[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 0dd512e s4:torture/netlogon: Test netlogon with additional attrs via 767bd6a s4:torture/ldap: Add test for netlogon over tcp via e306250 libcli/cldap: Add utility to create netlogon filter via 68ebb09 s4:dsdb: Move cldap netlogon functions into samdb/ldb_modules via 7106dcf s4:cldap_server: Do not handle netlogon ourself anymore via 0620c79 s4:dsdb/rootdse: Support netlogon request via 7a5a625 s4:dsdb/rootdse: Pass rootdse context to rootdse_add_dynamic via 3721274 s4:cldap_server: Move netlogon parsing into utility function via ca8acb6 provision: Fix string replacement ordering via 32ee231 s4:torture/cldap: Fix a typo from 490418d gpo: Fix CID 1034880 Resource leak http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 0dd512eead6dc999511e9e21f5304a224653db85 Author: Benjamin Franzke Date: Thu Oct 31 21:23:57 2013 +0100 s4:torture/netlogon: Test netlogon with additional attrs Reviewed-by: Andrew Bartlett Reviewed-by: Nadezhda Ivanova se enter the commit message for your changes. Lines starting Autobuild-User(master): Andrew Bartlett Autobuild-Date(master): Tue Nov 12 00:57:19 CET 2013 on sn-devel-104 commit 767bd6a4d49efce1c554bb0bc8130d74331b0bd8 Author: Benjamin Franzke Date: Mon Oct 28 14:21:20 2013 +0100 s4:torture/ldap: Add test for netlogon over tcp This patch moves the udp netlogon tests from cldap.c to netlogon.c and passes a generic netlogon-send function as parameter. Therefore a tcp replacement for cldap_netlogon is also added. The two variants tcp and udp are added as 2 new torture tests: ldap.netlogon-udp & ldap.netlogon-tcp Both tests succeed. Reviewed-by: Andrew Bartlett Reviewed-by: Nadezhda Ivanova commit e306250a250d20a43cbe4c72ece34ebd475fa39c Author: Benjamin Franzke Date: Mon Oct 28 14:19:57 2013 +0100 libcli/cldap: Add utility to create netlogon filter This utility is splitted of from cldap_netlogon_send. Reviewed-by: Andrew Bartlett Reviewed-by: Nadezhda Ivanova commit 68ebb09193e73cff4389ccb9e3b190b12ee0a84a Author: Benjamin Franzke Date: Tue Nov 5 20:39:56 2013 +0100 s4:dsdb: Move cldap netlogon functions into samdb/ldb_modules As netlogon is handled by the samdb now, the corresponding functions should live there as well. Reviewed-by: Andrew Bartlett Reviewed-by: Nadezhda Ivanova commit 7106dcf2b8525ec653f24e417d846f9d00172b6d Author: Benjamin Franzke Date: Fri Nov 1 10:52:02 2013 +0100 s4:cldap_server: Do not handle netlogon ourself anymore Netlogon is now handled by the ldb rootdse module. The netlogon files will be moved to dsdb in the next commit. Reviewed-by: Andrew Bartlett Reviewed-by: Nadezhda Ivanova commit 0620c79d76b69811fd6c00d912db05477d894724 Author: Benjamin Franzke Date: Sun Oct 27 06:55:48 2013 +0100 s4:dsdb/rootdse: Support netlogon request This patch adds support for a netlogon ldap style request over the tcp socket. This is available since win2k3+ [1]. The automatic client join & configuration daemon "realmd" makes use of this ability. Realmd can now be used to join a computer to a samba 4 domain. (See also: https://lists.samba.org/archive/samba-technical/2013-October/095606.html) Tested with: ldapsearch -h samba-srv -x -b '' -s base "(&(NtVer=\06\00\00\00)(AAC=\00\00\00\00))" NetLogon And compared the result in wireshark with cldap request issued by examples/misc/cldap.pl. [1]: http://wiki.wireshark.org/MS-CLDAP?action=recall&rev=8 Reviewed-by: Andrew Bartlett Reviewed-by: Nadezhda Ivanova commit 7a5a62547bc10053fb1e4850e0acacb6a837f36f Author: Benjamin Franzke Date: Fri Nov 1 06:55:41 2013 +0100 s4:dsdb/rootdse: Pass rootdse context to rootdse_add_dynamic This replaced the *module parameter, and uses ac->module in the function instead, same for *req and *attrs. Reviewed-by: Andrew Bartlett Reviewed-by: Nadezhda Ivanova commit 372127416825a8a947cd976f8a4165611c006c43 Author: Benjamin Franzke Date: Sun Oct 27 16:07:04 2013 +0100 s4:cldap_server: Move netlogon parsing into utility function To be used later by netlogon-request over ldap. Reviewed-by: Andrew Bartlett Reviewed-by: Nadezhda Ivanova commit ca8acb681a1ccaddf85376ff30c9b13b1a4c943d Author: Benjamin Franzke Date: Fri Sep 6 16:20:43 2013 +0200 provision: Fix string replacement ordering Reviewed-by: Andrew Bartlett Reviewed-by: Nadezhda Ivanova commit 32ee231da590d7b8aee74728a423b282ae845bce Author: Benjamin Franzke Date: Fri Nov 1 10:24:43 2013 +0100 s4:torture/cldap: Fix a typ
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 490418d gpo: Fix CID 1034880 Resource leak via 4d97b5d gpo: Fix CID 1034881 Resource leak via b7420e4 ntvfs: Fix CID 1034883 Resource leak via 1444280 backupkey: Fix CID 1034885 Resource leak via 0e19812 smbd: Fix CID 1035365 Buffer not null terminated via 2a73a49 smbd: Fix CID 1035366 Buffer not null terminated via a60f513 smbd: Use fstring in conn_tdb.c via 3b8c3e5 smbd: Use fstring in conn_tdb.h via ea83ac6 smbd: Fix CID 1035478 Negative array index read via df8dff7 samdb: Fix CID 241968 Uninitialized pointer read via c6ca14a heimdal: Fix 241482 Resource leak via d2731ad ldb: Fix CID 241329 Array compared against 0 via 6b7b007 libsmb: Fix CID 241313 Array compared against 0 via c85deee smbd: Fix CID 1035434 Same on both sides via 43ac7e8 iniparser: Fix CID 241908 Copy into fixed size buffer via 1cae867 libsmb: Fix CID 1127343 Dead default in switch via 70dbb89 netapi: Fix CID 1127344 Uninitialized scalar variable via 4ddb9cf net: Fix CID 1035403 Unchecked return value via 55b0a16 registry: Fix Coverity ID 1034918 Wrong sizeof argument via ba370ae registry: Fix Coverity ID 1034917 Wrong sizeof argument via 4e80a30 registry: Fix Coverity ID 1034916 Wrong sizeof argument via 0c8d5df dsdb: Fix Coverity ID 1034907 Dereference before null check via 096358f oLschema2ldif: Add some NULL checks from 97bbd63 s4:torture:smb2: add new lease.upgrade3 test to test the contended upgrade http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 490418d6363d2735cd1d801f7b2bb804eb85b197 Author: Volker Lendecke Date: Sun Nov 10 19:45:11 2013 +0100 gpo: Fix CID 1034880 Resource leak Signed-off-by: Volker Lendecke Reviewed-by: Ira Cooper Autobuild-User(master): Ira Cooper Autobuild-Date(master): Mon Nov 11 22:59:10 CET 2013 on sn-devel-104 commit 4d97b5dcca827d6767857182772f4ced0fdd5da7 Author: Volker Lendecke Date: Sun Nov 10 19:43:48 2013 +0100 gpo: Fix CID 1034881 Resource leak Signed-off-by: Volker Lendecke Reviewed-by: Ira Cooper commit b7420e44b1f7e0e0f54cf9f329981bacf839f7c9 Author: Volker Lendecke Date: Sun Nov 10 19:41:15 2013 +0100 ntvfs: Fix CID 1034883 Resource leak Signed-off-by: Volker Lendecke Reviewed-by: Ira Cooper commit 144428058a73b059d7389915e310ff48fd591e59 Author: Volker Lendecke Date: Sun Nov 10 19:34:31 2013 +0100 backupkey: Fix CID 1034885 Resource leak Signed-off-by: Volker Lendecke Reviewed-by: Ira Cooper commit 0e19812782cd7a937de028494160ed3f5e8bac88 Author: Volker Lendecke Date: Sun Nov 10 11:58:58 2013 +0100 smbd: Fix CID 1035365 Buffer not null terminated Signed-off-by: Volker Lendecke Reviewed-by: Ira Cooper commit 2a73a4985eb4a7fcd5dc31aee66dfcd0d305d94b Author: Volker Lendecke Date: Sun Nov 10 11:57:37 2013 +0100 smbd: Fix CID 1035366 Buffer not null terminated Signed-off-by: Volker Lendecke Reviewed-by: Ira Cooper commit a60f513e896c35bf21eb54456f38771152611e81 Author: Volker Lendecke Date: Sun Nov 10 11:56:06 2013 +0100 smbd: Use fstring in conn_tdb.c It might be legacy, but as long as we have it, we can make use of it. Signed-off-by: Volker Lendecke Reviewed-by: Ira Cooper commit 3b8c3e5dde9a5324eb82496f036d3a88349c3894 Author: Volker Lendecke Date: Sun Nov 10 11:56:06 2013 +0100 smbd: Use fstring in conn_tdb.h It might be legacy, but as long as we have it, we can make use of it. Signed-off-by: Volker Lendecke Reviewed-by: Ira Cooper commit ea83ac6b0142e99b514f7c4a3a4b038c2e409a8d Author: Volker Lendecke Date: Sun Nov 10 11:48:17 2013 +0100 smbd: Fix CID 1035478 Negative array index read lp_parm_enum can return -1. Add error checking. Signed-off-by: Volker Lendecke Reviewed-by: Ira Cooper commit df8dff7dd27459dad337e66f3e2f75c47e28cc8c Author: Volker Lendecke Date: Sun Nov 10 10:06:18 2013 +0100 samdb: Fix CID 241968 Uninitialized pointer read Interestingly gcc does not catch this at all. Signed-off-by: Volker Lendecke Reviewed-by: Ira Cooper commit c6ca14a78b52eabc70f338d136a93ea9ff4e51e4 Author: Volker Lendecke Date: Sun Nov 10 09:45:38 2013 +0100 heimdal: Fix 241482 Resource leak Signed-off-by: Volker Lendecke Reviewed-by: Ira Cooper commit d2731ad5aae9f1fb8c1c6a65a61ef787e993b248 Author: Volker Lendecke Date: Sat Nov 9 21:29:24 2013 +0100 ldb: Fix CID 241329 Array compared against 0 u.generate.remote_names is an array, not a pointer Signed-off-by: Volker Lendecke Reviewed-by: Ira Cooper commit 6b7b007a67ce8ec4e2979f09ba1bdea903116924
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 97bbd63 s4:torture:smb2: add new lease.upgrade3 test to test the
contended upgrade
via 363c4ad s4:torture:smb2: add comment explaining lease upgrade in
the non-contended case
from 0eaae1a README.Coding: Add __func__
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 97bbd631d8b357e0392209052872be2f67255f29
Author: Michael Adam
Date: Tue Nov 5 18:17:58 2013 +0100
s4:torture:smb2: add new lease.upgrade3 test to test the contended upgrade
Test what upgrades work when there is another lease already held,
in addition to the lease to be upgraded.
The summary of the behaviour is this:
-
If we have two leases (lease1 and lease2) on the same file,
then attempt to upgrade lease1 results in a change if and only
if the requested lease state:
- is valid,
- is strictly a superset of lease1, and
- can held together with lease2.
In that case, the resuling lease state of the upgraded lease1
is the state requested in the upgrade. lease2 is not broken
and remains unchanged.
Note that this contrasts the case of directly opening with
an initial requested lease state, in which case you get that
portion of the requested state that can be shared with the
already existing leases (or the states that they get broken to).
Signed-off-by: Michael Adam
Reviewed-by: David Disseldorp
Autobuild-User(master): David Disseldorp
Autobuild-Date(master): Mon Nov 11 18:04:47 CET 2013 on sn-devel-104
commit 363c4ade52b36a986b2e7bd35563459d8fd49485
Author: Michael Adam
Date: Tue Nov 5 18:10:25 2013 +0100
s4:torture:smb2: add comment explaining lease upgrade in the non-contended
case
The summary of the behaviour is this:
-
An uncontended lease upgrade results in a change
if and only if the requested lease state is
- valid, and
- strictly a superset of the lease state already held.
In that case the resulting lease state is the one
requested in the upgrade.
Signed-off-by: Michael Adam
Reviewed-by: David Disseldorp
---
Summary of changes:
source4/torture/smb2/lease.c | 154 ++
1 files changed, 154 insertions(+), 0 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/torture/smb2/lease.c b/source4/torture/smb2/lease.c
index 992c21b..045f994 100644
--- a/source4/torture/smb2/lease.c
+++ b/source4/torture/smb2/lease.c
@@ -262,6 +262,17 @@ static bool test_lease_upgrade(struct torture_context
*tctx,
/**
* upgrade2 test.
* full matrix of lease upgrade combinations
+ * (non-contended case)
+ *
+ * The summary of the behaviour is this:
+ * -
+ * An uncontended lease upgrade results in a change
+ * if and only if the requested lease state is
+ * - valid, and
+ * - strictly a superset of the lease state already held.
+ *
+ * In that case the resulting lease state is the one
+ * requested in the upgrade.
*/
struct lease_upgrade2_test {
const char *initial;
@@ -438,6 +449,148 @@ static bool torture_lease_handler(struct smb2_transport
*transport,
return true;
}
+/**
+ * upgrade3:
+ * full matrix of lease upgrade combinations
+ * (contended case)
+ *
+ * We start with 2 leases, and check how one can
+ * be upgraded
+ *
+ * The summary of the behaviour is this:
+ * -
+ *
+ * If we have two leases (lease1 and lease2) on the same file,
+ * then attempt to upgrade lease1 results in a change if and only
+ * if the requested lease state:
+ * - is valid,
+ * - is strictly a superset of lease1, and
+ * - can held together with lease2.
+ *
+ * In that case, the resuling lease state of the upgraded lease1
+ * is the state requested in the upgrade. lease2 is not broken
+ * and remains unchanged.
+ *
+ * Note that this contrasts the case of directly opening with
+ * an initial requested lease state, in which case you get that
+ * portion of the requested state that can be shared with the
+ * already existing leases (or the states that they get broken to).
+ */
+struct lease_upgrade3_test {
+ const char *held1;
+ const char *held2;
+ const char *upgrade_to;
+ const char *upgraded_to;
+};
+
+#define NUM_UPGRADE3_TESTS ( 20 )
+struct lease_upgrade3_test lease_upgrade3_tests[NUM_UPGRADE3_TESTS] = {
+ {"R", "R", "", "R" },
+ {"R", "R", "R", "R" },
+ {"R", "R", "RW", "R" },
+ {"R", "R", "RH", "RH" },
+ {"R", "R", "RHW", "R" },
+
+ {"R", "RH", "", "R" },
+ {"R", "RH", "R", "R" },
+ {"R", "RH", "RW", "R" },
+ {"R", "RH", "RH", "RH" },
+ {"R", "RH"
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 0eaae1a README.Coding: Add __func__
via bbb5f66 smbd: Fix DEBUG in do_break_to_none
from 22af043 CVE-2013-4476: s4:libtls: check for safe permissions of tls
private key file (key.pem)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 0eaae1a87fee60675d8d9f48f8a5f5cb583f0e14
Author: Volker Lendecke
Date: Fri Nov 1 12:04:38 2013 +
README.Coding: Add __func__
Signed-off-by: Volker Lendecke
Reviewed-by: Michael Adam
Autobuild-User(master): Michael Adam
Autobuild-Date(master): Mon Nov 11 16:08:09 CET 2013 on sn-devel-104
commit bbb5f66bcd4f096f7b1281e4fda6fdb488f064bc
Author: Volker Lendecke
Date: Fri Nov 1 11:55:43 2013 +
smbd: Fix DEBUG in do_break_to_none
The name of this function has changed, but the DEBUG statements have
not been adapted. This is the case in a lot of our code. With __func__
this problem goes away: __func__ is C99, and we also use it already.
Signed-off-by: Volker Lendecke
Reviewed-by: Michael Adam
---
Summary of changes:
README.Coding | 14 ++
source3/smbd/oplock.c | 14 ++
2 files changed, 20 insertions(+), 8 deletions(-)
Changeset truncated at 500 lines:
diff --git a/README.Coding b/README.Coding
index 956a733..107856e 100644
--- a/README.Coding
+++ b/README.Coding
@@ -377,3 +377,17 @@ do not use them in new code.
The only exception is the test code that depends repeated use of calls
like CHECK_STATUS, CHECK_VAL and others.
+
+
+Function names in DEBUG statements
+--
+
+Many DEBUG statements contain the name of the function they appear in. This is
+not a good idea, as this is prone to bitrot. Function names change, code
+moves, but the DEBUG statements are not adapted. Use %s and __func__ for this:
+
+Bad Example:
+ DEBUG(0, ("strstr_m: src malloc fail\n"));
+
+Good Example:
+ DEBUG(0, ("%s: src malloc fail\n", __func__));
diff --git a/source3/smbd/oplock.c b/source3/smbd/oplock.c
index b5d6b54..312855d 100644
--- a/source3/smbd/oplock.c
+++ b/source3/smbd/oplock.c
@@ -644,13 +644,12 @@ static void do_break_to_none(struct tevent_context *ctx,
lck = get_existing_share_mode_lock(talloc_tos(), state->id);
if (lck == NULL) {
- DEBUG(1, ("release_level_2_oplocks_on_change: failed to lock "
- "share mode entry for file %s.\n",
- file_id_string_tos(&state->id)));
+ DEBUG(1, ("%s: failed to lock share mode entry for file %s.\n",
+ __func__, file_id_string_tos(&state->id)));
goto done;
}
- DEBUG(10,("release_level_2_oplocks_on_change: num_share_modes = %d\n",
+ DEBUG(10,("%s: num_share_modes = %d\n", __func__,
lck->data->num_share_modes ));
for(i = 0; i < lck->data->num_share_modes; i++) {
@@ -672,8 +671,7 @@ static void do_break_to_none(struct tevent_context *ctx,
* NO_OPLOCK states. JRA.
*/
- DEBUG(10,("release_level_2_oplocks_on_change: "
- "share_entry[%i]->op_type == %d\n",
+ DEBUG(10,("%s: share_entry[%i]->op_type == %d\n", __func__,
i, share_entry->op_type ));
if (share_entry->op_type == NO_OPLOCK) {
@@ -682,9 +680,9 @@ static void do_break_to_none(struct tevent_context *ctx,
/* Paranoia */
if (EXCLUSIVE_OPLOCK_TYPE(share_entry->op_type)) {
- DEBUG(0,("release_level_2_oplocks_on_change: PANIC. "
+ DEBUG(0,("%s: PANIC. "
"share mode entry %d is an exlusive "
-"oplock !\n", i ));
+"oplock !\n", __func__, i ));
TALLOC_FREE(lck);
abort();
}
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 22af043 CVE-2013-4476: s4:libtls: check for safe permissions of tls
private key file (key.pem)
via e0248cd CVE-2013-4476: s4:libtls: Create tls private key file
(key.pem) with mode 0600
via cf29fb2 CVE-2013-4476: selftest/Samba4: use umask 0077 within
mk_keyblobs()
via 83a3ae1 CVE-2013-4476: samba-tool provision: create
${private_dir}/tls with mode 0700
via 63d98ed CVE-2013-4476: lib-util: split out file_save_mode() from
file_save()
via 8eae8d2 CVE-2013-4476: lib-util: add file_check_permissions()
from 374b2cf xattr: fix listing EAs on *BSD for non-root users
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 22af043d2f20760f27150d7d469c7c7b944c6b55
Author: Björn Baumbach
Date: Tue Oct 29 17:53:59 2013 +0100
CVE-2013-4476: s4:libtls: check for safe permissions of tls private key
file (key.pem)
If the tls key is not owned by root or has not mode 0600 samba will not
start up.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234
Pair-Programmed-With: Stefan Metzmacher
Signed-off-by: Björn Baumbach
Signed-off-by: Stefan Metzmacher
Reviewed-by: Stefan Metzmacher
Autobuild-User(master): Karolin Seeger
Autobuild-Date(master): Mon Nov 11 13:07:16 CET 2013 on sn-devel-104
commit e0248cde8dcd82f348218665f5edd6b30cd3ef1f
Author: Björn Baumbach
Date: Tue Oct 29 17:52:39 2013 +0100
CVE-2013-4476: s4:libtls: Create tls private key file (key.pem) with mode
0600
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234
Signed-off-by: Björn Baumbach
Reviewed-by: Stefan Metzmacher
commit cf29fb2cf4727466ccbd6f0ca8d5d4cb75666d99
Author: Stefan Metzmacher
Date: Wed Oct 30 14:48:36 2013 +0100
CVE-2013-4476: selftest/Samba4: use umask 0077 within mk_keyblobs()
We should generate private keys with 0600.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234
Pair-Programmed-With: Björn Baumbach
Signed-off-by: Stefan Metzmacher
Signed-off-by: Björn Baumbach
Reviewed-by: Stefan Metzmacher
commit 83a3ae18ddb945defc3a2f1d5ca2fb743fa43724
Author: Björn Baumbach
Date: Tue Oct 29 17:49:55 2013 +0100
CVE-2013-4476: samba-tool provision: create ${private_dir}/tls with mode
0700
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234
Signed-off-by: Björn Baumbach
Reviewed-by: Stefan Metzmacher
commit 63d98ed90466295d0e946f79868d3d7aad6e7589
Author: Björn Baumbach
Date: Tue Oct 29 17:48:11 2013 +0100
CVE-2013-4476: lib-util: split out file_save_mode() from file_save()
file_save_mode() writes files with specified mode.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234
Signed-off-by: Björn Baumbach
Reviewed-by: Stefan Metzmacher
commit 8eae8d28bce2c3f6a323d3dc48ed10c2e6bb1ba5
Author: Björn Baumbach
Date: Tue Oct 29 17:43:17 2013 +0100
CVE-2013-4476: lib-util: add file_check_permissions()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234
Signed-off-by: Björn Baumbach
Reviewed-by: Stefan Metzmacher
---
Summary of changes:
lib/util/samba_util.h | 11 +
lib/util/util.c| 44
lib/util/util_file.c | 16 +
python/samba/provision/__init__.py |2 +-
selftest/target/Samba4.pm |6 -
source4/lib/tls/tls.c | 17 ++
source4/lib/tls/tls_tstream.c | 16 +
source4/lib/tls/tlscert.c |2 +-
8 files changed, 106 insertions(+), 8 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/util/samba_util.h b/lib/util/samba_util.h
index 89aa9aa..243ed3e 100644
--- a/lib/util/samba_util.h
+++ b/lib/util/samba_util.h
@@ -580,6 +580,8 @@ a line
**/
_PUBLIC_ void file_lines_slashcont(char **lines);
+_PUBLIC_ bool file_save_mode(const char *fname, const void *packet,
+size_t length, mode_t mode);
/**
save a lump of data into a file. Mostly used for debugging
*/
@@ -623,6 +625,15 @@ _PUBLIC_ time_t file_modtime(const char *fname);
_PUBLIC_ bool directory_exist(const char *dname);
/**
+ Check file permissions.
+**/
+struct stat;
+_PUBLIC_ bool file_check_permissions(const char *fname,
+uid_t uid,
+mode_t file_perms,
+struct stat *pst);
+
+/**
* Try to create the specified directory if it didn't exist.
*
* @retval true if the directory already existed and has the right permissions
diff --git a/lib/util/util.c b/lib/util/util.c
index f0ed7f6..3e9047c 100644
--- a/lib/util/util.c
+++ b/lib/util/util.c
[SCM] Samba Shared Repository - branch v3-6-stable updated
The branch, v3-6-stable has been updated via f9dd9ce VERSION: Bump version up to 3.6.21. from 12598a7 WHATSNEW: Add release notes for Samba 3.6.20. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-stable - Log - commit f9dd9ce298e2bbddfebee62a884f6d63fc2c4ab1 Author: Karolin Seeger Date: Mon Nov 11 11:53:00 2013 +0100 VERSION: Bump version up to 3.6.21. Signed-off-by: Karolin Seeger (cherry picked from commit c2287276eb6533586ca1eac8b445ac1f93bcee98) --- Summary of changes: source3/VERSION |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/VERSION b/source3/VERSION index 7d97b56..8d054f4 100644 --- a/source3/VERSION +++ b/source3/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=3 SAMBA_VERSION_MINOR=6 -SAMBA_VERSION_RELEASE=20 +SAMBA_VERSION_RELEASE=21 # Bug fix releases use a letter for the patch revision # -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via c228727 VERSION: Bump version up to 3.6.21. via ff2ec0f WHATSNEW: Add release notes for Samba 3.6.20. via 22b6c3c Fix bug #10229 - No access check verification on stream files. from 906db4f Fix bug #10118 - Samba is chatty about being unable to open a printer. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit c2287276eb6533586ca1eac8b445ac1f93bcee98 Author: Karolin Seeger Date: Mon Nov 11 11:53:00 2013 +0100 VERSION: Bump version up to 3.6.21. Signed-off-by: Karolin Seeger commit ff2ec0f117ce213ec1d7718730b15a05f3789694 Author: Karolin Seeger Date: Thu Nov 7 12:49:34 2013 +0100 WHATSNEW: Add release notes for Samba 3.6.20. Bug 10235 - CVE-2013-4475: No access check verification on stream files. Signed-off-by: Karolin Seeger (cherry picked from commit 12598a76c0330ea1067c4b11b295ab3473e93f15) commit 22b6c3c449b5dd1f10bfd77a74698066b7a8e4c9 Author: Jeremy Allison Date: Thu Oct 31 13:48:42 2013 -0700 Fix bug #10229 - No access check verification on stream files. https://bugzilla.samba.org/show_bug.cgi?id=10229 We need to check if the requested access mask could be used to open the underlying file (if it existed), as we're passing in zero for the access mask to the base filename. Signed-off-by: Jeremy Allison Fix Bug #10235 - CVE-2013-4475: No access check verification on stream files. https://bugzilla.samba.org/show_bug.cgi?id=10235 (cherry picked from commit 14d48130870579541c07f5a0f64638e635ddce95) --- Summary of changes: WHATSNEW.txt| 31 + source3/VERSION |2 +- source3/smbd/open.c | 61 +++ 3 files changed, 88 insertions(+), 6 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index d30b702..d6b1ebd 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,20 +1,41 @@ == Release Notes for Samba 3.6.20 - November 06, 2013 + November 11, 2013 == -This is is the latest maintenance release of Samba 3.6. +This is a security release in order to address +CVE-2013-4475 (ACLs are not checked on opening an alternate +data stream on a file or directory). -Please note that this will probably be the last maintenance release -of the Samba 3.6 release series. With the release of Samba 4.1.0, the -3.6 release series will be turned into the "security fixes only" mode. +o CVE-2013-4475: + Samba versions 3.2.0 and above (all versions of 3.2.x, 3.3.x, + 3.4.x, 3.5.x, 3.6.x, 4.0.x and 4.1.x) do not check the underlying + file or directory ACL when opening an alternate data stream. + + According to the SMB1 and SMB2+ protocols the ACL on an underlying + file or directory should control what access is allowed to alternate + data streams that are associated with the file or directory. + + By default no version of Samba supports alternate data streams + on files or directories. + + Samba can be configured to support alternate data streams by loading + either one of two virtual file system modues (VFS) vfs_streams_depot or + vfs_streams_xattr supplied with Samba, so this bug only affects Samba + servers configured this way. + + To determine if your server is vulnerable, check for the strings + "streams_depot" or "streams_xattr" inside your smb.conf configuration + file. Changes since 3.6.19: - o Jeremy Allison +* BUGs 10234 + 10229: CVE-2013-4475: Fix access check verification on stream + files. ## diff --git a/source3/VERSION b/source3/VERSION index 59857d2..b5030d0 100644 --- a/source3/VERSION +++ b/source3/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=3 SAMBA_VERSION_MINOR=6 -SAMBA_VERSION_RELEASE=20 +SAMBA_VERSION_RELEASE=21 # Bug fix releases use a letter for the patch revision # diff --git a/source3/smbd/open.c b/source3/smbd/open.c index 447de80..441b8cd 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -152,6 +152,48 @@ NTSTATUS smbd_check_open_rights(struct connection_struct *conn, } / + Ensure when opening a base file for a stream open that we have permissions + to do so given the access mask on the base file. +/ + +static NTSTATUS check_base_file_access
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated
via 0a52101 VERSION: Bump version number up to 4.0.12...
via 98712df Merge tag 'samba-4.0.11' into v4-0-test
via a8e0112 VERSION: Disable git snapshots for the 4.0.11 release.
via 90b9835 WHATSNEW: Add release notes for Samba 4.0.11.
via 66fb9ec CVE-2013-4476: s4:libtls: check for safe permissions of tls
private key file (key.pem)
via c417cb7 CVE-2013-4476: s4:libtls: Create tls private key file
(key.pem) with mode 0600
via c1e106b CVE-2013-4476: selftest/Samba4: use umask 0077 within
mk_keyblobs()
via 367f017 CVE-2013-4476: samba-tool provision: create
${private_dir}/tls with mode 0700
via e74797c CVE-2013-4476: lib-util: split out file_save_mode() from
file_save()
via 13566a5 CVE-2013-4476: lib-util: add file_check_permissions()
via 761096f Add regression test for bug #10229 - No access check
verification on stream files.
via a6d74c4 Fix bug #10229 - No access check verification on stream
files.
from de4e721 s4-dns: dlz_bind9: Create dns-HOSTNAME account disabled
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test
- Log -
commit 0a52101416d4a4be75b2515d352137550d04b368
Author: Karolin Seeger
Date: Mon Nov 11 11:46:21 2013 +0100
VERSION: Bump version number up to 4.0.12...
and re-enable git snapshots.
Signed-off-by: Karolin Seeger
commit 98712df3ddf6cca5614f273eb21336c62a9157f7
Merge: de4e72152d83cf03e86c3531f43a9f2bed4967ac
a8e0112c7c540307e263d00306cb06f473547cea
Author: Karolin Seeger
Date: Mon Nov 11 11:45:52 2013 +0100
Merge tag 'samba-4.0.11' into v4-0-test
samba: tag release samba-4.0.11
---
Summary of changes:
VERSION|2 +-
WHATSNEW.txt | 77 +++-
lib/util/samba_util.h | 11 ++
lib/util/util.c| 44 +
lib/util/util_file.c | 16 ++-
python/samba/provision/__init__.py |2 +-
selftest/knownfail |1 +
selftest/target/Samba4.pm |6 +-
source3/smbd/open.c| 57 +++
source4/lib/tls/tls.c | 17
source4/lib/tls/tls_tstream.c | 16 +++
source4/lib/tls/tlscert.c |2 +-
source4/torture/raw/streams.c | 181
13 files changed, 421 insertions(+), 11 deletions(-)
Changeset truncated at 500 lines:
diff --git a/VERSION b/VERSION
index eb74a75..576d58f 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
SAMBA_VERSION_MAJOR=4
SAMBA_VERSION_MINOR=0
-SAMBA_VERSION_RELEASE=11
+SAMBA_VERSION_RELEASE=12
# If a official release has a serious bug #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 3b9462b..20b6e7f 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,4 +1,77 @@
==
+ Release Notes for Samba 4.0.11
+ November 11, 2013
+ ==
+
+
+This is a security release in order to address
+CVE-2013-4475 (ACLs are not checked on opening an alternate
+data stream on a file or directory) and
+CVE-2013-4476 (Private key in key.pem world readable).
+
+o CVE-2013-4475:
+ Samba versions 3.2.0 and above (all versions of 3.2.x, 3.3.x,
+ 3.4.x, 3.5.x, 3.6.x, 4.0.x and 4.1.x) do not check the underlying
+ file or directory ACL when opening an alternate data stream.
+
+ According to the SMB1 and SMB2+ protocols the ACL on an underlying
+ file or directory should control what access is allowed to alternate
+ data streams that are associated with the file or directory.
+
+ By default no version of Samba supports alternate data streams
+ on files or directories.
+
+ Samba can be configured to support alternate data streams by loading
+ either one of two virtual file system modues (VFS) vfs_streams_depot or
+ vfs_streams_xattr supplied with Samba, so this bug only affects Samba
+ servers configured this way.
+
+ To determine if your server is vulnerable, check for the strings
+ "streams_depot" or "streams_xattr" inside your smb.conf configuration
+ file.
+
+o CVE-2013-4476:
+ In setups which provide ldap(s) and/or https services, the private
+ key for SSL/TLS encryption might be world readable. This typically
+ happens in active directory domain controller setups.
+
+
+Changes since 4.0.10:
+-
+
+o Jeremy Allison
+* BUGs 10234 + 10229: CVE-2013-4475: Fix access check verification on
stream
+ files.
+
+
+o Björn Baumbach
+* BUG 10234: CVE-2013-4476: Private key in key.pem world readable.
+
+
+##
[SCM] Samba Shared Repository - branch v4-1-test updated
The branch, v4-1-test has been updated
via a52afc3 VERSION: Bump version number up to 4.1.2...
via 5e64b07 Merge tag 'samba-4.1.1' into v4-1-test
via 32d78c8 VERSION: Disable git snapshots for the 4.1.1 release.
via 07be799 WHATSNEW: Add release notes for Samba 4.1.1.
via e737fc7 CVE-2013-4476: s4:libtls: check for safe permissions of tls
private key file (key.pem)
via 2ca3eae CVE-2013-4476: s4:libtls: Create tls private key file
(key.pem) with mode 0600
via bc067d0 CVE-2013-4476: selftest/Samba4: use umask 0077 within
mk_keyblobs()
via d6988a1 CVE-2013-4476: samba-tool provision: create
${private_dir}/tls with mode 0700
via 7fc2f97 CVE-2013-4476: lib-util: split out file_save_mode() from
file_save()
via 81e5048 CVE-2013-4476: lib-util: add file_check_permissions()
via afe7ffd Add regression test for bug #10229 - No access check
verification on stream files.
via a2c4c0e Fix bug #10229 - No access check verification on stream
files.
from 6207530 s4-dns: dlz_bind9: Create dns-HOSTNAME account disabled
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-1-test
- Log -
commit a52afc34d992c7a201c0b35d9d8df1ba25260787
Author: Karolin Seeger
Date: Mon Nov 11 11:40:49 2013 +0100
VERSION: Bump version number up to 4.1.2...
and re-enable git snapshots.
Signed-off-by: Karolin Seeger
commit 5e64b0718f56181b6d70623e285f5e74096fe4af
Merge: 62075301713602612fe3eae92ce4b23e14ab8fa8
32d78c867eb259960736121146c7152934f3e6b3
Author: Karolin Seeger
Date: Mon Nov 11 11:39:35 2013 +0100
Merge tag 'samba-4.1.1' into v4-1-test
samba: tag release samba-4.1.1
---
Summary of changes:
VERSION|2 +-
WHATSNEW.txt | 73 +++
lib/util/samba_util.h | 11 ++
lib/util/util.c| 44 +
lib/util/util_file.c | 16 ++-
python/samba/provision/__init__.py |2 +-
selftest/knownfail |1 +
selftest/target/Samba4.pm |6 +-
source3/smbd/open.c| 59
source4/lib/tls/tls.c | 17
source4/lib/tls/tls_tstream.c | 16 +++
source4/lib/tls/tlscert.c |2 +-
source4/torture/raw/streams.c | 181
13 files changed, 421 insertions(+), 9 deletions(-)
Changeset truncated at 500 lines:
diff --git a/VERSION b/VERSION
index 9394c6f..28fdecb 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
SAMBA_VERSION_MAJOR=4
SAMBA_VERSION_MINOR=1
-SAMBA_VERSION_RELEASE=1
+SAMBA_VERSION_RELEASE=2
# If a official release has a serious bug #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 857a7ce..4c96f34 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,4 +1,77 @@
=
+ Release Notes for Samba 4.1.1
+ November 11, 2013
+ =
+
+
+This is a security release in order to address
+CVE-2013-4475 (ACLs are not checked on opening an alternate
+data stream on a file or directory) and
+CVE-2013-4476 (Private key in key.pem world readable).
+
+o CVE-2013-4475:
+ Samba versions 3.2.0 and above (all versions of 3.2.x, 3.3.x,
+ 3.4.x, 3.5.x, 3.6.x, 4.0.x and 4.1.x) do not check the underlying
+ file or directory ACL when opening an alternate data stream.
+
+ According to the SMB1 and SMB2+ protocols the ACL on an underlying
+ file or directory should control what access is allowed to alternate
+ data streams that are associated with the file or directory.
+
+ By default no version of Samba supports alternate data streams
+ on files or directories.
+
+ Samba can be configured to support alternate data streams by loading
+ either one of two virtual file system modues (VFS) vfs_streams_depot or
+ vfs_streams_xattr supplied with Samba, so this bug only affects Samba
+ servers configured this way.
+
+ To determine if your server is vulnerable, check for the strings
+ "streams_depot" or "streams_xattr" inside your smb.conf configuration
+ file.
+
+o CVE-2013-4476:
+ In setups which provide ldap(s) and/or https services, the private
+ key for SSL/TLS encryption might be world readable. This typically
+ happens in active directory domain controller setups.
+
+
+Changes since 4.1.0:
+
+
+o Jeremy Allison
+* BUGs 10234 + 10229: CVE-2013-4475: Fix access check verification on
stream
+ files.
+
+
+o Björn Baumbach
+* BUG 10234: CVE-2013-4476: Private key in key.pem world readable.
+
+
+##
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 4d083d7 Announce Samba 4.1.1, 4.0.11 and 3.6.20. from c400091 Remove Google Checkout as it is being discontinued. http://gitweb.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 4d083d77ec08f0b407e6e4c7968a77029e9b9d29 Author: Karolin Seeger Date: Mon Nov 11 10:35:15 2013 +0100 Announce Samba 4.1.1, 4.0.11 and 3.6.20. Signed-off-by: Karolin Seeger --- Summary of changes: generated_news/latest_10_bodies.html| 33 +--- generated_news/latest_10_headlines.html |7 +- generated_news/latest_2_bodies.html | 36 ++--- history/header_history.html |3 + history/samba-3.6.20.html | 56 + history/samba-4.0.11.html | 66 +++ history/samba-4.1.1.html| 66 +++ history/security.html | 19 + latest_stable_release.html |6 +- security/CVE-2013-4475.html | 96 ++ security/CVE-2013-4476.html | 135 +++ 11 files changed, 495 insertions(+), 28 deletions(-) create mode 100755 history/samba-3.6.20.html create mode 100755 history/samba-4.0.11.html create mode 100755 history/samba-4.1.1.html create mode 100644 security/CVE-2013-4475.html create mode 100644 security/CVE-2013-4476.html Changeset truncated at 500 lines: diff --git a/generated_news/latest_10_bodies.html b/generated_news/latest_10_bodies.html index e9145b7..64f11d8 100644 --- a/generated_news/latest_10_bodies.html +++ b/generated_news/latest_10_bodies.html @@ -1,3 +1,26 @@ + 11 November 2013 + Samba 4.1.1, 4.0.11 and 3.6.20 Security + Releases Available for Download + These are security releases in order to address + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4475";>CVE-2013-4475 + (ACLs are not checked on opening an alternate data stream on a file + or directory) and + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4476";>CVE-2013-4476 + (Private key in key.pem world readable). + + + The uncompressed tarballs and patch files have been signed + using GnuPG (ID 6568B7EA). + + The source code can be downloaded here: + http://samba.org/samba/ftp/stable/samba-4.1.1.tar.gz";>download + Samba 4.1.1, + http://samba.org/samba/ftp/stable/samba-4.0.11.tar.gz";>download + Samba 4.0.11, + http://samba.org/samba/ftp/stable/samba-3.6.20.tar.gz";>download + Samba 3.6.20. + + 11 October 2013 Samba 4.1.0 Available for Download This is the first stable release of the Samba 4.1 series. @@ -139,13 +162,3 @@ Please see the release notes for more info: http://samba.org/samba/history/samba-3.5.22.html";>release notes Samba 3.5.22. - - 11 July 2013 - Samba 4.1.0rc1 Available for Download - This is the first release candidate of the upcoming Samba 4.1 release series. - -The uncompressed tarballs and patch files have been signed -using GnuPG (ID 6568B7EA). The source code can be -https://download.samba.org/pub/samba/rc/samba-4.1.0rc1.tar.gz";>downloaded -now. See https://download.samba.org/pub/samba/rc/WHATSNEW-4.1.0rc1.txt";>the -release notes for more info. diff --git a/generated_news/latest_10_headlines.html b/generated_news/latest_10_headlines.html index 8b64db9..95e864b 100644 --- a/generated_news/latest_10_headlines.html +++ b/generated_news/latest_10_headlines.html @@ -1,4 +1,8 @@ +11 November 2013 Samba 4.1.1, 4.0.11 + (CVE-2013-4475 and CVE-2013-4475) and 3.6.20 (CVE-2013-4475) + Security Releases Available for Download + 11 October 2013 Samba 4.1.0 Available for Download 08 October 2013 Samba 4.0.10 Available for Download @@ -20,7 +24,4 @@ 05 August 2013 Samba 4.0.8, 3.6.17 and 3.5.22 Security Releases Available for Download (CVE-2013-4124) - -11 July 2013 Samba 4.1.0rc1 Available for - Download diff --git a/generated_news/latest_2_bodies.html b/generated_news/latest_2_bodies.html index 638df61..9812122 100644 --- a/generated_news/latest_2_bodies.html +++ b/generated_news/latest_2_bodies.html @@ -1,3 +1,27 @@ + 11 November 2013 + Samba 4.1.1, 4.0.11 and 3.6.20 Security + Releases Available for Download + These are security releases in order to address + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4475";>CVE-2013-4475 + (ACLs are not checked on opening an alternate data stream on a file + or directory) and + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4476";>CVE-2013-4476 + (Private key in key.pem world readable). + + + The uncompressed ta
[SCM] Samba Shared Repository - annotated tag samba-4.1.1 created
The annotated tag, samba-4.1.1 has been created
at d228adeb4dfecf890bda849fc000fc0f01440beb (tag)
tagging 32d78c867eb259960736121146c7152934f3e6b3 (commit)
replaces samba-4.1.0
tagged by Karolin Seeger
on Fri Nov 8 11:07:58 2013 +0100
- Log -
samba: tag release samba-4.1.1
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
iD8DBQBSfLf+bzORW2Vot+oRAkfaAJ9eVwOkfw8O0LUF16zTavhW7c8avgCeN1Yb
V37bznwIu3G0dE/O92c8YsI=
=HtVp
-END PGP SIGNATURE-
Björn Baumbach (5):
CVE-2013-4476: lib-util: add file_check_permissions()
CVE-2013-4476: lib-util: split out file_save_mode() from file_save()
CVE-2013-4476: samba-tool provision: create ${private_dir}/tls with mode
0700
CVE-2013-4476: s4:libtls: Create tls private key file (key.pem) with mode
0600
CVE-2013-4476: s4:libtls: check for safe permissions of tls private key
file (key.pem)
Jeremy Allison (2):
Fix bug #10229 - No access check verification on stream files.
Add regression test for bug #10229 - No access check verification on
stream files.
Karolin Seeger (3):
VERSION: Bump version number up to 4.1.1...
WHATSNEW: Add release notes for Samba 4.1.1.
VERSION: Disable git snapshots for the 4.1.1 release.
Stefan Metzmacher (1):
CVE-2013-4476: selftest/Samba4: use umask 0077 within mk_keyblobs()
---
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-1-stable updated
The branch, v4-1-stable has been updated
via 32d78c8 VERSION: Disable git snapshots for the 4.1.1 release.
via 07be799 WHATSNEW: Add release notes for Samba 4.1.1.
via e737fc7 CVE-2013-4476: s4:libtls: check for safe permissions of tls
private key file (key.pem)
via 2ca3eae CVE-2013-4476: s4:libtls: Create tls private key file
(key.pem) with mode 0600
via bc067d0 CVE-2013-4476: selftest/Samba4: use umask 0077 within
mk_keyblobs()
via d6988a1 CVE-2013-4476: samba-tool provision: create
${private_dir}/tls with mode 0700
via 7fc2f97 CVE-2013-4476: lib-util: split out file_save_mode() from
file_save()
via 81e5048 CVE-2013-4476: lib-util: add file_check_permissions()
via afe7ffd Add regression test for bug #10229 - No access check
verification on stream files.
via a2c4c0e Fix bug #10229 - No access check verification on stream
files.
via ff0cd26 VERSION: Bump version number up to 4.1.1...
from a6fb418 VERSION: Bump version number up to 4.1.0...
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-1-stable
- Log -
commit 32d78c867eb259960736121146c7152934f3e6b3
Author: Karolin Seeger
Date: Fri Nov 8 11:04:28 2013 +0100
VERSION: Disable git snapshots for the 4.1.1 release.
Bug 10234 - CVE-2013-4476: key.pem world readable
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10234
Bug 10235 - CVE-2013-4475: No access check verification on stream files
(BUG: https://bugzilla.samba.org/show_bug.cgi?id=10229).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10235
Signed-off-by: Karolin Seeger
commit 07be7991578578eaeb8eaa8a13588183a5f4b11c
Author: Karolin Seeger
Date: Fri Nov 8 11:00:06 2013 +0100
WHATSNEW: Add release notes for Samba 4.1.1.
Bug 10234 - CVE-2013-4476: key.pem world readable
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10234
Bug 10235 - CVE-2013-4475: No access check verification on stream files
(bug #10229: https://bugzilla.samba.org/show_bug.cgi?id=10229).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10235
Signed-off-by: Karolin Seeger
commit e737fc794ebd614886ea16cb51850bceaf3ef2e0
Author: Björn Baumbach
Date: Tue Oct 29 17:53:59 2013 +0100
CVE-2013-4476: s4:libtls: check for safe permissions of tls private key
file (key.pem)
If the tls key is not owned by root or has not mode 0600 samba will not
start up.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234
Pair-Programmed-With: Stefan Metzmacher
Signed-off-by: Björn Baumbach
Signed-off-by: Stefan Metzmacher
Reviewed-by: Stefan Metzmacher
commit 2ca3eae4c50316a723ca9fcf8ec766d8b40b3908
Author: Björn Baumbach
Date: Tue Oct 29 17:52:39 2013 +0100
CVE-2013-4476: s4:libtls: Create tls private key file (key.pem) with mode
0600
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234
Signed-off-by: Björn Baumbach
Reviewed-by: Stefan Metzmacher
commit bc067d06682b796ab7abf6a05f103e7ebe0a4cef
Author: Stefan Metzmacher
Date: Wed Oct 30 14:48:36 2013 +0100
CVE-2013-4476: selftest/Samba4: use umask 0077 within mk_keyblobs()
We should generate private keys with 0600.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234
Pair-Programmed-With: Björn Baumbach
Signed-off-by: Stefan Metzmacher
Signed-off-by: Björn Baumbach
Reviewed-by: Stefan Metzmacher
commit d6988a14b4f82ff5bd6c48a61f8edd02f7b24aa6
Author: Björn Baumbach
Date: Tue Oct 29 17:49:55 2013 +0100
CVE-2013-4476: samba-tool provision: create ${private_dir}/tls with mode
0700
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234
Signed-off-by: Björn Baumbach
Reviewed-by: Stefan Metzmacher
commit 7fc2f97fb1dcd85aa1cad461fe611f844d7a3c62
Author: Björn Baumbach
Date: Tue Oct 29 17:48:11 2013 +0100
CVE-2013-4476: lib-util: split out file_save_mode() from file_save()
file_save_mode() writes files with specified mode.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234
Signed-off-by: Björn Baumbach
Reviewed-by: Stefan Metzmacher
commit 81e50485bb2e623ca06a6dc2996877ccc31120b0
Author: Björn Baumbach
Date: Tue Oct 29 17:43:17 2013 +0100
CVE-2013-4476: lib-util: add file_check_permissions()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234
Signed-off-by: Björn Baumbach
Reviewed-by: Stefan Metzmacher
commit afe7ffd74f1154cf60dc4c89b1fc330ab0373099
Author: Jeremy Allison
Date: Tue Oct 29 15:57:01 2013 -0700
Add regression test for bug #10229 - No access check verification on stream
files.
Checks against a file with attribute READONLY, and
a security descriptor denying WRITE_DATA access.
Signed-off-by: Jeremy Allison
Reviewed-by: Stefan Metzmacher
Revi
[SCM] Samba Shared Repository - annotated tag samba-4.0.11 created
The annotated tag, samba-4.0.11 has been created
at e1f0ccfe921a57108585889d04d2f3b3193ac873 (tag)
tagging a8e0112c7c540307e263d00306cb06f473547cea (commit)
replaces samba-4.0.10
tagged by Karolin Seeger
on Mon Nov 11 09:46:43 2013 +0100
- Log -
samba: tag release samba-4.0.11
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
iD8DBQBSgJlzbzORW2Vot+oRArVkAKCJwwWKguFfEFKGWf4BxLE/v3NdUwCeIWQ4
gITDYWHTpHTgbWYcAK15imk=
=E0+i
-END PGP SIGNATURE-
Björn Baumbach (5):
CVE-2013-4476: lib-util: add file_check_permissions()
CVE-2013-4476: lib-util: split out file_save_mode() from file_save()
CVE-2013-4476: samba-tool provision: create ${private_dir}/tls with mode
0700
CVE-2013-4476: s4:libtls: Create tls private key file (key.pem) with mode
0600
CVE-2013-4476: s4:libtls: check for safe permissions of tls private key
file (key.pem)
Jeremy Allison (2):
Fix bug #10229 - No access check verification on stream files.
Add regression test for bug #10229 - No access check verification on
stream files.
Karolin Seeger (3):
VERSION: Bump version number up to 4.0.11...
WHATSNEW: Add release notes for Samba 4.0.11.
VERSION: Disable git snapshots for the 4.0.11 release.
Stefan Metzmacher (1):
CVE-2013-4476: selftest/Samba4: use umask 0077 within mk_keyblobs()
---
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-0-stable updated
The branch, v4-0-stable has been updated
via a8e0112 VERSION: Disable git snapshots for the 4.0.11 release.
via 90b9835 WHATSNEW: Add release notes for Samba 4.0.11.
via 66fb9ec CVE-2013-4476: s4:libtls: check for safe permissions of tls
private key file (key.pem)
via c417cb7 CVE-2013-4476: s4:libtls: Create tls private key file
(key.pem) with mode 0600
via c1e106b CVE-2013-4476: selftest/Samba4: use umask 0077 within
mk_keyblobs()
via 367f017 CVE-2013-4476: samba-tool provision: create
${private_dir}/tls with mode 0700
via e74797c CVE-2013-4476: lib-util: split out file_save_mode() from
file_save()
via 13566a5 CVE-2013-4476: lib-util: add file_check_permissions()
via 761096f Add regression test for bug #10229 - No access check
verification on stream files.
via a6d74c4 Fix bug #10229 - No access check verification on stream
files.
via 5b0caf4 VERSION: Bump version number up to 4.0.11...
from 55c51b8 VERSION: Disable git snapshots for the 4.0.10 release.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-stable
- Log -
commit a8e0112c7c540307e263d00306cb06f473547cea
Author: Karolin Seeger
Date: Fri Nov 8 10:28:54 2013 +0100
VERSION: Disable git snapshots for the 4.0.11 release.
Bug 10234 - CVE-2013-4476: key.pem world readable
Bug 10235 - CVE-2013-4475: No access check verification on stream files
(bug #10229).
Signed-off-by: Karolin Seeger
commit 90b98355621b9cebf4ede82be73c67dd04e4104e
Author: Karolin Seeger
Date: Fri Nov 8 10:26:12 2013 +0100
WHATSNEW: Add release notes for Samba 4.0.11.
Bug 10234 - CVE-2013-4476: key.pem world readable
Bug 10235 - CVE-2013-4475: No access check verification on stream files
(bug #10229).
Signed-off-by: Karolin Seeger
commit 66fb9ecfb522ef653c2d74d5e6309485e21d51c3
Author: Björn Baumbach
Date: Tue Oct 29 17:53:59 2013 +0100
CVE-2013-4476: s4:libtls: check for safe permissions of tls private key
file (key.pem)
If the tls key is not owned by root or has not mode 0600 samba will not
start up.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234
Pair-Programmed-With: Stefan Metzmacher
Signed-off-by: Björn Baumbach
Signed-off-by: Stefan Metzmacher
Reviewed-by: Stefan Metzmacher
commit c417cb7ec3b72edb52f908b6dc39f2c6a50cddc0
Author: Björn Baumbach
Date: Tue Oct 29 17:52:39 2013 +0100
CVE-2013-4476: s4:libtls: Create tls private key file (key.pem) with mode
0600
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234
Signed-off-by: Björn Baumbach
Reviewed-by: Stefan Metzmacher
commit c1e106b65b002174bfa3788d3798800a0c084ef9
Author: Stefan Metzmacher
Date: Wed Oct 30 14:48:36 2013 +0100
CVE-2013-4476: selftest/Samba4: use umask 0077 within mk_keyblobs()
We should generate private keys with 0600.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234
Pair-Programmed-With: Björn Baumbach
Signed-off-by: Stefan Metzmacher
Signed-off-by: Björn Baumbach
Reviewed-by: Stefan Metzmacher
commit 367f017ec45577a82c7c41f983dd5403854d2346
Author: Björn Baumbach
Date: Tue Oct 29 17:49:55 2013 +0100
CVE-2013-4476: samba-tool provision: create ${private_dir}/tls with mode
0700
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234
Signed-off-by: Björn Baumbach
Reviewed-by: Stefan Metzmacher
commit e74797cc61151632ce7c440a42579fcd794ab42d
Author: Björn Baumbach
Date: Tue Oct 29 17:48:11 2013 +0100
CVE-2013-4476: lib-util: split out file_save_mode() from file_save()
file_save_mode() writes files with specified mode.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234
Signed-off-by: Björn Baumbach
Reviewed-by: Stefan Metzmacher
commit 13566a5398d802102deb492bede242217143cfa0
Author: Björn Baumbach
Date: Tue Oct 29 17:43:17 2013 +0100
CVE-2013-4476: lib-util: add file_check_permissions()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234
Signed-off-by: Björn Baumbach
Reviewed-by: Stefan Metzmacher
commit 761096f8f19eb2ed9d2fc6de3fb22a25d86c7a27
Author: Jeremy Allison
Date: Tue Oct 29 15:57:01 2013 -0700
Add regression test for bug #10229 - No access check verification on stream
files.
Checks against a file with attribute READONLY, and
a security descriptor denying WRITE_DATA access.
Signed-off-by: Jeremy Allison
Reviewed-by: Stefan Metzmacher
Reviewed-by: David Disseldorp
Autobuild-User(master): Jeremy Allison
Autobuild-Date(master): Mon Nov 4 23:10:10 CET 2013 on sn-devel-104
(cherry picked from commit 65882152cc7ccaba0e7903862b99ca93594ed080)
The last two patches address bug #10235 - CVE-2013-4475: No access
check verificatio
[SCM] Samba Shared Repository - annotated tag samba-3.6.20 created
The annotated tag, samba-3.6.20 has been created at 3f57e3ce5d4f5156c0553801090bf926c48f9412 (tag) tagging 12598a76c0330ea1067c4b11b295ab3473e93f15 (commit) replaces samba-3.6.19 tagged by Karolin Seeger on Mon Nov 11 09:30:55 2013 +0100 - Log - tag samba-3.6.20 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iD8DBQBSgJXFbzORW2Vot+oRAjIzAJwJMa+Tlod4V8wcjyOM9acQobPc2ACeJe/6 0JWoGZYK8mtKjW0WNN/XWxo= =M0U0 -END PGP SIGNATURE- Jeremy Allison (1): Fix bug #10229 - No access check verification on stream files. Karolin Seeger (3): VERSION: Bump version up to 3.6.20. WHATSNEW: Start release notes for Samba 3.6.20. WHATSNEW: Add release notes for Samba 3.6.20. --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-6-stable updated
The branch, v3-6-stable has been updated
via 12598a7 WHATSNEW: Add release notes for Samba 3.6.20.
via 14d4813 Fix bug #10229 - No access check verification on stream
files.
from c18329b WHATSNEW: Start release notes for Samba 3.6.20.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-stable
- Log -
commit 12598a76c0330ea1067c4b11b295ab3473e93f15
Author: Karolin Seeger
Date: Thu Nov 7 12:49:34 2013 +0100
WHATSNEW: Add release notes for Samba 3.6.20.
Bug 10235 - CVE-2013-4475: No access check verification on stream files.
Signed-off-by: Karolin Seeger
commit 14d48130870579541c07f5a0f64638e635ddce95
Author: Jeremy Allison
Date: Thu Oct 31 13:48:42 2013 -0700
Fix bug #10229 - No access check verification on stream files.
https://bugzilla.samba.org/show_bug.cgi?id=10229
We need to check if the requested access mask
could be used to open the underlying file (if
it existed), as we're passing in zero for the
access mask to the base filename.
Signed-off-by: Jeremy Allison
Fix Bug #10235 - CVE-2013-4475: No access check verification on stream
files.
https://bugzilla.samba.org/show_bug.cgi?id=10235
---
Summary of changes:
WHATSNEW.txt| 31 +
source3/smbd/open.c | 61 +++
2 files changed, 87 insertions(+), 5 deletions(-)
Changeset truncated at 500 lines:
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index d30b702..d6b1ebd 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,20 +1,41 @@
==
Release Notes for Samba 3.6.20
- November 06, 2013
+ November 11, 2013
==
-This is is the latest maintenance release of Samba 3.6.
+This is a security release in order to address
+CVE-2013-4475 (ACLs are not checked on opening an alternate
+data stream on a file or directory).
-Please note that this will probably be the last maintenance release
-of the Samba 3.6 release series. With the release of Samba 4.1.0, the
-3.6 release series will be turned into the "security fixes only" mode.
+o CVE-2013-4475:
+ Samba versions 3.2.0 and above (all versions of 3.2.x, 3.3.x,
+ 3.4.x, 3.5.x, 3.6.x, 4.0.x and 4.1.x) do not check the underlying
+ file or directory ACL when opening an alternate data stream.
+
+ According to the SMB1 and SMB2+ protocols the ACL on an underlying
+ file or directory should control what access is allowed to alternate
+ data streams that are associated with the file or directory.
+
+ By default no version of Samba supports alternate data streams
+ on files or directories.
+
+ Samba can be configured to support alternate data streams by loading
+ either one of two virtual file system modues (VFS) vfs_streams_depot or
+ vfs_streams_xattr supplied with Samba, so this bug only affects Samba
+ servers configured this way.
+
+ To determine if your server is vulnerable, check for the strings
+ "streams_depot" or "streams_xattr" inside your smb.conf configuration
+ file.
Changes since 3.6.19:
-
o Jeremy Allison
+* BUGs 10234 + 10229: CVE-2013-4475: Fix access check verification on
stream
+ files.
##
diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index 447de80..441b8cd 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -152,6 +152,48 @@ NTSTATUS smbd_check_open_rights(struct connection_struct
*conn,
}
/
+ Ensure when opening a base file for a stream open that we have permissions
+ to do so given the access mask on the base file.
+/
+
+static NTSTATUS check_base_file_access(struct connection_struct *conn,
+ struct smb_filename *smb_fname,
+ uint32_t access_mask)
+{
+ uint32_t access_granted = 0;
+ NTSTATUS status;
+
+ status = smbd_calculate_access_mask(conn, smb_fname,
+ false,
+ access_mask,
+ &access_mask);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(10, ("smbd_calculate_access_mask "
+ "on file %s returned %s\n",
+ smb_fname_str_dbg(smb_fname),
+ nt_errstr(status)));
+ return status;
+ }
+
+ if (access_mask & (FILE_WRITE_DATA|FILE_APPEND_DATA)) {
+ uint32_t dosattrs;
+ if (!CAN_WRITE(conn
