfb8389751b78adcc14fd) commit a1a7349888e8f3709a6e98b2ca94be6a4dd13258 Author: Andrew Bartlett abart...@samba.org Date: Thu Jun 27 11:28:03 2013 +1000 s4-winbindd: Do not terminate a connection that is still pending (bug #9820) Instead, wait until the call attempts to reply, and let it terminate then (often this happens in the attempt to then write to the broken pipe). Andrew Bartlett Pair-Programmed-With: Stefan Metzmacher me...@samba.org Signed-off-by: Andrew Bartlett abart...@samba.org Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org (cherry picked from commit 2505d48e4fbcd8a805a88ad0b05fb1a16a588197) commit c257e3bdf5ff719652ac6e6683c889e2fe449ccd Author: Andrew Bartlett
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 6659f01 s3-libads: Print a message if no realm has been specified. via 94be8d6 s3:rpc_client: rename same variables in cli_rpc_pipe_open_schannel_with_key() via 8a302fc s3:rpc_client: use the correct context for netlogon_creds_copy() in rpccli_schannel_bind_data() via 6ce645e s3:rpc_client: make rpccli_schannel_bind_data() static via 7b3ddd1 s3:netlogon: make use of netlogon_creds_decrypt_samlogon_logon() via 9d54831 s4:netlogon: make use of netlogon_creds_decrypt_samlogon_logon() via 2ea749a libcli/auth: add netlogon_creds_shallow_copy_logon() via c7319fc libcli/auth: add netlogon_creds_[de|en]crypt_samlogon_logon() via 291f6a1 libcli/auth: fix shadowed declaration in netlogon_creds_crypt_samlogon_validation() via 39fedd2 libcli/auth: make netlogon_creds_crypt_samlogon_validation more robust via d54c908 s3:rpcclient: use talloc_stackframe() in do_cmd() via 34fa794 s4:librpc: fix netlogon connections against servers without AES support via 05d9b41 s3-net: avoid confusing output in net_rpc_oldjoin() if NET_FLAGS_EXPECT_FALLBACK is passed via 3e4ded4 s3-net: use libnetjoin for net rpc join newstyle. via 9cfa625 s3-net: use libnetjoin for net rpc testjoin. via 1242ab0 s3:libnet: let the caller truncate the pw in libnet_join_joindomain_rpc_unsecure() via d398a12 s3-libnetjoin: move net rpc oldjoin to use libnetjoin. via c4d6d75 s3-libnetjoin: add machine_name length check. via cc0cbd4 s3: libnet_join: use admin_domain in libnetjoin. via c11a79c s3: libnet_join: add admin_domain. via a9d5b2f libcli/auth: also set secure channel type in netlogon_creds_client_init(). via b19e7e6 s3-rpc_cli: pass down ndr_interface_table to rpc_transport_np_init_send(). via c41b6e5 s3-rpc_cli: pass down ndr_interface_table to rpc_transport_np_init(). via 7bdcfcb s3-rpc_cli: pass down ndr_interface_table to rpc_pipe_open_tcp_port(). via 0ff8c2d s3-rpc_cli: pass down ndr_interface_table to rpc_pipe_get_tcp_port(). via 5c5cff0 s3-rpc_cli: pass down ndr_interface_table to rpc_pipe_open_tcp(). via 8cd3a06 s3-rpc_cli: pass down ndr_interface_table to rpc_pipe_open_np(). via 34cc4b4 s3-rpc_cli: pass down ndr_interface_table to cli_rpc_pipe_open(). via 9aa99c3 s3-rpc_cli: pass down ndr_interface_table to cli_rpc_pipe_open_noauth_transport(). via 9813fe2 s3-rpc_cli: pass down ndr_interface_table to cli_rpc_pipe_open_noauth(). via 3dc3a6c s3-rpc_cli: pass down ndr_interface_table to cli_rpc_pipe_open_schannel_with_key(). via 7f16947 s3-rpc_cli: pass down ndr_interface_table to cli_rpc_pipe_open_ntlmssp_auth_schannel(). via f6d61b5 s3-rpc_cli: pass down ndr_interface_table to cli_rpc_pipe_open_schannel(). via 6886cff s3-rpc_cli: pass down ndr_interface_table to rpc_pipe_open_interface(). via 9b4fb5b s3-rpc_cli: pass down ndr_interface_table to rpc_pipe_open_ncalrpc(). via 0ce2178 s3-libnetapi: pass down ndr_interface_table to pipe_cm() and friends. via 77f7f2a s3-libnetapi: pass down ndr_interface_table to libnetapi_open_pipe(). via fa37bbd s3-libnetapi: pass down ndr_interface_table to libnetapi_get_binding_handle(). via a1368ca s3-rpc_cli: remove prototype of nonexisting cli_rpc_pipe_open_krb5(). via 93e92fa s3-net: pass down ndr_interface_table to connect_dst_pipe(). via 6dc7c63 s3-libads: Fail create_local_private_krb5_conf_for_domain() if parameters missing. from b699d40 auth/credentials: use CRED_CALLBACK_RESULT after a callback http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 6659f0164c6b8d7ad522bcd6c2c6748c3d9bca81 Author: Andreas Schneider a...@samba.org Date: Mon Aug 5 09:25:11 2013 +0200 s3-libads: Print a message if no realm has been specified. Signed-off-by: Andreas Schneider a...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org Autobuild-User(master): Andreas Schneider a...@cryptomilk.org Autobuild-Date(master): Mon Aug 5 12:24:44 CEST 2013 on sn-devel-104 commit 94be8d63cd21fbb9e31bf7a92af82e19c596f94f Author: Stefan Metzmacher me...@samba.org Date: Thu Apr 25 19:43:58 2013 +0200 s3:rpc_client: rename same variables in cli_rpc_pipe_open_schannel_with_key() Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andreas Schneider a...@samba.org commit 8a302fc353de8d373a0ec8544da4da6f305ec923 Author: Stefan Metzmacher me...@samba.org Date: Thu Apr 25 18:29:31 2013 +0200 s3:rpc_client: use the correct context for netlogon_creds_copy() in rpccli_schannel_bind_data() Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andreas Schneider
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via f5bd128 VERSION: Bump version number up to 4.0.9. via 3b7e719 Merge tag 'samba-4.0.8' into v4-0-test via dbf87d3 WHATSNEW: Add release notes for Samba 4.0.8. via 03656a7 Fix bug #10010 - Missing integer wrap protection in EA list reading can cause server to loop with DOS. via b4bfcdf Fix bug #10010 - Missing integer wrap protection in EA list reading can cause server to loop with DOS. via 4df0ef0 VERSION: Bump version number up to 4.0.8. from 221cffa s4-lib/socket: Allocate a the larger sockaddr_un and not just a sockaddr_in in unixdom_get_my_addr() http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit f5bd1286f124dd03161dcd876681c3df1d4793f3 Author: Karolin Seeger ksee...@samba.org Date: Mon Aug 5 12:41:23 2013 +0200 VERSION: Bump version number up to 4.0.9. Signed-off-by: Karolin Seeger ksee...@samba.org commit 3b7e7196c6854cd549a0d2fab39165e0c13fa88f Merge: 221cffa25510b6115490b5c48d60ec231357a068 dbf87d3867c1771a09029b733c8de1e134e270e4 Author: Karolin Seeger ksee...@samba.org Date: Mon Aug 5 12:40:37 2013 +0200 Merge tag 'samba-4.0.8' into v4-0-test samba: tag release samba-4.0.8 --- Summary of changes: VERSION |2 +- WHATSNEW.txt| 60 +- source3/smbd/nttrans.c | 12 source4/libcli/raw/raweas.c |7 +++- 4 files changed, 76 insertions(+), 5 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index be94a07..6cb5cba 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=0 -SAMBA_VERSION_RELEASE=8 +SAMBA_VERSION_RELEASE=9 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 6ab15c8..503aff0 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,4 +1,60 @@ = + Release Notes for Samba 4.0.8 + August 05, 2013 + = + + +This is a security release in order to address +CVE-2013-4124 (Missing integer wrap protection in EA list reading can cause +server to loop with DOS). + +o CVE-2013-4124: + All current released versions of Samba are vulnerable to a denial of + service on an authenticated or guest connection. A malformed packet + can cause the smbd server to loop the CPU performing memory + allocations and preventing any further service. + + A connection to a file share, or a local account is needed to exploit + this problem, either authenticated or unauthenticated if guest + connections are allowed. + + This flaw is not exploitable beyond causing the code to loop + allocating memory, which may cause the machine to exceed memory + limits. + + +Changes since 4.0.7: + + +o Jeremy Allison j...@samba.org +* BUG 10010: CVE-2013-4124: Missing integer wrap protection in EA list + reading can cause server to loop with DOS. + + +## +Reporting bugs Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 4.0 product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +== + + +Release notes for older releases follow: + + + = Release Notes for Samba 4.0.7 July 2, 2013 = @@ -103,8 +159,8 @@ database (https://bugzilla.samba.org/). == -Release notes for older releases follow: - +-- + = Release Notes for Samba 4.0.6 diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index 54e475d..f70fb36 100644 --- a/source3/smbd/nttrans.c +++
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via cb48b06 WHATSNEW: Start release notes for Samba 3.6.18. via dda0d8d VERSION: Bump version number up to 3.6.18. via d69a4f7 WHATSNEW: Add release notes for Samba 3.6.17. via 6173b83 Fix bug #10010 - Missing integer wrap protection in EA list reading can cause server to loop with DOS. from dbb52ee build:autoconf: fix output of syslog-facility check http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit cb48b067251c3a523b1bdc10bf4b3ff4fc8b104f Author: Karolin Seeger ksee...@samba.org Date: Mon Aug 5 12:46:58 2013 +0200 WHATSNEW: Start release notes for Samba 3.6.18. Signed-off-by: Karolin Seeger ksee...@samba.org commit dda0d8da02a41be149af5b66e6b77dae2fd6f227 Author: Karolin Seeger ksee...@samba.org Date: Mon Aug 5 12:44:46 2013 +0200 VERSION: Bump version number up to 3.6.18. Signed-off-by: Karolin Seeger ksee...@samba.org commit d69a4f78b7faf020d3736e4d73848ef8b00ea832 Author: Karolin Seeger ksee...@samba.org Date: Mon Jul 29 20:55:18 2013 +0200 WHATSNEW: Add release notes for Samba 3.6.17. Signed-off-by: Karolin Seeger ksee...@samba.org (cherry picked from commit e03ad1401fd1cca54f9f5c4c1e98ec9ad87b5565) commit 6173b83e7df39f222771bd71de7a92086387c293 Author: Jeremy Allison j...@samba.org Date: Wed Jul 10 17:10:17 2013 -0700 Fix bug #10010 - Missing integer wrap protection in EA list reading can cause server to loop with DOS. Ensure we never wrap whilst adding client provided input. CVE-2013-4124 Signed-off-by: Jeremy Allison j...@samba.org (cherry picked from commit efdbcabbe97a594572d71d714d258a5854c5d8ce) --- Summary of changes: WHATSNEW.txt | 65 +--- source3/VERSION|2 +- source3/smbd/nttrans.c | 12 + 3 files changed, 74 insertions(+), 5 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index a921e4a..125d793 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,16 +1,17 @@ == - Release Notes for Samba 3.6.17 + Release Notes for Samba 3.6.18 August 14, 2013 == This is is the latest stable release of Samba 3.6. -Major enhancements in Samba 3.6.17 include: +Major enhancements in Samba 3.6.18 include: -o +o -Changes since 3.6.16: + +Changes since 3.6.17: - o Jeremy Allison j...@samba.org @@ -39,6 +40,62 @@ Release notes for older releases follow: == + Release Notes for Samba 3.6.17 + August 05, 2013 + == + + +This is a security release in order to address +CVE-2013-4124 (Missing integer wrap protection in EA list reading can cause +server to loop with DOS). + +o CVE-2013-4124: + All current released versions of Samba are vulnerable to a denial of + service on an authenticated or guest connection. A malformed packet + can cause the smbd server to loop the CPU performing memory + allocations and preventing any further service. + + A connection to a file share, or a local account is needed to exploit + this problem, either authenticated or unauthenticated if guest + connections are allowed. + + This flaw is not exploitable beyond causing the code to loop + allocating memory, which may cause the machine to exceed memory + limits. + + +Changes since 3.6.16: +- + +o Jeremy Allison j...@samba.org +* BUG 10010: CVE-2013-4124: Missing integer wrap protection in EA list + reading can cause server to loop with DOS. + + +## +Reporting bugs Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 3.6 product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +== + + +-- + + + ==
[SCM] Samba Shared Repository - branch v3-6-stable updated
The branch, v3-6-stable has been updated via 0694139 WHATSNEW: Start release notes for Samba 3.6.18. via 1798688 VERSION: Bump version number up to 3.6.18. from e03ad14 WHATSNEW: Add release notes for Samba 3.6.17. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-stable - Log - commit 0694139cc6e64197eefaa78f1148daa63ad6d165 Author: Karolin Seeger ksee...@samba.org Date: Mon Aug 5 12:46:58 2013 +0200 WHATSNEW: Start release notes for Samba 3.6.18. Signed-off-by: Karolin Seeger ksee...@samba.org (cherry picked from commit cb48b067251c3a523b1bdc10bf4b3ff4fc8b104f) commit 1798688069494255ab7d7e96d9c6e08883e1b569 Author: Karolin Seeger ksee...@samba.org Date: Mon Aug 5 12:44:46 2013 +0200 VERSION: Bump version number up to 3.6.18. Signed-off-by: Karolin Seeger ksee...@samba.org (cherry picked from commit dda0d8da02a41be149af5b66e6b77dae2fd6f227) --- Summary of changes: WHATSNEW.txt| 46 -- source3/VERSION |2 +- 2 files changed, 45 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 4291736..125d793 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,4 +1,45 @@ == + Release Notes for Samba 3.6.18 + August 14, 2013 + == + + +This is is the latest stable release of Samba 3.6. + +Major enhancements in Samba 3.6.18 include: + +o + + +Changes since 3.6.17: +- + +o Jeremy Allison j...@samba.org + + +## +Reporting bugs Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 3.6 product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +== + +Release notes for older releases follow: + + + == Release Notes for Samba 3.6.17 August 05, 2013 == @@ -50,8 +91,9 @@ database (https://bugzilla.samba.org/). == The Samba Team == -Release notes for older releases follow: - + +-- + == Release Notes for Samba 3.6.16 diff --git a/source3/VERSION b/source3/VERSION index 2410272..ea6a68d 100644 --- a/source3/VERSION +++ b/source3/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=3 SAMBA_VERSION_MINOR=6 -SAMBA_VERSION_RELEASE=17 +SAMBA_VERSION_RELEASE=18 # Bug fix releases use a letter for the patch revision # -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via c4cba82 Fix bug #10010 - Missing integer wrap protection in EA list reading can cause server to loop with DOS. via c8d8bb2 Fix bug #10010 - Missing integer wrap protection in EA list reading can cause server to loop with DOS. from 6659f01 s3-libads: Print a message if no realm has been specified. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit c4cba824d9e4bb31e1b6a901e994ffdfd3ad522e Author: Jeremy Allison j...@samba.org Date: Thu Jul 11 09:36:01 2013 -0700 Fix bug #10010 - Missing integer wrap protection in EA list reading can cause server to loop with DOS. Fix client-side parsing also. Found by David Disseldorp dd...@suse.de Signed-off-by: Jeremy Allison j...@samba.org Autobuild-User(master): Karolin Seeger ksee...@samba.org Autobuild-Date(master): Mon Aug 5 14:39:04 CEST 2013 on sn-devel-104 commit c8d8bb257ac390c89c4238ed86dfef02750b6049 Author: Jeremy Allison j...@samba.org Date: Wed Jul 10 17:10:17 2013 -0700 Fix bug #10010 - Missing integer wrap protection in EA list reading can cause server to loop with DOS. Ensure we never wrap whilst adding client provided input. Signed-off-by: Jeremy Allison j...@samba.org --- Summary of changes: source3/smbd/nttrans.c | 12 source4/libcli/raw/raweas.c |7 +-- 2 files changed, 17 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index 800e2fd..bcba29a 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -990,7 +990,19 @@ struct ea_list *read_nttrans_ea_list(TALLOC_CTX *ctx, const char *pdata, size_t if (next_offset == 0) { break; } + + /* Integer wrap protection for the increment. */ + if (offset + next_offset offset) { + break; + } + offset += next_offset; + + /* Integer wrap protection for while loop. */ + if (offset + 4 offset) { + break; + } + } return ea_list_head; diff --git a/source4/libcli/raw/raweas.c b/source4/libcli/raw/raweas.c index 5f06e70..b626b31 100644 --- a/source4/libcli/raw/raweas.c +++ b/source4/libcli/raw/raweas.c @@ -243,9 +243,12 @@ NTSTATUS ea_pull_list_chained(const DATA_BLOB *blob, return NT_STATUS_INVALID_PARAMETER; } - ofs += next_ofs; + if (ofs + next_ofs ofs) { + return NT_STATUS_INVALID_PARAMETER; + } - if (ofs+4 blob-length) { + ofs += next_ofs; + if (ofs+4 blob-length || ofs+4 ofs) { return NT_STATUS_INVALID_PARAMETER; } n++; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via b085c39 Fix bug 9678 - Windows 8 Roaming profiles fail via 326ebbd security.idl: add new security_secinfo bits from cb48b06 WHATSNEW: Start release notes for Samba 3.6.18. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit b085c39d9e39d305b715fd73c267eff0fc5fd4c4 Author: Gregor Beck gb...@sernet.de Date: Thu Aug 1 14:16:24 2013 +0200 Fix bug 9678 - Windows 8 Roaming profiles fail Windows 8 tries to set 'ATTRIBUTE_SECURITY_INFORMATION' on some dirs. Ignoring it makes roaming profiles work again. Just like w2k3 gracefully ignore all the other bits. Signed-off-by: Gregor Beck gb...@sernet.de commit 326ebbdaca4d13fa498779f960a202955531576b Author: Gregor Beck gb...@sernet.de Date: Wed Jul 31 15:28:51 2013 +0200 security.idl: add new security_secinfo bits [MS-DTYP].pdf 2.4.7 Signed-off-by: Gregor Beck gb...@sernet.de --- Summary of changes: librpc/idl/security.idl |3 +++ source3/smbd/nttrans.c |9 ++--- 2 files changed, 5 insertions(+), 7 deletions(-) Changeset truncated at 500 lines: diff --git a/librpc/idl/security.idl b/librpc/idl/security.idl index 696d5a5..0ea79a3 100644 --- a/librpc/idl/security.idl +++ b/librpc/idl/security.idl @@ -593,6 +593,9 @@ interface security SECINFO_DACL = 0x0004, SECINFO_SACL = 0x0008, SECINFO_LABEL= 0x0010, + SECINFO_ATTRIBUTE= 0x0020, + SECINFO_SCOPE= 0x0040, + SECINFO_BACKUP = 0x0001, SECINFO_UNPROTECTED_SACL = 0x1000, SECINFO_UNPROTECTED_DACL = 0x2000, SECINFO_PROTECTED_SACL = 0x4000, diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index 5fc3a09..a884b2f 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -885,13 +885,8 @@ NTSTATUS set_sd(files_struct *fsp, struct security_descriptor *psd, /* Ensure we have at least one thing set. */ if ((security_info_sent (SECINFO_OWNER|SECINFO_GROUP|SECINFO_DACL|SECINFO_SACL)) == 0) { - if (security_info_sent SECINFO_LABEL) { - /* Only consider SECINFO_LABEL if no other - bits are set. Just like W2K3 we don't - store this. */ - return NT_STATUS_OK; - } - return NT_STATUS_INVALID_PARAMETER; + /* Just like W2K3 */ + return NT_STATUS_OK; } /* Ensure we have the rights to do this. */ -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via c358417 Fix bug 9678 - Windows 8 Roaming profiles fail via 2d6b4f0 security.idl: add new security_secinfo bits from f5bd128 VERSION: Bump version number up to 4.0.9. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit c358417214920a85736ffaaa8f4c8101ef26b0d3 Author: Gregor Beck gb...@sernet.de Date: Thu Aug 1 14:16:24 2013 +0200 Fix bug 9678 - Windows 8 Roaming profiles fail Windows 8 tries to set 'ATTRIBUTE_SECURITY_INFORMATION' on some dirs. Ignoring it makes roaming profiles work again. Just like w2k3 gracefully ignore all the other bits. Signed-off-by: Gregor Beck gb...@sernet.de Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Mon Aug 5 22:00:52 CEST 2013 on sn-devel-104 commit 2d6b4f0525966050c9f028a82c74a1da3c60658a Author: Gregor Beck gb...@sernet.de Date: Wed Jul 31 15:28:51 2013 +0200 security.idl: add new security_secinfo bits [MS-DTYP].pdf 2.4.7 Signed-off-by: Gregor Beck gb...@sernet.de --- Summary of changes: librpc/idl/security.idl |3 +++ source3/smbd/nttrans.c |9 ++--- 2 files changed, 5 insertions(+), 7 deletions(-) Changeset truncated at 500 lines: diff --git a/librpc/idl/security.idl b/librpc/idl/security.idl index 33085c4..4f0e900 100644 --- a/librpc/idl/security.idl +++ b/librpc/idl/security.idl @@ -600,6 +600,9 @@ interface security SECINFO_DACL = 0x0004, SECINFO_SACL = 0x0008, SECINFO_LABEL= 0x0010, + SECINFO_ATTRIBUTE= 0x0020, + SECINFO_SCOPE= 0x0040, + SECINFO_BACKUP = 0x0001, SECINFO_UNPROTECTED_SACL = 0x1000, SECINFO_UNPROTECTED_DACL = 0x2000, SECINFO_PROTECTED_SACL = 0x4000, diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index f70fb36..5595af2 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -889,13 +889,8 @@ NTSTATUS set_sd(files_struct *fsp, struct security_descriptor *psd, /* Ensure we have at least one thing set. */ if ((security_info_sent (SECINFO_OWNER|SECINFO_GROUP|SECINFO_DACL|SECINFO_SACL)) == 0) { - if (security_info_sent SECINFO_LABEL) { - /* Only consider SECINFO_LABEL if no other - bits are set. Just like W2K3 we don't - store this. */ - return NT_STATUS_OK; - } - return NT_STATUS_INVALID_PARAMETER; + /* Just like W2K3 */ + return NT_STATUS_OK; } /* Ensure we have the rights to do this. */ -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-1-test updated
The branch, v4-1-test has been updated via 4bf25ec nsswitch: Add OPT_KRB5CCNAME to avoid an error message. via 597846c s3: Remove old mode special substitution. via 1ed811b s4:server: avoid calling into nss_winbind from within 'samba' via 8925c93 s4:rpc_server: make sure we don't terminate a connection with pending requests (bug #9820) via 3f86c28 s4-winbindd: Do not terminate a connection that is still pending (bug #9820) via 8e4d407 service_stream: Log if the connection termination is deferred or not (bug #9820) via 30b8af7 Fix bug 9678 - Windows 8 Roaming profiles fail via 2b6a6fd security.idl: add new security_secinfo bits via 34e6d50 samba-tool dbcheck: Correctly remove deleted DNs in dbcheck via d0e3791 dsdb: Include MS-ADTS doc references on deleted object contstraints via 0a2a985 dsdb tests: Add member/memberOf checking to delete_objects testing via 7004a3d dsdb: Improve DRS deleted link source/target handing in repl_meta_data via d6e1e12 dsdb: Ensure we always force deleted objects back under the deleted objects DN via 042b3e5 dsdb/repl_meta_data: split out replmd_deletion_state() via 20d8a33 dsdb: Prune deleted objects of links and extra attributes of replicated deletes via a0a3b58 torture/drs: Expand an error message to aid debugging via 071b36b dsdb/samdb: use RECYCLED it implies DELETED... via 55f0779 selftest: ensure samba4.rpc.samr.large-dc.two.samr.many is always tested via 8cbc577 rpc_server-drsuapi: Improve comments and DEBUG lines via 5acbbd7 dsdb: Add assert in drepl_take_FSMO_role via 498c92d selftest: Ensure the DC has started and and got a RID set before we proceed via 6287ac3 dsdb-ridalloc: Rework ridalloc to return error strings where RID allocation fails via e97dfe2 dsdb: Rework subtree_rename module to use recursive LDB_SCOPE_ONELEVEL searches via 75ef73f dsdb-descriptor: Do not do a subtree search unless we have child entries via c4c3d7f Fix bug #10010 - Missing integer wrap protection in EA list reading can cause server to loop with DOS. via 2036f25 Fix bug #10010 - Missing integer wrap protection in EA list reading can cause server to loop with DOS. from 216b3f4 s4-lib/socket: Allocate a the larger sockaddr_un and not just a sockaddr_in in unixdom_get_my_addr() http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-1-test - Log - commit 4bf25ec6a10a458e29e98341a97848c9590502ad Author: Andreas Schneider a...@samba.org Date: Fri Jul 26 15:36:02 2013 +0200 nsswitch: Add OPT_KRB5CCNAME to avoid an error message. BUG: https://bugzilla.samba.org/show_bug.cgi?id=10048 Reviewed-by: Günther Deschner g...@samba.org Autobuild-User(master): Andreas Schneider a...@cryptomilk.org Autobuild-Date(master): Fri Jul 26 17:40:26 CEST 2013 on sn-devel-104 Autobuild-User(v4-1-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-1-test): Mon Aug 5 22:14:36 CEST 2013 on sn-devel-104 commit 597846ca89fe83dbd9c7875e31db185fb34e7e41 Author: Alexander Werth alexander.we...@de.ibm.com Date: Tue Jul 9 17:14:08 2013 +0200 s3: Remove old mode special substitution. The mode special substitution now happens in a separate function. The substitution at this point is unnecessary. Reviewed-by: Andrew Bartlett abart...@samba.org Reviewed-by: Christian Ambach a...@samba.org Autobuild-User(master): Christian Ambach a...@samba.org Autobuild-Date(master): Tue Jul 16 00:52:26 CEST 2013 on sn-devel-104 (cherry picked from commit 9b2aa351ceb756d6ea63f3158f0e983ae7262da8) Fix bug #10045 - Remove a redundant inlined substitution of ACLs. commit 1ed811b598618421fb4ce4ba0677802fb52a65f9 Author: Stefan Metzmacher me...@samba.org Date: Wed Jul 10 14:48:18 2013 +0200 s4:server: avoid calling into nss_winbind from within 'samba' The most important part is that the 'winbind_server' doesn't recurse into itself. This could happen if the krb5 libraries call getlogin(). As we may run in single process mode, we need to set _NO_WINBINDD=1 everywhere, the only exception is the forked 'smbd'. Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Wed Jul 10 23:18:06 CEST 2013 on sn-devel-104 (cherry picked from commit 596b51c666e549fb518d92931d8837922154a2fe) The last 4 patches address bug #9820 - crash of winbind after ls -l /usr/local/samba/var/locks/sysvol. commit 8925c93f3e1df4886554340ef2edd3d3c81d5ecf Author: Stefan Metzmacher me...@samba.org Date: Tue Jul 9 16:38:59 2013 +0200 s4:rpc_server: make sure we don't
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 0602009 pyldb: decrement ref counters on py_results and quiet warnings from c4cba82 Fix bug #10010 - Missing integer wrap protection in EA list reading can cause server to loop with DOS. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 0602009b999142187d74b74be13de8c7f64c7b24 Author: Matthieu Patou m...@matws.net Date: Wed Dec 26 21:36:50 2012 -0800 pyldb: decrement ref counters on py_results and quiet warnings Signed-off-by: Matthieu Patou m...@matws.net Reviewed-by: Jelmer Vernooij jel...@samba.org Autobuild-User(master): Matthieu Patou m...@samba.org Autobuild-Date(master): Tue Aug 6 00:32:46 CEST 2013 on sn-devel-104 --- Summary of changes: lib/ldb/pyldb.c |4 1 files changed, 4 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/ldb/pyldb.c b/lib/ldb/pyldb.c index 8c9d6b9..ec6c7d0 100644 --- a/lib/ldb/pyldb.c +++ b/lib/ldb/pyldb.c @@ -3088,6 +3088,8 @@ static int py_module_request(struct ldb_module *mod, struct ldb_request *req) py_result = PyObject_CallMethod(py_ldb, discard_const_p(char, request), discard_const_p(char, )); + Py_XDECREF(py_result); + return LDB_ERR_OPERATIONS_ERROR; } @@ -3099,6 +3101,8 @@ static int py_module_extended(struct ldb_module *mod, struct ldb_request *req) py_result = PyObject_CallMethod(py_ldb, discard_const_p(char, extended), discard_const_p(char, )); + Py_XDECREF(py_result); + return LDB_ERR_OPERATIONS_ERROR; } -- Samba Shared Repository
autobuild: intermittent test failure detected
The autobuild test system has detected an intermittent failing test in the current master tree. The autobuild log of the failure is available here: http://git.samba.org/autobuild.flakey/2013-08-06-0138/flakey.log The samba3 build logs are available here: http://git.samba.org/autobuild.flakey/2013-08-06-0138/samba3.stderr http://git.samba.org/autobuild.flakey/2013-08-06-0138/samba3.stdout The source4 build logs are available here: http://git.samba.org/autobuild.flakey/2013-08-06-0138/samba.stderr http://git.samba.org/autobuild.flakey/2013-08-06-0138/samba.stdout The top commit at the time of the failure was: commit c4cba824d9e4bb31e1b6a901e994ffdfd3ad522e Author: Jeremy Allison j...@samba.org Date: Thu Jul 11 09:36:01 2013 -0700 Fix bug #10010 - Missing integer wrap protection in EA list reading can cause server to loop with DOS. Fix client-side parsing also. Found by David Disseldorp dd...@suse.de Signed-off-by: Jeremy Allison j...@samba.org Autobuild-User(master): Karolin Seeger ksee...@samba.org Autobuild-Date(master): Mon Aug 5 14:39:04 CEST 2013 on sn-devel-104
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via eb50fb8 FSCTL_GET_SHADOW_COPY_DATA: Don't return 4 extra bytes at end via 30e724c FSCTL_GET_SHADOW_COPY_DATA: Initialize output array to zero via 270d29a s3:smbd: allow info class SMB_QUERY_FS_ATTRIBUTE_INFO to return partial data via ec46f6b s3:smbd: allow info class SMB_QUERY_FS_VOLUME_INFO to return partial data via 616777f s3:smbd: allow status code in smbd_do_qfsinfo() to be set by information class handler via a91d2b0 s3:smbd: allow GetInfo responses with STATUS_BUFFER_OVERFLOW to return partial, but valid data via a93f9c3 s3:smbd: return NT_STATUS_INFO_LENGTH_MISMATCH for GetInfo in case output_buffer_length is too small from 0602009 pyldb: decrement ref counters on py_results and quiet warnings http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit eb50fb8f3bf670bd7d1cf8fd4368ef4a73083696 Author: Christof Schmitt christof.schm...@us.ibm.com Date: Mon Aug 5 11:21:59 2013 -0700 FSCTL_GET_SHADOW_COPY_DATA: Don't return 4 extra bytes at end labels_data_count already accounts for the unicode null character at the end of the array. There is no need in adding space for it again. Signed-off-by: Christof Schmitt christof.schm...@us.ibm.com Reviewed-by: Jeremy Allison j...@samba.org Reviewed-by: Simo Sorce i...@samba.org Autobuild-User(master): Jeremy Allison j...@samba.org Autobuild-Date(master): Tue Aug 6 04:03:17 CEST 2013 on sn-devel-104 commit 30e724cbff1ecd90e5a676831902d1e41ec1b347 Author: Christof Schmitt christof.schm...@us.ibm.com Date: Mon Aug 5 11:16:22 2013 -0700 FSCTL_GET_SHADOW_COPY_DATA: Initialize output array to zero Otherwise num_volumes and the end marker can return uninitialized data to the client. Signed-off-by: Christof Schmitt christof.schm...@us.ibm.com Reviewed-by: Jeremy Allison j...@samba.org Reviewed-by: Simo Sorce i...@samba.org commit 270d29a743a030653037cb176f3764bec3c79b6c Author: Ralph Wuerthner ralph.wuerth...@de.ibm.com Date: Wed Jul 10 16:43:39 2013 +0200 s3:smbd: allow info class SMB_QUERY_FS_ATTRIBUTE_INFO to return partial data Reviewed-by: Jeremy Allison j...@samba.org Reviewed-by: Volker Lendecke volker.lende...@sernet.de commit ec46f6b91941e38dd92f8e0fb0f278592e3157b6 Author: Ralph Wuerthner ralph.wuerth...@de.ibm.com Date: Wed Jul 10 15:52:06 2013 +0200 s3:smbd: allow info class SMB_QUERY_FS_VOLUME_INFO to return partial data Reviewed-by: Jeremy Allison j...@samba.org Reviewed-by: Volker Lendecke volker.lende...@sernet.de commit 616777f029e462f53c5118d79de8c6405a5fb7c1 Author: Ralph Wuerthner ralph.wuerth...@de.ibm.com Date: Fri Jul 5 11:32:27 2013 +0200 s3:smbd: allow status code in smbd_do_qfsinfo() to be set by information class handler Reviewed-by: Jeremy Allison j...@samba.org Reviewed-by: Volker Lendecke volker.lende...@sernet.de commit a91d2b05bab329a8a9772c2c79a3b1e02933182e Author: Ralph Wuerthner ralph.wuerth...@de.ibm.com Date: Fri Jul 5 11:03:16 2013 +0200 s3:smbd: allow GetInfo responses with STATUS_BUFFER_OVERFLOW to return partial, but valid data Reviewed-by: Jeremy Allison j...@samba.org Reviewed-by: Volker Lendecke volker.lende...@sernet.de commit a93f9c3d33e442c84d0c9da7eb5d25ca4b54fc33 Author: Ralph Wuerthner ralph.wuerth...@de.ibm.com Date: Wed Jul 10 08:59:58 2013 +0200 s3:smbd: return NT_STATUS_INFO_LENGTH_MISMATCH for GetInfo in case output_buffer_length is too small Reviewed-by: Jeremy Allison j...@samba.org Reviewed-by: Volker Lendecke volker.lende...@sernet.de --- Summary of changes: source3/modules/vfs_default.c |6 +++--- source3/smbd/smb2_getinfo.c | 18 +++--- source3/smbd/trans2.c | 15 ++- 3 files changed, 32 insertions(+), 7 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/modules/vfs_default.c b/source3/modules/vfs_default.c index 82d059c..304ef37 100644 --- a/source3/modules/vfs_default.c +++ b/source3/modules/vfs_default.c @@ -1141,7 +1141,7 @@ static NTSTATUS vfswrap_fsctl(struct vfs_handle_struct *handle, if (!labels) { *out_len = 16; } else { - *out_len = 12 + labels_data_count + 4; + *out_len = 12 + labels_data_count; } if (max_out_len *out_len) { @@ -1151,7 +1151,7 @@ static NTSTATUS vfswrap_fsctl(struct vfs_handle_struct *handle, return NT_STATUS_BUFFER_TOO_SMALL; } - cur_pdata = talloc_array(ctx, char, *out_len); + cur_pdata = talloc_zero_array(ctx, char, *out_len); if (cur_pdata ==