[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 0dd512e s4:torture/netlogon: Test netlogon with additional attrs via 767bd6a s4:torture/ldap: Add test for netlogon over tcp via e306250 libcli/cldap: Add utility to create netlogon filter via 68ebb09 s4:dsdb: Move cldap netlogon functions into samdb/ldb_modules via 7106dcf s4:cldap_server: Do not handle netlogon ourself anymore via 0620c79 s4:dsdb/rootdse: Support netlogon request via 7a5a625 s4:dsdb/rootdse: Pass rootdse context to rootdse_add_dynamic via 3721274 s4:cldap_server: Move netlogon parsing into utility function via ca8acb6 provision: Fix string replacement ordering via 32ee231 s4:torture/cldap: Fix a typo from 490418d gpo: Fix CID 1034880 Resource leak http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 0dd512eead6dc999511e9e21f5304a224653db85 Author: Benjamin Franzke Date: Thu Oct 31 21:23:57 2013 +0100 s4:torture/netlogon: Test netlogon with additional attrs Reviewed-by: Andrew Bartlett Reviewed-by: Nadezhda Ivanova se enter the commit message for your changes. Lines starting Autobuild-User(master): Andrew Bartlett Autobuild-Date(master): Tue Nov 12 00:57:19 CET 2013 on sn-devel-104 commit 767bd6a4d49efce1c554bb0bc8130d74331b0bd8 Author: Benjamin Franzke Date: Mon Oct 28 14:21:20 2013 +0100 s4:torture/ldap: Add test for netlogon over tcp This patch moves the udp netlogon tests from cldap.c to netlogon.c and passes a generic netlogon-send function as parameter. Therefore a tcp replacement for cldap_netlogon is also added. The two variants tcp and udp are added as 2 new torture tests: ldap.netlogon-udp & ldap.netlogon-tcp Both tests succeed. Reviewed-by: Andrew Bartlett Reviewed-by: Nadezhda Ivanova commit e306250a250d20a43cbe4c72ece34ebd475fa39c Author: Benjamin Franzke Date: Mon Oct 28 14:19:57 2013 +0100 libcli/cldap: Add utility to create netlogon filter This utility is splitted of from cldap_netlogon_send. Reviewed-by: Andrew Bartlett Reviewed-by: Nadezhda Ivanova commit 68ebb09193e73cff4389ccb9e3b190b12ee0a84a Author: Benjamin Franzke Date: Tue Nov 5 20:39:56 2013 +0100 s4:dsdb: Move cldap netlogon functions into samdb/ldb_modules As netlogon is handled by the samdb now, the corresponding functions should live there as well. Reviewed-by: Andrew Bartlett Reviewed-by: Nadezhda Ivanova commit 7106dcf2b8525ec653f24e417d846f9d00172b6d Author: Benjamin Franzke Date: Fri Nov 1 10:52:02 2013 +0100 s4:cldap_server: Do not handle netlogon ourself anymore Netlogon is now handled by the ldb rootdse module. The netlogon files will be moved to dsdb in the next commit. Reviewed-by: Andrew Bartlett Reviewed-by: Nadezhda Ivanova commit 0620c79d76b69811fd6c00d912db05477d894724 Author: Benjamin Franzke Date: Sun Oct 27 06:55:48 2013 +0100 s4:dsdb/rootdse: Support netlogon request This patch adds support for a netlogon ldap style request over the tcp socket. This is available since win2k3+ [1]. The automatic client join & configuration daemon "realmd" makes use of this ability. Realmd can now be used to join a computer to a samba 4 domain. (See also: https://lists.samba.org/archive/samba-technical/2013-October/095606.html) Tested with: ldapsearch -h samba-srv -x -b '' -s base "(&(NtVer=\06\00\00\00)(AAC=\00\00\00\00))" NetLogon And compared the result in wireshark with cldap request issued by examples/misc/cldap.pl. [1]: http://wiki.wireshark.org/MS-CLDAP?action=recall&rev=8 Reviewed-by: Andrew Bartlett Reviewed-by: Nadezhda Ivanova commit 7a5a62547bc10053fb1e4850e0acacb6a837f36f Author: Benjamin Franzke Date: Fri Nov 1 06:55:41 2013 +0100 s4:dsdb/rootdse: Pass rootdse context to rootdse_add_dynamic This replaced the *module parameter, and uses ac->module in the function instead, same for *req and *attrs. Reviewed-by: Andrew Bartlett Reviewed-by: Nadezhda Ivanova commit 372127416825a8a947cd976f8a4165611c006c43 Author: Benjamin Franzke Date: Sun Oct 27 16:07:04 2013 +0100 s4:cldap_server: Move netlogon parsing into utility function To be used later by netlogon-request over ldap. Reviewed-by: Andrew Bartlett Reviewed-by: Nadezhda Ivanova commit ca8acb681a1ccaddf85376ff30c9b13b1a4c943d Author: Benjamin Franzke Date: Fri Sep 6 16:20:43 2013 +0200 provision: Fix string replacement ordering Reviewed-by: Andrew Bartlett Reviewed-by: Nadezhda Ivanova commit 32ee231da590d7b8aee74728a423b282ae845bce Author: Benjamin Franzke Date: Fri Nov 1 10:24:43 2013 +0100 s4:torture/cldap: Fix a typ
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 490418d gpo: Fix CID 1034880 Resource leak via 4d97b5d gpo: Fix CID 1034881 Resource leak via b7420e4 ntvfs: Fix CID 1034883 Resource leak via 1444280 backupkey: Fix CID 1034885 Resource leak via 0e19812 smbd: Fix CID 1035365 Buffer not null terminated via 2a73a49 smbd: Fix CID 1035366 Buffer not null terminated via a60f513 smbd: Use fstring in conn_tdb.c via 3b8c3e5 smbd: Use fstring in conn_tdb.h via ea83ac6 smbd: Fix CID 1035478 Negative array index read via df8dff7 samdb: Fix CID 241968 Uninitialized pointer read via c6ca14a heimdal: Fix 241482 Resource leak via d2731ad ldb: Fix CID 241329 Array compared against 0 via 6b7b007 libsmb: Fix CID 241313 Array compared against 0 via c85deee smbd: Fix CID 1035434 Same on both sides via 43ac7e8 iniparser: Fix CID 241908 Copy into fixed size buffer via 1cae867 libsmb: Fix CID 1127343 Dead default in switch via 70dbb89 netapi: Fix CID 1127344 Uninitialized scalar variable via 4ddb9cf net: Fix CID 1035403 Unchecked return value via 55b0a16 registry: Fix Coverity ID 1034918 Wrong sizeof argument via ba370ae registry: Fix Coverity ID 1034917 Wrong sizeof argument via 4e80a30 registry: Fix Coverity ID 1034916 Wrong sizeof argument via 0c8d5df dsdb: Fix Coverity ID 1034907 Dereference before null check via 096358f oLschema2ldif: Add some NULL checks from 97bbd63 s4:torture:smb2: add new lease.upgrade3 test to test the contended upgrade http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 490418d6363d2735cd1d801f7b2bb804eb85b197 Author: Volker Lendecke Date: Sun Nov 10 19:45:11 2013 +0100 gpo: Fix CID 1034880 Resource leak Signed-off-by: Volker Lendecke Reviewed-by: Ira Cooper Autobuild-User(master): Ira Cooper Autobuild-Date(master): Mon Nov 11 22:59:10 CET 2013 on sn-devel-104 commit 4d97b5dcca827d6767857182772f4ced0fdd5da7 Author: Volker Lendecke Date: Sun Nov 10 19:43:48 2013 +0100 gpo: Fix CID 1034881 Resource leak Signed-off-by: Volker Lendecke Reviewed-by: Ira Cooper commit b7420e44b1f7e0e0f54cf9f329981bacf839f7c9 Author: Volker Lendecke Date: Sun Nov 10 19:41:15 2013 +0100 ntvfs: Fix CID 1034883 Resource leak Signed-off-by: Volker Lendecke Reviewed-by: Ira Cooper commit 144428058a73b059d7389915e310ff48fd591e59 Author: Volker Lendecke Date: Sun Nov 10 19:34:31 2013 +0100 backupkey: Fix CID 1034885 Resource leak Signed-off-by: Volker Lendecke Reviewed-by: Ira Cooper commit 0e19812782cd7a937de028494160ed3f5e8bac88 Author: Volker Lendecke Date: Sun Nov 10 11:58:58 2013 +0100 smbd: Fix CID 1035365 Buffer not null terminated Signed-off-by: Volker Lendecke Reviewed-by: Ira Cooper commit 2a73a4985eb4a7fcd5dc31aee66dfcd0d305d94b Author: Volker Lendecke Date: Sun Nov 10 11:57:37 2013 +0100 smbd: Fix CID 1035366 Buffer not null terminated Signed-off-by: Volker Lendecke Reviewed-by: Ira Cooper commit a60f513e896c35bf21eb54456f38771152611e81 Author: Volker Lendecke Date: Sun Nov 10 11:56:06 2013 +0100 smbd: Use fstring in conn_tdb.c It might be legacy, but as long as we have it, we can make use of it. Signed-off-by: Volker Lendecke Reviewed-by: Ira Cooper commit 3b8c3e5dde9a5324eb82496f036d3a88349c3894 Author: Volker Lendecke Date: Sun Nov 10 11:56:06 2013 +0100 smbd: Use fstring in conn_tdb.h It might be legacy, but as long as we have it, we can make use of it. Signed-off-by: Volker Lendecke Reviewed-by: Ira Cooper commit ea83ac6b0142e99b514f7c4a3a4b038c2e409a8d Author: Volker Lendecke Date: Sun Nov 10 11:48:17 2013 +0100 smbd: Fix CID 1035478 Negative array index read lp_parm_enum can return -1. Add error checking. Signed-off-by: Volker Lendecke Reviewed-by: Ira Cooper commit df8dff7dd27459dad337e66f3e2f75c47e28cc8c Author: Volker Lendecke Date: Sun Nov 10 10:06:18 2013 +0100 samdb: Fix CID 241968 Uninitialized pointer read Interestingly gcc does not catch this at all. Signed-off-by: Volker Lendecke Reviewed-by: Ira Cooper commit c6ca14a78b52eabc70f338d136a93ea9ff4e51e4 Author: Volker Lendecke Date: Sun Nov 10 09:45:38 2013 +0100 heimdal: Fix 241482 Resource leak Signed-off-by: Volker Lendecke Reviewed-by: Ira Cooper commit d2731ad5aae9f1fb8c1c6a65a61ef787e993b248 Author: Volker Lendecke Date: Sat Nov 9 21:29:24 2013 +0100 ldb: Fix CID 241329 Array compared against 0 u.generate.remote_names is an array, not a pointer Signed-off-by: Volker Lendecke Reviewed-by: Ira Cooper commit 6b7b007a67ce8ec4e2979f09ba1bdea903116924
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 97bbd63 s4:torture:smb2: add new lease.upgrade3 test to test the contended upgrade via 363c4ad s4:torture:smb2: add comment explaining lease upgrade in the non-contended case from 0eaae1a README.Coding: Add __func__ http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 97bbd631d8b357e0392209052872be2f67255f29 Author: Michael Adam Date: Tue Nov 5 18:17:58 2013 +0100 s4:torture:smb2: add new lease.upgrade3 test to test the contended upgrade Test what upgrades work when there is another lease already held, in addition to the lease to be upgraded. The summary of the behaviour is this: - If we have two leases (lease1 and lease2) on the same file, then attempt to upgrade lease1 results in a change if and only if the requested lease state: - is valid, - is strictly a superset of lease1, and - can held together with lease2. In that case, the resuling lease state of the upgraded lease1 is the state requested in the upgrade. lease2 is not broken and remains unchanged. Note that this contrasts the case of directly opening with an initial requested lease state, in which case you get that portion of the requested state that can be shared with the already existing leases (or the states that they get broken to). Signed-off-by: Michael Adam Reviewed-by: David Disseldorp Autobuild-User(master): David Disseldorp Autobuild-Date(master): Mon Nov 11 18:04:47 CET 2013 on sn-devel-104 commit 363c4ade52b36a986b2e7bd35563459d8fd49485 Author: Michael Adam Date: Tue Nov 5 18:10:25 2013 +0100 s4:torture:smb2: add comment explaining lease upgrade in the non-contended case The summary of the behaviour is this: - An uncontended lease upgrade results in a change if and only if the requested lease state is - valid, and - strictly a superset of the lease state already held. In that case the resulting lease state is the one requested in the upgrade. Signed-off-by: Michael Adam Reviewed-by: David Disseldorp --- Summary of changes: source4/torture/smb2/lease.c | 154 ++ 1 files changed, 154 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/torture/smb2/lease.c b/source4/torture/smb2/lease.c index 992c21b..045f994 100644 --- a/source4/torture/smb2/lease.c +++ b/source4/torture/smb2/lease.c @@ -262,6 +262,17 @@ static bool test_lease_upgrade(struct torture_context *tctx, /** * upgrade2 test. * full matrix of lease upgrade combinations + * (non-contended case) + * + * The summary of the behaviour is this: + * - + * An uncontended lease upgrade results in a change + * if and only if the requested lease state is + * - valid, and + * - strictly a superset of the lease state already held. + * + * In that case the resulting lease state is the one + * requested in the upgrade. */ struct lease_upgrade2_test { const char *initial; @@ -438,6 +449,148 @@ static bool torture_lease_handler(struct smb2_transport *transport, return true; } +/** + * upgrade3: + * full matrix of lease upgrade combinations + * (contended case) + * + * We start with 2 leases, and check how one can + * be upgraded + * + * The summary of the behaviour is this: + * - + * + * If we have two leases (lease1 and lease2) on the same file, + * then attempt to upgrade lease1 results in a change if and only + * if the requested lease state: + * - is valid, + * - is strictly a superset of lease1, and + * - can held together with lease2. + * + * In that case, the resuling lease state of the upgraded lease1 + * is the state requested in the upgrade. lease2 is not broken + * and remains unchanged. + * + * Note that this contrasts the case of directly opening with + * an initial requested lease state, in which case you get that + * portion of the requested state that can be shared with the + * already existing leases (or the states that they get broken to). + */ +struct lease_upgrade3_test { + const char *held1; + const char *held2; + const char *upgrade_to; + const char *upgraded_to; +}; + +#define NUM_UPGRADE3_TESTS ( 20 ) +struct lease_upgrade3_test lease_upgrade3_tests[NUM_UPGRADE3_TESTS] = { + {"R", "R", "", "R" }, + {"R", "R", "R", "R" }, + {"R", "R", "RW", "R" }, + {"R", "R", "RH", "RH" }, + {"R", "R", "RHW", "R" }, + + {"R", "RH", "", "R" }, + {"R", "RH", "R", "R" }, + {"R", "RH", "RW", "R" }, + {"R", "RH", "RH", "RH" }, + {"R", "RH"
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 0eaae1a README.Coding: Add __func__ via bbb5f66 smbd: Fix DEBUG in do_break_to_none from 22af043 CVE-2013-4476: s4:libtls: check for safe permissions of tls private key file (key.pem) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 0eaae1a87fee60675d8d9f48f8a5f5cb583f0e14 Author: Volker Lendecke Date: Fri Nov 1 12:04:38 2013 + README.Coding: Add __func__ Signed-off-by: Volker Lendecke Reviewed-by: Michael Adam Autobuild-User(master): Michael Adam Autobuild-Date(master): Mon Nov 11 16:08:09 CET 2013 on sn-devel-104 commit bbb5f66bcd4f096f7b1281e4fda6fdb488f064bc Author: Volker Lendecke Date: Fri Nov 1 11:55:43 2013 + smbd: Fix DEBUG in do_break_to_none The name of this function has changed, but the DEBUG statements have not been adapted. This is the case in a lot of our code. With __func__ this problem goes away: __func__ is C99, and we also use it already. Signed-off-by: Volker Lendecke Reviewed-by: Michael Adam --- Summary of changes: README.Coding | 14 ++ source3/smbd/oplock.c | 14 ++ 2 files changed, 20 insertions(+), 8 deletions(-) Changeset truncated at 500 lines: diff --git a/README.Coding b/README.Coding index 956a733..107856e 100644 --- a/README.Coding +++ b/README.Coding @@ -377,3 +377,17 @@ do not use them in new code. The only exception is the test code that depends repeated use of calls like CHECK_STATUS, CHECK_VAL and others. + + +Function names in DEBUG statements +-- + +Many DEBUG statements contain the name of the function they appear in. This is +not a good idea, as this is prone to bitrot. Function names change, code +moves, but the DEBUG statements are not adapted. Use %s and __func__ for this: + +Bad Example: + DEBUG(0, ("strstr_m: src malloc fail\n")); + +Good Example: + DEBUG(0, ("%s: src malloc fail\n", __func__)); diff --git a/source3/smbd/oplock.c b/source3/smbd/oplock.c index b5d6b54..312855d 100644 --- a/source3/smbd/oplock.c +++ b/source3/smbd/oplock.c @@ -644,13 +644,12 @@ static void do_break_to_none(struct tevent_context *ctx, lck = get_existing_share_mode_lock(talloc_tos(), state->id); if (lck == NULL) { - DEBUG(1, ("release_level_2_oplocks_on_change: failed to lock " - "share mode entry for file %s.\n", - file_id_string_tos(&state->id))); + DEBUG(1, ("%s: failed to lock share mode entry for file %s.\n", + __func__, file_id_string_tos(&state->id))); goto done; } - DEBUG(10,("release_level_2_oplocks_on_change: num_share_modes = %d\n", + DEBUG(10,("%s: num_share_modes = %d\n", __func__, lck->data->num_share_modes )); for(i = 0; i < lck->data->num_share_modes; i++) { @@ -672,8 +671,7 @@ static void do_break_to_none(struct tevent_context *ctx, * NO_OPLOCK states. JRA. */ - DEBUG(10,("release_level_2_oplocks_on_change: " - "share_entry[%i]->op_type == %d\n", + DEBUG(10,("%s: share_entry[%i]->op_type == %d\n", __func__, i, share_entry->op_type )); if (share_entry->op_type == NO_OPLOCK) { @@ -682,9 +680,9 @@ static void do_break_to_none(struct tevent_context *ctx, /* Paranoia */ if (EXCLUSIVE_OPLOCK_TYPE(share_entry->op_type)) { - DEBUG(0,("release_level_2_oplocks_on_change: PANIC. " + DEBUG(0,("%s: PANIC. " "share mode entry %d is an exlusive " -"oplock !\n", i )); +"oplock !\n", __func__, i )); TALLOC_FREE(lck); abort(); } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 22af043 CVE-2013-4476: s4:libtls: check for safe permissions of tls private key file (key.pem) via e0248cd CVE-2013-4476: s4:libtls: Create tls private key file (key.pem) with mode 0600 via cf29fb2 CVE-2013-4476: selftest/Samba4: use umask 0077 within mk_keyblobs() via 83a3ae1 CVE-2013-4476: samba-tool provision: create ${private_dir}/tls with mode 0700 via 63d98ed CVE-2013-4476: lib-util: split out file_save_mode() from file_save() via 8eae8d2 CVE-2013-4476: lib-util: add file_check_permissions() from 374b2cf xattr: fix listing EAs on *BSD for non-root users http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 22af043d2f20760f27150d7d469c7c7b944c6b55 Author: Björn Baumbach Date: Tue Oct 29 17:53:59 2013 +0100 CVE-2013-4476: s4:libtls: check for safe permissions of tls private key file (key.pem) If the tls key is not owned by root or has not mode 0600 samba will not start up. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234 Pair-Programmed-With: Stefan Metzmacher Signed-off-by: Björn Baumbach Signed-off-by: Stefan Metzmacher Reviewed-by: Stefan Metzmacher Autobuild-User(master): Karolin Seeger Autobuild-Date(master): Mon Nov 11 13:07:16 CET 2013 on sn-devel-104 commit e0248cde8dcd82f348218665f5edd6b30cd3ef1f Author: Björn Baumbach Date: Tue Oct 29 17:52:39 2013 +0100 CVE-2013-4476: s4:libtls: Create tls private key file (key.pem) with mode 0600 Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234 Signed-off-by: Björn Baumbach Reviewed-by: Stefan Metzmacher commit cf29fb2cf4727466ccbd6f0ca8d5d4cb75666d99 Author: Stefan Metzmacher Date: Wed Oct 30 14:48:36 2013 +0100 CVE-2013-4476: selftest/Samba4: use umask 0077 within mk_keyblobs() We should generate private keys with 0600. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234 Pair-Programmed-With: Björn Baumbach Signed-off-by: Stefan Metzmacher Signed-off-by: Björn Baumbach Reviewed-by: Stefan Metzmacher commit 83a3ae18ddb945defc3a2f1d5ca2fb743fa43724 Author: Björn Baumbach Date: Tue Oct 29 17:49:55 2013 +0100 CVE-2013-4476: samba-tool provision: create ${private_dir}/tls with mode 0700 Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234 Signed-off-by: Björn Baumbach Reviewed-by: Stefan Metzmacher commit 63d98ed90466295d0e946f79868d3d7aad6e7589 Author: Björn Baumbach Date: Tue Oct 29 17:48:11 2013 +0100 CVE-2013-4476: lib-util: split out file_save_mode() from file_save() file_save_mode() writes files with specified mode. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234 Signed-off-by: Björn Baumbach Reviewed-by: Stefan Metzmacher commit 8eae8d28bce2c3f6a323d3dc48ed10c2e6bb1ba5 Author: Björn Baumbach Date: Tue Oct 29 17:43:17 2013 +0100 CVE-2013-4476: lib-util: add file_check_permissions() Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234 Signed-off-by: Björn Baumbach Reviewed-by: Stefan Metzmacher --- Summary of changes: lib/util/samba_util.h | 11 + lib/util/util.c| 44 lib/util/util_file.c | 16 + python/samba/provision/__init__.py |2 +- selftest/target/Samba4.pm |6 - source4/lib/tls/tls.c | 17 ++ source4/lib/tls/tls_tstream.c | 16 + source4/lib/tls/tlscert.c |2 +- 8 files changed, 106 insertions(+), 8 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/util/samba_util.h b/lib/util/samba_util.h index 89aa9aa..243ed3e 100644 --- a/lib/util/samba_util.h +++ b/lib/util/samba_util.h @@ -580,6 +580,8 @@ a line **/ _PUBLIC_ void file_lines_slashcont(char **lines); +_PUBLIC_ bool file_save_mode(const char *fname, const void *packet, +size_t length, mode_t mode); /** save a lump of data into a file. Mostly used for debugging */ @@ -623,6 +625,15 @@ _PUBLIC_ time_t file_modtime(const char *fname); _PUBLIC_ bool directory_exist(const char *dname); /** + Check file permissions. +**/ +struct stat; +_PUBLIC_ bool file_check_permissions(const char *fname, +uid_t uid, +mode_t file_perms, +struct stat *pst); + +/** * Try to create the specified directory if it didn't exist. * * @retval true if the directory already existed and has the right permissions diff --git a/lib/util/util.c b/lib/util/util.c index f0ed7f6..3e9047c 100644 --- a/lib/util/util.c +++ b/lib/util/util.c
[SCM] Samba Shared Repository - branch v3-6-stable updated
The branch, v3-6-stable has been updated via f9dd9ce VERSION: Bump version up to 3.6.21. from 12598a7 WHATSNEW: Add release notes for Samba 3.6.20. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-stable - Log - commit f9dd9ce298e2bbddfebee62a884f6d63fc2c4ab1 Author: Karolin Seeger Date: Mon Nov 11 11:53:00 2013 +0100 VERSION: Bump version up to 3.6.21. Signed-off-by: Karolin Seeger (cherry picked from commit c2287276eb6533586ca1eac8b445ac1f93bcee98) --- Summary of changes: source3/VERSION |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/VERSION b/source3/VERSION index 7d97b56..8d054f4 100644 --- a/source3/VERSION +++ b/source3/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=3 SAMBA_VERSION_MINOR=6 -SAMBA_VERSION_RELEASE=20 +SAMBA_VERSION_RELEASE=21 # Bug fix releases use a letter for the patch revision # -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via c228727 VERSION: Bump version up to 3.6.21. via ff2ec0f WHATSNEW: Add release notes for Samba 3.6.20. via 22b6c3c Fix bug #10229 - No access check verification on stream files. from 906db4f Fix bug #10118 - Samba is chatty about being unable to open a printer. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit c2287276eb6533586ca1eac8b445ac1f93bcee98 Author: Karolin Seeger Date: Mon Nov 11 11:53:00 2013 +0100 VERSION: Bump version up to 3.6.21. Signed-off-by: Karolin Seeger commit ff2ec0f117ce213ec1d7718730b15a05f3789694 Author: Karolin Seeger Date: Thu Nov 7 12:49:34 2013 +0100 WHATSNEW: Add release notes for Samba 3.6.20. Bug 10235 - CVE-2013-4475: No access check verification on stream files. Signed-off-by: Karolin Seeger (cherry picked from commit 12598a76c0330ea1067c4b11b295ab3473e93f15) commit 22b6c3c449b5dd1f10bfd77a74698066b7a8e4c9 Author: Jeremy Allison Date: Thu Oct 31 13:48:42 2013 -0700 Fix bug #10229 - No access check verification on stream files. https://bugzilla.samba.org/show_bug.cgi?id=10229 We need to check if the requested access mask could be used to open the underlying file (if it existed), as we're passing in zero for the access mask to the base filename. Signed-off-by: Jeremy Allison Fix Bug #10235 - CVE-2013-4475: No access check verification on stream files. https://bugzilla.samba.org/show_bug.cgi?id=10235 (cherry picked from commit 14d48130870579541c07f5a0f64638e635ddce95) --- Summary of changes: WHATSNEW.txt| 31 + source3/VERSION |2 +- source3/smbd/open.c | 61 +++ 3 files changed, 88 insertions(+), 6 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index d30b702..d6b1ebd 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,20 +1,41 @@ == Release Notes for Samba 3.6.20 - November 06, 2013 + November 11, 2013 == -This is is the latest maintenance release of Samba 3.6. +This is a security release in order to address +CVE-2013-4475 (ACLs are not checked on opening an alternate +data stream on a file or directory). -Please note that this will probably be the last maintenance release -of the Samba 3.6 release series. With the release of Samba 4.1.0, the -3.6 release series will be turned into the "security fixes only" mode. +o CVE-2013-4475: + Samba versions 3.2.0 and above (all versions of 3.2.x, 3.3.x, + 3.4.x, 3.5.x, 3.6.x, 4.0.x and 4.1.x) do not check the underlying + file or directory ACL when opening an alternate data stream. + + According to the SMB1 and SMB2+ protocols the ACL on an underlying + file or directory should control what access is allowed to alternate + data streams that are associated with the file or directory. + + By default no version of Samba supports alternate data streams + on files or directories. + + Samba can be configured to support alternate data streams by loading + either one of two virtual file system modues (VFS) vfs_streams_depot or + vfs_streams_xattr supplied with Samba, so this bug only affects Samba + servers configured this way. + + To determine if your server is vulnerable, check for the strings + "streams_depot" or "streams_xattr" inside your smb.conf configuration + file. Changes since 3.6.19: - o Jeremy Allison +* BUGs 10234 + 10229: CVE-2013-4475: Fix access check verification on stream + files. ## diff --git a/source3/VERSION b/source3/VERSION index 59857d2..b5030d0 100644 --- a/source3/VERSION +++ b/source3/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=3 SAMBA_VERSION_MINOR=6 -SAMBA_VERSION_RELEASE=20 +SAMBA_VERSION_RELEASE=21 # Bug fix releases use a letter for the patch revision # diff --git a/source3/smbd/open.c b/source3/smbd/open.c index 447de80..441b8cd 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -152,6 +152,48 @@ NTSTATUS smbd_check_open_rights(struct connection_struct *conn, } / + Ensure when opening a base file for a stream open that we have permissions + to do so given the access mask on the base file. +/ + +static NTSTATUS check_base_file_access
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via 0a52101 VERSION: Bump version number up to 4.0.12... via 98712df Merge tag 'samba-4.0.11' into v4-0-test via a8e0112 VERSION: Disable git snapshots for the 4.0.11 release. via 90b9835 WHATSNEW: Add release notes for Samba 4.0.11. via 66fb9ec CVE-2013-4476: s4:libtls: check for safe permissions of tls private key file (key.pem) via c417cb7 CVE-2013-4476: s4:libtls: Create tls private key file (key.pem) with mode 0600 via c1e106b CVE-2013-4476: selftest/Samba4: use umask 0077 within mk_keyblobs() via 367f017 CVE-2013-4476: samba-tool provision: create ${private_dir}/tls with mode 0700 via e74797c CVE-2013-4476: lib-util: split out file_save_mode() from file_save() via 13566a5 CVE-2013-4476: lib-util: add file_check_permissions() via 761096f Add regression test for bug #10229 - No access check verification on stream files. via a6d74c4 Fix bug #10229 - No access check verification on stream files. from de4e721 s4-dns: dlz_bind9: Create dns-HOSTNAME account disabled http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 0a52101416d4a4be75b2515d352137550d04b368 Author: Karolin Seeger Date: Mon Nov 11 11:46:21 2013 +0100 VERSION: Bump version number up to 4.0.12... and re-enable git snapshots. Signed-off-by: Karolin Seeger commit 98712df3ddf6cca5614f273eb21336c62a9157f7 Merge: de4e72152d83cf03e86c3531f43a9f2bed4967ac a8e0112c7c540307e263d00306cb06f473547cea Author: Karolin Seeger Date: Mon Nov 11 11:45:52 2013 +0100 Merge tag 'samba-4.0.11' into v4-0-test samba: tag release samba-4.0.11 --- Summary of changes: VERSION|2 +- WHATSNEW.txt | 77 +++- lib/util/samba_util.h | 11 ++ lib/util/util.c| 44 + lib/util/util_file.c | 16 ++- python/samba/provision/__init__.py |2 +- selftest/knownfail |1 + selftest/target/Samba4.pm |6 +- source3/smbd/open.c| 57 +++ source4/lib/tls/tls.c | 17 source4/lib/tls/tls_tstream.c | 16 +++ source4/lib/tls/tlscert.c |2 +- source4/torture/raw/streams.c | 181 13 files changed, 421 insertions(+), 11 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index eb74a75..576d58f 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=0 -SAMBA_VERSION_RELEASE=11 +SAMBA_VERSION_RELEASE=12 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 3b9462b..20b6e7f 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,4 +1,77 @@ == + Release Notes for Samba 4.0.11 + November 11, 2013 + == + + +This is a security release in order to address +CVE-2013-4475 (ACLs are not checked on opening an alternate +data stream on a file or directory) and +CVE-2013-4476 (Private key in key.pem world readable). + +o CVE-2013-4475: + Samba versions 3.2.0 and above (all versions of 3.2.x, 3.3.x, + 3.4.x, 3.5.x, 3.6.x, 4.0.x and 4.1.x) do not check the underlying + file or directory ACL when opening an alternate data stream. + + According to the SMB1 and SMB2+ protocols the ACL on an underlying + file or directory should control what access is allowed to alternate + data streams that are associated with the file or directory. + + By default no version of Samba supports alternate data streams + on files or directories. + + Samba can be configured to support alternate data streams by loading + either one of two virtual file system modues (VFS) vfs_streams_depot or + vfs_streams_xattr supplied with Samba, so this bug only affects Samba + servers configured this way. + + To determine if your server is vulnerable, check for the strings + "streams_depot" or "streams_xattr" inside your smb.conf configuration + file. + +o CVE-2013-4476: + In setups which provide ldap(s) and/or https services, the private + key for SSL/TLS encryption might be world readable. This typically + happens in active directory domain controller setups. + + +Changes since 4.0.10: +- + +o Jeremy Allison +* BUGs 10234 + 10229: CVE-2013-4475: Fix access check verification on stream + files. + + +o Björn Baumbach +* BUG 10234: CVE-2013-4476: Private key in key.pem world readable. + + +##
[SCM] Samba Shared Repository - branch v4-1-test updated
The branch, v4-1-test has been updated via a52afc3 VERSION: Bump version number up to 4.1.2... via 5e64b07 Merge tag 'samba-4.1.1' into v4-1-test via 32d78c8 VERSION: Disable git snapshots for the 4.1.1 release. via 07be799 WHATSNEW: Add release notes for Samba 4.1.1. via e737fc7 CVE-2013-4476: s4:libtls: check for safe permissions of tls private key file (key.pem) via 2ca3eae CVE-2013-4476: s4:libtls: Create tls private key file (key.pem) with mode 0600 via bc067d0 CVE-2013-4476: selftest/Samba4: use umask 0077 within mk_keyblobs() via d6988a1 CVE-2013-4476: samba-tool provision: create ${private_dir}/tls with mode 0700 via 7fc2f97 CVE-2013-4476: lib-util: split out file_save_mode() from file_save() via 81e5048 CVE-2013-4476: lib-util: add file_check_permissions() via afe7ffd Add regression test for bug #10229 - No access check verification on stream files. via a2c4c0e Fix bug #10229 - No access check verification on stream files. from 6207530 s4-dns: dlz_bind9: Create dns-HOSTNAME account disabled http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-1-test - Log - commit a52afc34d992c7a201c0b35d9d8df1ba25260787 Author: Karolin Seeger Date: Mon Nov 11 11:40:49 2013 +0100 VERSION: Bump version number up to 4.1.2... and re-enable git snapshots. Signed-off-by: Karolin Seeger commit 5e64b0718f56181b6d70623e285f5e74096fe4af Merge: 62075301713602612fe3eae92ce4b23e14ab8fa8 32d78c867eb259960736121146c7152934f3e6b3 Author: Karolin Seeger Date: Mon Nov 11 11:39:35 2013 +0100 Merge tag 'samba-4.1.1' into v4-1-test samba: tag release samba-4.1.1 --- Summary of changes: VERSION|2 +- WHATSNEW.txt | 73 +++ lib/util/samba_util.h | 11 ++ lib/util/util.c| 44 + lib/util/util_file.c | 16 ++- python/samba/provision/__init__.py |2 +- selftest/knownfail |1 + selftest/target/Samba4.pm |6 +- source3/smbd/open.c| 59 source4/lib/tls/tls.c | 17 source4/lib/tls/tls_tstream.c | 16 +++ source4/lib/tls/tlscert.c |2 +- source4/torture/raw/streams.c | 181 13 files changed, 421 insertions(+), 9 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 9394c6f..28fdecb 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=1 -SAMBA_VERSION_RELEASE=1 +SAMBA_VERSION_RELEASE=2 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 857a7ce..4c96f34 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,4 +1,77 @@ = + Release Notes for Samba 4.1.1 + November 11, 2013 + = + + +This is a security release in order to address +CVE-2013-4475 (ACLs are not checked on opening an alternate +data stream on a file or directory) and +CVE-2013-4476 (Private key in key.pem world readable). + +o CVE-2013-4475: + Samba versions 3.2.0 and above (all versions of 3.2.x, 3.3.x, + 3.4.x, 3.5.x, 3.6.x, 4.0.x and 4.1.x) do not check the underlying + file or directory ACL when opening an alternate data stream. + + According to the SMB1 and SMB2+ protocols the ACL on an underlying + file or directory should control what access is allowed to alternate + data streams that are associated with the file or directory. + + By default no version of Samba supports alternate data streams + on files or directories. + + Samba can be configured to support alternate data streams by loading + either one of two virtual file system modues (VFS) vfs_streams_depot or + vfs_streams_xattr supplied with Samba, so this bug only affects Samba + servers configured this way. + + To determine if your server is vulnerable, check for the strings + "streams_depot" or "streams_xattr" inside your smb.conf configuration + file. + +o CVE-2013-4476: + In setups which provide ldap(s) and/or https services, the private + key for SSL/TLS encryption might be world readable. This typically + happens in active directory domain controller setups. + + +Changes since 4.1.0: + + +o Jeremy Allison +* BUGs 10234 + 10229: CVE-2013-4475: Fix access check verification on stream + files. + + +o Björn Baumbach +* BUG 10234: CVE-2013-4476: Private key in key.pem world readable. + + +##
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 4d083d7 Announce Samba 4.1.1, 4.0.11 and 3.6.20. from c400091 Remove Google Checkout as it is being discontinued. http://gitweb.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 4d083d77ec08f0b407e6e4c7968a77029e9b9d29 Author: Karolin Seeger Date: Mon Nov 11 10:35:15 2013 +0100 Announce Samba 4.1.1, 4.0.11 and 3.6.20. Signed-off-by: Karolin Seeger --- Summary of changes: generated_news/latest_10_bodies.html| 33 +--- generated_news/latest_10_headlines.html |7 +- generated_news/latest_2_bodies.html | 36 ++--- history/header_history.html |3 + history/samba-3.6.20.html | 56 + history/samba-4.0.11.html | 66 +++ history/samba-4.1.1.html| 66 +++ history/security.html | 19 + latest_stable_release.html |6 +- security/CVE-2013-4475.html | 96 ++ security/CVE-2013-4476.html | 135 +++ 11 files changed, 495 insertions(+), 28 deletions(-) create mode 100755 history/samba-3.6.20.html create mode 100755 history/samba-4.0.11.html create mode 100755 history/samba-4.1.1.html create mode 100644 security/CVE-2013-4475.html create mode 100644 security/CVE-2013-4476.html Changeset truncated at 500 lines: diff --git a/generated_news/latest_10_bodies.html b/generated_news/latest_10_bodies.html index e9145b7..64f11d8 100644 --- a/generated_news/latest_10_bodies.html +++ b/generated_news/latest_10_bodies.html @@ -1,3 +1,26 @@ + 11 November 2013 + Samba 4.1.1, 4.0.11 and 3.6.20 Security + Releases Available for Download + These are security releases in order to address + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4475";>CVE-2013-4475 + (ACLs are not checked on opening an alternate data stream on a file + or directory) and + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4476";>CVE-2013-4476 + (Private key in key.pem world readable). + + + The uncompressed tarballs and patch files have been signed + using GnuPG (ID 6568B7EA). + + The source code can be downloaded here: + http://samba.org/samba/ftp/stable/samba-4.1.1.tar.gz";>download + Samba 4.1.1, + http://samba.org/samba/ftp/stable/samba-4.0.11.tar.gz";>download + Samba 4.0.11, + http://samba.org/samba/ftp/stable/samba-3.6.20.tar.gz";>download + Samba 3.6.20. + + 11 October 2013 Samba 4.1.0 Available for Download This is the first stable release of the Samba 4.1 series. @@ -139,13 +162,3 @@ Please see the release notes for more info: http://samba.org/samba/history/samba-3.5.22.html";>release notes Samba 3.5.22. - - 11 July 2013 - Samba 4.1.0rc1 Available for Download - This is the first release candidate of the upcoming Samba 4.1 release series. - -The uncompressed tarballs and patch files have been signed -using GnuPG (ID 6568B7EA). The source code can be -https://download.samba.org/pub/samba/rc/samba-4.1.0rc1.tar.gz";>downloaded -now. See https://download.samba.org/pub/samba/rc/WHATSNEW-4.1.0rc1.txt";>the -release notes for more info. diff --git a/generated_news/latest_10_headlines.html b/generated_news/latest_10_headlines.html index 8b64db9..95e864b 100644 --- a/generated_news/latest_10_headlines.html +++ b/generated_news/latest_10_headlines.html @@ -1,4 +1,8 @@ +11 November 2013 Samba 4.1.1, 4.0.11 + (CVE-2013-4475 and CVE-2013-4475) and 3.6.20 (CVE-2013-4475) + Security Releases Available for Download + 11 October 2013 Samba 4.1.0 Available for Download 08 October 2013 Samba 4.0.10 Available for Download @@ -20,7 +24,4 @@ 05 August 2013 Samba 4.0.8, 3.6.17 and 3.5.22 Security Releases Available for Download (CVE-2013-4124) - -11 July 2013 Samba 4.1.0rc1 Available for - Download diff --git a/generated_news/latest_2_bodies.html b/generated_news/latest_2_bodies.html index 638df61..9812122 100644 --- a/generated_news/latest_2_bodies.html +++ b/generated_news/latest_2_bodies.html @@ -1,3 +1,27 @@ + 11 November 2013 + Samba 4.1.1, 4.0.11 and 3.6.20 Security + Releases Available for Download + These are security releases in order to address + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4475";>CVE-2013-4475 + (ACLs are not checked on opening an alternate data stream on a file + or directory) and + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4476";>CVE-2013-4476 + (Private key in key.pem world readable). + + + The uncompressed ta
[SCM] Samba Shared Repository - annotated tag samba-4.1.1 created
The annotated tag, samba-4.1.1 has been created at d228adeb4dfecf890bda849fc000fc0f01440beb (tag) tagging 32d78c867eb259960736121146c7152934f3e6b3 (commit) replaces samba-4.1.0 tagged by Karolin Seeger on Fri Nov 8 11:07:58 2013 +0100 - Log - samba: tag release samba-4.1.1 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iD8DBQBSfLf+bzORW2Vot+oRAkfaAJ9eVwOkfw8O0LUF16zTavhW7c8avgCeN1Yb V37bznwIu3G0dE/O92c8YsI= =HtVp -END PGP SIGNATURE- Björn Baumbach (5): CVE-2013-4476: lib-util: add file_check_permissions() CVE-2013-4476: lib-util: split out file_save_mode() from file_save() CVE-2013-4476: samba-tool provision: create ${private_dir}/tls with mode 0700 CVE-2013-4476: s4:libtls: Create tls private key file (key.pem) with mode 0600 CVE-2013-4476: s4:libtls: check for safe permissions of tls private key file (key.pem) Jeremy Allison (2): Fix bug #10229 - No access check verification on stream files. Add regression test for bug #10229 - No access check verification on stream files. Karolin Seeger (3): VERSION: Bump version number up to 4.1.1... WHATSNEW: Add release notes for Samba 4.1.1. VERSION: Disable git snapshots for the 4.1.1 release. Stefan Metzmacher (1): CVE-2013-4476: selftest/Samba4: use umask 0077 within mk_keyblobs() --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-1-stable updated
The branch, v4-1-stable has been updated via 32d78c8 VERSION: Disable git snapshots for the 4.1.1 release. via 07be799 WHATSNEW: Add release notes for Samba 4.1.1. via e737fc7 CVE-2013-4476: s4:libtls: check for safe permissions of tls private key file (key.pem) via 2ca3eae CVE-2013-4476: s4:libtls: Create tls private key file (key.pem) with mode 0600 via bc067d0 CVE-2013-4476: selftest/Samba4: use umask 0077 within mk_keyblobs() via d6988a1 CVE-2013-4476: samba-tool provision: create ${private_dir}/tls with mode 0700 via 7fc2f97 CVE-2013-4476: lib-util: split out file_save_mode() from file_save() via 81e5048 CVE-2013-4476: lib-util: add file_check_permissions() via afe7ffd Add regression test for bug #10229 - No access check verification on stream files. via a2c4c0e Fix bug #10229 - No access check verification on stream files. via ff0cd26 VERSION: Bump version number up to 4.1.1... from a6fb418 VERSION: Bump version number up to 4.1.0... http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-1-stable - Log - commit 32d78c867eb259960736121146c7152934f3e6b3 Author: Karolin Seeger Date: Fri Nov 8 11:04:28 2013 +0100 VERSION: Disable git snapshots for the 4.1.1 release. Bug 10234 - CVE-2013-4476: key.pem world readable BUG: https://bugzilla.samba.org/show_bug.cgi?id=10234 Bug 10235 - CVE-2013-4475: No access check verification on stream files (BUG: https://bugzilla.samba.org/show_bug.cgi?id=10229). BUG: https://bugzilla.samba.org/show_bug.cgi?id=10235 Signed-off-by: Karolin Seeger commit 07be7991578578eaeb8eaa8a13588183a5f4b11c Author: Karolin Seeger Date: Fri Nov 8 11:00:06 2013 +0100 WHATSNEW: Add release notes for Samba 4.1.1. Bug 10234 - CVE-2013-4476: key.pem world readable BUG: https://bugzilla.samba.org/show_bug.cgi?id=10234 Bug 10235 - CVE-2013-4475: No access check verification on stream files (bug #10229: https://bugzilla.samba.org/show_bug.cgi?id=10229). BUG: https://bugzilla.samba.org/show_bug.cgi?id=10235 Signed-off-by: Karolin Seeger commit e737fc794ebd614886ea16cb51850bceaf3ef2e0 Author: Björn Baumbach Date: Tue Oct 29 17:53:59 2013 +0100 CVE-2013-4476: s4:libtls: check for safe permissions of tls private key file (key.pem) If the tls key is not owned by root or has not mode 0600 samba will not start up. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234 Pair-Programmed-With: Stefan Metzmacher Signed-off-by: Björn Baumbach Signed-off-by: Stefan Metzmacher Reviewed-by: Stefan Metzmacher commit 2ca3eae4c50316a723ca9fcf8ec766d8b40b3908 Author: Björn Baumbach Date: Tue Oct 29 17:52:39 2013 +0100 CVE-2013-4476: s4:libtls: Create tls private key file (key.pem) with mode 0600 Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234 Signed-off-by: Björn Baumbach Reviewed-by: Stefan Metzmacher commit bc067d06682b796ab7abf6a05f103e7ebe0a4cef Author: Stefan Metzmacher Date: Wed Oct 30 14:48:36 2013 +0100 CVE-2013-4476: selftest/Samba4: use umask 0077 within mk_keyblobs() We should generate private keys with 0600. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234 Pair-Programmed-With: Björn Baumbach Signed-off-by: Stefan Metzmacher Signed-off-by: Björn Baumbach Reviewed-by: Stefan Metzmacher commit d6988a14b4f82ff5bd6c48a61f8edd02f7b24aa6 Author: Björn Baumbach Date: Tue Oct 29 17:49:55 2013 +0100 CVE-2013-4476: samba-tool provision: create ${private_dir}/tls with mode 0700 Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234 Signed-off-by: Björn Baumbach Reviewed-by: Stefan Metzmacher commit 7fc2f97fb1dcd85aa1cad461fe611f844d7a3c62 Author: Björn Baumbach Date: Tue Oct 29 17:48:11 2013 +0100 CVE-2013-4476: lib-util: split out file_save_mode() from file_save() file_save_mode() writes files with specified mode. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234 Signed-off-by: Björn Baumbach Reviewed-by: Stefan Metzmacher commit 81e50485bb2e623ca06a6dc2996877ccc31120b0 Author: Björn Baumbach Date: Tue Oct 29 17:43:17 2013 +0100 CVE-2013-4476: lib-util: add file_check_permissions() Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234 Signed-off-by: Björn Baumbach Reviewed-by: Stefan Metzmacher commit afe7ffd74f1154cf60dc4c89b1fc330ab0373099 Author: Jeremy Allison Date: Tue Oct 29 15:57:01 2013 -0700 Add regression test for bug #10229 - No access check verification on stream files. Checks against a file with attribute READONLY, and a security descriptor denying WRITE_DATA access. Signed-off-by: Jeremy Allison Reviewed-by: Stefan Metzmacher Revi
[SCM] Samba Shared Repository - annotated tag samba-4.0.11 created
The annotated tag, samba-4.0.11 has been created at e1f0ccfe921a57108585889d04d2f3b3193ac873 (tag) tagging a8e0112c7c540307e263d00306cb06f473547cea (commit) replaces samba-4.0.10 tagged by Karolin Seeger on Mon Nov 11 09:46:43 2013 +0100 - Log - samba: tag release samba-4.0.11 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iD8DBQBSgJlzbzORW2Vot+oRArVkAKCJwwWKguFfEFKGWf4BxLE/v3NdUwCeIWQ4 gITDYWHTpHTgbWYcAK15imk= =E0+i -END PGP SIGNATURE- Björn Baumbach (5): CVE-2013-4476: lib-util: add file_check_permissions() CVE-2013-4476: lib-util: split out file_save_mode() from file_save() CVE-2013-4476: samba-tool provision: create ${private_dir}/tls with mode 0700 CVE-2013-4476: s4:libtls: Create tls private key file (key.pem) with mode 0600 CVE-2013-4476: s4:libtls: check for safe permissions of tls private key file (key.pem) Jeremy Allison (2): Fix bug #10229 - No access check verification on stream files. Add regression test for bug #10229 - No access check verification on stream files. Karolin Seeger (3): VERSION: Bump version number up to 4.0.11... WHATSNEW: Add release notes for Samba 4.0.11. VERSION: Disable git snapshots for the 4.0.11 release. Stefan Metzmacher (1): CVE-2013-4476: selftest/Samba4: use umask 0077 within mk_keyblobs() --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-0-stable updated
The branch, v4-0-stable has been updated via a8e0112 VERSION: Disable git snapshots for the 4.0.11 release. via 90b9835 WHATSNEW: Add release notes for Samba 4.0.11. via 66fb9ec CVE-2013-4476: s4:libtls: check for safe permissions of tls private key file (key.pem) via c417cb7 CVE-2013-4476: s4:libtls: Create tls private key file (key.pem) with mode 0600 via c1e106b CVE-2013-4476: selftest/Samba4: use umask 0077 within mk_keyblobs() via 367f017 CVE-2013-4476: samba-tool provision: create ${private_dir}/tls with mode 0700 via e74797c CVE-2013-4476: lib-util: split out file_save_mode() from file_save() via 13566a5 CVE-2013-4476: lib-util: add file_check_permissions() via 761096f Add regression test for bug #10229 - No access check verification on stream files. via a6d74c4 Fix bug #10229 - No access check verification on stream files. via 5b0caf4 VERSION: Bump version number up to 4.0.11... from 55c51b8 VERSION: Disable git snapshots for the 4.0.10 release. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-stable - Log - commit a8e0112c7c540307e263d00306cb06f473547cea Author: Karolin Seeger Date: Fri Nov 8 10:28:54 2013 +0100 VERSION: Disable git snapshots for the 4.0.11 release. Bug 10234 - CVE-2013-4476: key.pem world readable Bug 10235 - CVE-2013-4475: No access check verification on stream files (bug #10229). Signed-off-by: Karolin Seeger commit 90b98355621b9cebf4ede82be73c67dd04e4104e Author: Karolin Seeger Date: Fri Nov 8 10:26:12 2013 +0100 WHATSNEW: Add release notes for Samba 4.0.11. Bug 10234 - CVE-2013-4476: key.pem world readable Bug 10235 - CVE-2013-4475: No access check verification on stream files (bug #10229). Signed-off-by: Karolin Seeger commit 66fb9ecfb522ef653c2d74d5e6309485e21d51c3 Author: Björn Baumbach Date: Tue Oct 29 17:53:59 2013 +0100 CVE-2013-4476: s4:libtls: check for safe permissions of tls private key file (key.pem) If the tls key is not owned by root or has not mode 0600 samba will not start up. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234 Pair-Programmed-With: Stefan Metzmacher Signed-off-by: Björn Baumbach Signed-off-by: Stefan Metzmacher Reviewed-by: Stefan Metzmacher commit c417cb7ec3b72edb52f908b6dc39f2c6a50cddc0 Author: Björn Baumbach Date: Tue Oct 29 17:52:39 2013 +0100 CVE-2013-4476: s4:libtls: Create tls private key file (key.pem) with mode 0600 Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234 Signed-off-by: Björn Baumbach Reviewed-by: Stefan Metzmacher commit c1e106b65b002174bfa3788d3798800a0c084ef9 Author: Stefan Metzmacher Date: Wed Oct 30 14:48:36 2013 +0100 CVE-2013-4476: selftest/Samba4: use umask 0077 within mk_keyblobs() We should generate private keys with 0600. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234 Pair-Programmed-With: Björn Baumbach Signed-off-by: Stefan Metzmacher Signed-off-by: Björn Baumbach Reviewed-by: Stefan Metzmacher commit 367f017ec45577a82c7c41f983dd5403854d2346 Author: Björn Baumbach Date: Tue Oct 29 17:49:55 2013 +0100 CVE-2013-4476: samba-tool provision: create ${private_dir}/tls with mode 0700 Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234 Signed-off-by: Björn Baumbach Reviewed-by: Stefan Metzmacher commit e74797cc61151632ce7c440a42579fcd794ab42d Author: Björn Baumbach Date: Tue Oct 29 17:48:11 2013 +0100 CVE-2013-4476: lib-util: split out file_save_mode() from file_save() file_save_mode() writes files with specified mode. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234 Signed-off-by: Björn Baumbach Reviewed-by: Stefan Metzmacher commit 13566a5398d802102deb492bede242217143cfa0 Author: Björn Baumbach Date: Tue Oct 29 17:43:17 2013 +0100 CVE-2013-4476: lib-util: add file_check_permissions() Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234 Signed-off-by: Björn Baumbach Reviewed-by: Stefan Metzmacher commit 761096f8f19eb2ed9d2fc6de3fb22a25d86c7a27 Author: Jeremy Allison Date: Tue Oct 29 15:57:01 2013 -0700 Add regression test for bug #10229 - No access check verification on stream files. Checks against a file with attribute READONLY, and a security descriptor denying WRITE_DATA access. Signed-off-by: Jeremy Allison Reviewed-by: Stefan Metzmacher Reviewed-by: David Disseldorp Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Mon Nov 4 23:10:10 CET 2013 on sn-devel-104 (cherry picked from commit 65882152cc7ccaba0e7903862b99ca93594ed080) The last two patches address bug #10235 - CVE-2013-4475: No access check verificatio
[SCM] Samba Shared Repository - annotated tag samba-3.6.20 created
The annotated tag, samba-3.6.20 has been created at 3f57e3ce5d4f5156c0553801090bf926c48f9412 (tag) tagging 12598a76c0330ea1067c4b11b295ab3473e93f15 (commit) replaces samba-3.6.19 tagged by Karolin Seeger on Mon Nov 11 09:30:55 2013 +0100 - Log - tag samba-3.6.20 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iD8DBQBSgJXFbzORW2Vot+oRAjIzAJwJMa+Tlod4V8wcjyOM9acQobPc2ACeJe/6 0JWoGZYK8mtKjW0WNN/XWxo= =M0U0 -END PGP SIGNATURE- Jeremy Allison (1): Fix bug #10229 - No access check verification on stream files. Karolin Seeger (3): VERSION: Bump version up to 3.6.20. WHATSNEW: Start release notes for Samba 3.6.20. WHATSNEW: Add release notes for Samba 3.6.20. --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-6-stable updated
The branch, v3-6-stable has been updated via 12598a7 WHATSNEW: Add release notes for Samba 3.6.20. via 14d4813 Fix bug #10229 - No access check verification on stream files. from c18329b WHATSNEW: Start release notes for Samba 3.6.20. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-stable - Log - commit 12598a76c0330ea1067c4b11b295ab3473e93f15 Author: Karolin Seeger Date: Thu Nov 7 12:49:34 2013 +0100 WHATSNEW: Add release notes for Samba 3.6.20. Bug 10235 - CVE-2013-4475: No access check verification on stream files. Signed-off-by: Karolin Seeger commit 14d48130870579541c07f5a0f64638e635ddce95 Author: Jeremy Allison Date: Thu Oct 31 13:48:42 2013 -0700 Fix bug #10229 - No access check verification on stream files. https://bugzilla.samba.org/show_bug.cgi?id=10229 We need to check if the requested access mask could be used to open the underlying file (if it existed), as we're passing in zero for the access mask to the base filename. Signed-off-by: Jeremy Allison Fix Bug #10235 - CVE-2013-4475: No access check verification on stream files. https://bugzilla.samba.org/show_bug.cgi?id=10235 --- Summary of changes: WHATSNEW.txt| 31 + source3/smbd/open.c | 61 +++ 2 files changed, 87 insertions(+), 5 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index d30b702..d6b1ebd 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,20 +1,41 @@ == Release Notes for Samba 3.6.20 - November 06, 2013 + November 11, 2013 == -This is is the latest maintenance release of Samba 3.6. +This is a security release in order to address +CVE-2013-4475 (ACLs are not checked on opening an alternate +data stream on a file or directory). -Please note that this will probably be the last maintenance release -of the Samba 3.6 release series. With the release of Samba 4.1.0, the -3.6 release series will be turned into the "security fixes only" mode. +o CVE-2013-4475: + Samba versions 3.2.0 and above (all versions of 3.2.x, 3.3.x, + 3.4.x, 3.5.x, 3.6.x, 4.0.x and 4.1.x) do not check the underlying + file or directory ACL when opening an alternate data stream. + + According to the SMB1 and SMB2+ protocols the ACL on an underlying + file or directory should control what access is allowed to alternate + data streams that are associated with the file or directory. + + By default no version of Samba supports alternate data streams + on files or directories. + + Samba can be configured to support alternate data streams by loading + either one of two virtual file system modues (VFS) vfs_streams_depot or + vfs_streams_xattr supplied with Samba, so this bug only affects Samba + servers configured this way. + + To determine if your server is vulnerable, check for the strings + "streams_depot" or "streams_xattr" inside your smb.conf configuration + file. Changes since 3.6.19: - o Jeremy Allison +* BUGs 10234 + 10229: CVE-2013-4475: Fix access check verification on stream + files. ## diff --git a/source3/smbd/open.c b/source3/smbd/open.c index 447de80..441b8cd 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -152,6 +152,48 @@ NTSTATUS smbd_check_open_rights(struct connection_struct *conn, } / + Ensure when opening a base file for a stream open that we have permissions + to do so given the access mask on the base file. +/ + +static NTSTATUS check_base_file_access(struct connection_struct *conn, + struct smb_filename *smb_fname, + uint32_t access_mask) +{ + uint32_t access_granted = 0; + NTSTATUS status; + + status = smbd_calculate_access_mask(conn, smb_fname, + false, + access_mask, + &access_mask); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(10, ("smbd_calculate_access_mask " + "on file %s returned %s\n", + smb_fname_str_dbg(smb_fname), + nt_errstr(status))); + return status; + } + + if (access_mask & (FILE_WRITE_DATA|FILE_APPEND_DATA)) { + uint32_t dosattrs; + if (!CAN_WRITE(conn