IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
== Subject: Remote code execution in Samba's WINS
== server daemon (nmbd) when processing name
== registration followed name query requests.
==
== CVE ID#: CVE-2007-5398
==
== Versions: Samba 3.0.0 - 3.0.26a (inclusive)
...
Secunia Research reported a vulnerability that allows for
the execution of arbitrary code in nmbd. This defect may
only be exploited when the "wins support" parameter has
been enabled in smb.conf.
(This used to be commit e40c372e0d)
to struct sockaddr_storage in most places that matter (ie.
not the nmbd and NetBIOS lookups). This passes make test
on an IPv4 box, but I'll have to do more work/testing on
IPv6 enabled boxes. This should now give us a framework
for testing and finishing the IPv6 migration. It's at
the state where someone with a working IPv6 setup should
(theorecically) be able to type :
smbclient //ipv6-address/share
and have it work.
Jeremy.
(This used to be commit 98e154c312)
bugs in various places whilst doing this (places that assumed
BOOL == int). I also need to fix the Samba4 pidl generation
(next checkin).
Jeremy.
(This used to be commit f35a266b3c)
IPv6 in winbindd, but moves most of the socket functions that were
wrongly in lib/util.c into lib/util_sock.c and provides generic
IPv4/6 independent versions of most things. Still lots of work
to do, but now I can see how I'll fix the access check code.
Nasty part that remains is the name resolution code which is
used to returning arrays of in_addr structs.
Jeremy.
(This used to be commit 3f6bd0e1ec)
the ripple effects this causes. utmp has to change etc. Remove some
global varables and store address/port in the unexpected db.
Jeremy.
(This used to be commit 18c6a2211d)
to all callers of smb_setlen (via set_message()
calls). This will allow the server to reflect back
the correct encryption context.
Jeremy.
(This used to be commit 2d80a96120)
* \PIPE\unixinfo
* winbindd's {group,alias}membership new functions
* winbindd's lookupsids() functionality
* swat (trunk changes to be reverted as per discussion with Deryck)
(This used to be commit 939c3cb5d7)
use the correct RR type of 0xA instead of reflecting back what
the query RR type was (0x20). See rfc1002 sections 4.2.14 and
4.2.16.
Jeremy.
(This used to be commit ab8c924004)
functions so we can funnel through some well known functions. Should help greatly with
malloc checking.
HEAD patch to follow.
Jeremy.
(This used to be commit 620f2e608f)
Don't use nstrings to hold workgroup and netbios names. The problem with them is that MB netbios
and workgroup names in unix charset (particularly utf8) may be up to 3x bigger than the name
when represented in dos charset (ie. cp932). So go back to using fstrings for these but
translate into nstrings (ie. 16 byte length values) for transport on the wire.
Jeremy.
(This used to be commit b4ea493599)
iconv wasn't re-initialised on reading of "charset" parameters. This
caused workgroup name to be set incorrectly if it contained an
extended character.
Jeremy.
(This used to be commit 84ae44678a)
processing work correctly in winbindd. This is a really good patch
that gives full select semantics to the Samba modified select.
Jeremy.
(This used to be commit 3af16ade17)
the DGRAM_PORT, since we want to actually send those to other ports.
They might be for the client library running on the Samba server!
(This used to be commit 05e2dd5e85)
easier to add new message types to messages.h without breaking old
binaries
- added a MSG_FORCE_ELECTION message to force nmbd to hold an election
(This used to be commit f1c49ca7ce)
The motivation for this system is to replace the UDP message for
oplocks, but this commit only does the "set debug level" message.
(This used to be commit 2a34ee95f3)
I had to modify sys_select() to not loop on EINTR. I added a wrapper
called sys_select_intr() which gives the old behaviour.
(This used to be commit b28cc4163b)
nmbd. It does NOT follow the rule that packets to the wins server have
rec_des set (I know that we have postulated this in the past). Please
don't screw with this unless you do careful testing from WinXX
clients.
Luke and I spent a couple of hours today getting this right (it was
wrong in both TNG and HEAD)
(This used to be commit 9eda2e27b7)
This fixes our netbios scope handling. We now have a 'netbios scope' option
in smb.conf and the scope option is removed from make_nmb_name()
this was prompted by a bug in our PDC finding code where it didn't append
the scope to the query of the '*' name.
(This used to be commit b563be824b)
I also fixed up the lookup_pdc_name() code so that it now works, even
with a NT server that insists on replying to udp/138.
The method I used to match packets was to use the mailslot string as a
datagram ID. The true dgm_id doesn't work as NT doesn't set it
correctly. uggh.
PS: Jeremy, I had to change your code quite a bit, are you sure this
worked with a Samba PDC?? The code looked broken, it got the offsets
wrong in the SMB portion of the packet and filled in the IP
incorrectly.
(This used to be commit 32f66f4ea6)
this means "nmblookup -S" now always works, even with broken servers
the database stores all unexpected replies and these can be accessed
by any client.
while doing this I cleaned up a couple of functions, and put in place
a better trn_id generator. in most places the code got quite a bit
simpler due to the addition of simple helper functions.
I haven't yet put the code in to take advantage of this for pdc
replies - that will be next. Jeremys pdc finding code will then work :)
(This used to be commit 280e6359d3)
desired flag MUST be set in any NBT UDP packets sent to a WINS
server, else they will go to the WINS client side of the NT NetBIOS
kernel instead, and will get trashed.
- added \PIPE\browser server-side code.
(This used to be commit 8e406c1fa2)
request name.
modified createuser rpcclient command to examine name being added. if it
ends in a $, assume that a workstation trust account is being added.
(This used to be commit 4aea261cb0)
by default.
nmbd*: Changed all calls to namestr() to nmbd_namestr() to fix broken FreeBSD include
file problem...sigh.
Jeremy.
(This used to be commit 9ee8f39aed)
The debug_browse_data() function does a hex dump of a browser packet. The
last line is often not a full 16 bytes, which would miss-align the hex
output. I've added the padding needed to align the hex output.
Chris -)-----
(This used to be commit 9f9b30abab)
Changes to get Samba to compile cleanly with the IRIX compiler
with the options : -fullwarn -woff 1209,1174 (the -woff options
are to turn off warnings about unused function parameters and
controlling loop expressions being constants).
Split prototype generation as we hit a limit in IRIX nawk.
Removed "." code in smbd/filename.c (yet again :-).
Jeremy.
(This used to be commit e0567433bd)
prompted by the interpret_security() dead code that Jean-Francois
pointed out I added a make target "finddead" that finds potentially
dead (ie. unused) code. It spat out 304 function names ...
I went through these are deleted many of them, making others static
(finddead also reports functions that are used only in the local
file).
in doing this I have almost certainly deleted some useful code. I may
have even prevented compilation with some compile options. I
apologise. I decided it was better to get rid of this code now and add
back the one or two functions that are needed than to keep all this
baggage.
So, if I have done a bit too much "destroying" then let me know. Keep
the swearing to a minimum :)
One bit I didn't do is the ubibt code. Chris, can you look at that?
Heaps of unused functions there. Can they be made static?
(This used to be commit 2204475c87)
correctly. Added new parameter "stat cache size" - set to 50 by default.
I now declare the statcache code officially "open" for business :-).
It gets a hit rate of 97% with a NetBench run and seems to make
using a case insensitive run as efficient as a case sensitive run.
Also tidied up our sys_select usage - added a maxfd parameter and
also added an implementation of select in terms of poll(), for systems
where poll() is much faster. This is disabled by default.
Jeremy.
(This used to be commit 779b924ec1)
Connections[] is now a local array in server.c
I might have broken something with this change. In particular the
oplock code is suspect and some .dll files aren't being oplocked when
I expected them to be. I'll look at it after I've got some sleep.
(This used to be commit c7ee025ead)
through and changed some DEBUG() calls to DEBUGADD() to combine output
under a single timestamp. There were too many timestamps.
Note that Jeremy has told me that he's working on adding a config parameter
to turn timestamps off. Cool.
Chris -)-----
(This used to be commit 247dbc9a24)
nmbd_become_lmb.c: Add 'force_new_election' parameter to some functions.
This allows the start of the election to be done *after*
the demotion from local master browser is done.
Also changed code so release of 1d name is done
immediately to allow other local master to gain it.
nmbd_elections.c: Ensured no elections are run until we have registered
the WORKGROUP<1e> name that we must listen on to participate
in elections.
nmbd_incomingdgrams.c: Use force_new_election code.
nmbd_namelistdb.c: Make update_name_in_namelist static.
nmbd_subnetdb.c: Fix bug in comparison function. We cannot use memcmp
as structure packing may make this fail.
nmbd_packets.c: Ensure that we only send one release packet when
sending a broadcast packet.
nmbd_workgroupdb.c: Ensure we put the correct value in the ElectionCriterion field.
nmblib.c: Ensure make_nmb_name zero's the struct nmb_name.
Jeremy.
(This used to be commit 1fcb094ba0)
split the name_record structure into pieces. The goal is that the key
(the name) be separate from the data associated with the key. Databases
such as gdbm store information in [key,content] pairs.
There is no functional change in with this update. It's just a step in
the direction that Jeremy and I have been discussing.
Chris -)-----
(This used to be commit e420a4bd7d)
It removed all ocurrences of the following functions :
sprintf
strcpy
strcat
The replacements are slprintf, safe_strcpy and safe_strcat.
It should not be possible to use code in Samba that uses
sprintf, strcpy or strcat, only the safe_equivalents.
Once Andrew has fixed the slprintf implementation then
this code will be moved back to the 1.9.18 code stream.
Jeremy.
(This used to be commit 2d77445400)
server is sending out a name_query after a WACK, it needs to send
a packet with recursion_desired = 0 (yes Luke, you were right all
along :-). If it doesn't then if it's talking to itself then the
query packet ends up back in the WINS server instead of in the client
side code.
Makefile: Changed proto generation to stop including NMBDOBJ twice.
nmbd_namequery.c nmbd_packets.c nmbd_winsserver.c: Added extra
query_name_from_wins_server() code.
Jeremy.
(This used to be commit c5ca05c295)
were loggin a become backup request with debug log level of 0
- thus producing lots of annoying error messages.
Now handle this explicitly.
Jeremy.
(This used to be commit 0f4914b870)
to fix the fact that retransmit_or_expire_response_records() wasn't looking
at the WINS subnet.
server.c: Patch from jkf@soton.ac.uk to add %p (NIS server path) substitution.
smbpass.c: Fix to stop parsing failing on non-valid lines.
trans2.c: Fix for volume serial number code.
util.c: Patch from jkf@soton.ac.uk to add %p (NIS server path) substitution.
Fix for warnings under RH5. gcc 2.8.
Jeremy.
(This used to be commit e58ab3bbe6)
This is merely updating the Copyright statements from 1997 to 1998.
It's a once a year thing :-).
NO OTHER CHANGES WERE MADE.
Jeremy.
(This used to be commit b9c1697723)
Sending nmbd/smbd a SIGUSR1 will raise the debug level by one (capped at 10)
sending a SIGUSR2 will lower it (lower limit at zero).
Jeremy.
(This used to be commit 6a3cb6f4b4)
Also added code to stop old Samba servers that announce the workgroup
name as master browser name when they are a local master browser.
Jeremy.
(This used to be commit 3605da0557)
back into the main tree.
For the cvs logs of all the files starting nmbd_*.c, look
in the JRA_NMBD_REWRITE branch. That branch has now been
discontinued.
Jeremy.
(This used to be commit d80b0cb645)
