rpms/samba
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

- Update to 3.2.0rc2

Browse Source 
- resolves: #449522
- resolves: #448107

Guenther
This commit is contained in:
Guenther Deschner 2008-06-11 17:10:07 +00:00
parent df5c8b1a46
commit b594db48be
6 changed files with 11 additions and 482 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.cvsignore
View File

@ -1 +1 @@
samba-3.2.0rc1.tar.gz
samba-3.2.0rc2.tar.gz

113
samba-3.2.0rc1-capget.diff
View File

@ -1,113 +0,0 @@
source/include/smb.h | 3 +-
source/lib/system.c | 5 ++++
source/smbd/oplock_linux.c | 48 +------------------------------------------
3 files changed, 9 insertions(+), 47 deletions(-)
diff --git a/source/include/smb.h b/source/include/smb.h
index d6b026d..38d9b7b 100644
--- a/source/include/smb.h
+++ b/source/include/smb.h
@@ -1703,7 +1703,8 @@ minimum length == 18.
enum smbd_capability {
KERNEL_OPLOCK_CAPABILITY,
- DMAPI_ACCESS_CAPABILITY
+ DMAPI_ACCESS_CAPABILITY,
+ LEASE_CAPABILITY
};
/* if a kernel does support oplocks then a structure of the following
diff --git a/source/lib/system.c b/source/lib/system.c
index fa50955..eabb6d6 100644
--- a/source/lib/system.c
+++ b/source/lib/system.c
@@ -733,6 +733,11 @@ static bool set_process_capability(enum smbd_capability capability,
cap_vals[num_cap_vals++] = CAP_MKNOD;
#endif
break;
+ case LEASE_CAPABILITY:
+#ifdef CAP_LEASE
+ cap_vals[num_cap_vals++] = CAP_LEASE;
+#endif
+ break;
}
SMB_ASSERT(num_cap_vals <= ARRAY_SIZE(cap_vals));
diff --git a/source/smbd/oplock_linux.c b/source/smbd/oplock_linux.c
index fa7cb42..08df228 100644
--- a/source/smbd/oplock_linux.c
+++ b/source/smbd/oplock_linux.c
@@ -22,22 +22,6 @@
#if HAVE_KERNEL_OPLOCKS_LINUX
-/* these can be removed when they are in glibc headers */
-struct cap_user_header {
- uint32 version;
- int pid;
-} header;
-struct cap_user_data {
- uint32 effective;
- uint32 permitted;
- uint32 inheritable;
-} data;
-
-extern int capget(struct cap_user_header * hdrp,
- struct cap_user_data * datap);
-extern int capset(struct cap_user_header * hdrp,
- const struct cap_user_data * datap);
-
static SIG_ATOMIC_T signals_received;
#define FD_PENDING_SIZE 100
static SIG_ATOMIC_T fd_pending_array[FD_PENDING_SIZE];
@@ -75,40 +59,12 @@ static void signal_handler(int sig, siginfo_t *info, void *unused)
sys_select_signal(RT_SIGNAL_LEASE);
}
-/****************************************************************************
- Try to gain a linux capability.
-****************************************************************************/
-
-static void set_capability(unsigned capability)
-{
-#ifndef _LINUX_CAPABILITY_VERSION
-#define _LINUX_CAPABILITY_VERSION 0x19980330
-#endif
- header.version = _LINUX_CAPABILITY_VERSION;
- header.pid = 0;
-
- if (capget(&header, &data) == -1) {
- DEBUG(3,("Unable to get kernel capabilities (%s)\n",
- strerror(errno)));
- return;
- }
-
- if (0 == (data.effective & (1<<capability))) {
- data.effective |= (1<<capability);
-
- if (capset(&header, &data) == -1) {
- DEBUG(3,("Unable to set %d capability (%s)\n",
- capability, strerror(errno)));
- }
- }
-}
-
/*
* public function to get linux lease capability. Needed by some VFS modules (eg. gpfs.c)
*/
void linux_set_lease_capability(void)
{
- set_capability(CAP_LEASE);
+ set_effective_capability(LEASE_CAPABILITY);
}
/*
@@ -136,7 +92,7 @@ int linux_setlease(int fd, int leasetype)
ret = fcntl(fd, F_SETLEASE, leasetype);
if (ret == -1 && errno == EACCES) {
- set_capability(CAP_LEASE);
+ set_effective_capability(LEASE_CAPABILITY);
ret = fcntl(fd, F_SETLEASE, leasetype);
}

42
samba-3.2.0rc1-server.diff
View File

@ -1,42 +0,0 @@
commit 779a3af0cd3ecbf82e3de16a4e0aec046c19d869
Author: Volker Lendecke <vl@samba.org>
Date: Fri May 30 11:46:34 2008 +0200
Fix security=server, bug 5502
This has brown paper bag quality and is definitely needed for 3.2.0.
Thanks to Orion Poplawski for reporting this!
Volker
diff --git a/source/auth/auth_server.c b/source/auth/auth_server.c
index b07884c..31d1d37 100644
--- a/source/auth/auth_server.c
+++ b/source/auth/auth_server.c
@@ -270,13 +270,15 @@ static NTSTATUS check_smbserver_security(const struct auth_context *auth_context
const auth_usersupplied_info *user_info,
auth_serversupplied_info **server_info)
{
+ struct server_security_state *state = talloc_get_type_abort(
+ my_private_data, struct server_security_state);
struct cli_state *cli;
static bool tested_password_server = False;
static bool bad_password_server = False;
NTSTATUS nt_status = NT_STATUS_NOT_IMPLEMENTED;
bool locally_made_cli = False;
- cli = (struct cli_state *)my_private_data;
+ cli = state->cli;
if (cli) {
} else {
@@ -285,7 +287,7 @@ static NTSTATUS check_smbserver_security(const struct auth_context *auth_context
}
if (!cli || !cli->initialised) {
- DEBUG(1,("password server is not connected (cli not initilised)\n"));
+ DEBUG(1,("password server is not connected (cli not initialised)\n"));
return NT_STATUS_LOGON_FAILURE;
}

315
samba-CVE-2008-1105.diff
View File

@ -1,315 +0,0 @@
diff --git a/source/client/client.c b/source/client/client.c
index e08fa89..d684ba8 100644
--- a/source/client/client.c
+++ b/source/client/client.c
@@ -4382,7 +4382,7 @@ static void readline_callback(void)
set_smb_read_error(&cli->smb_rw_error, SMB_READ_OK);
- status = receive_smb_raw(cli->fd, cli->inbuf, 0, 0, &len);
+ status = receive_smb_raw(cli->fd, cli->inbuf, cli->bufsize, 0, 0, &len);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, ("Read from server failed, maybe it closed "
diff --git a/source/lib/util_sock.c b/source/lib/util_sock.c
index f252377..df89dc8 100644
--- a/source/lib/util_sock.c
+++ b/source/lib/util_sock.c
@@ -1160,7 +1160,7 @@ NTSTATUS read_smb_length(int fd, char *inbuf, unsigned int timeout,
Doesn't check the MAC on signed packets.
****************************************************************************/
-NTSTATUS receive_smb_raw(int fd, char *buffer, unsigned int timeout,
+NTSTATUS receive_smb_raw(int fd, char *buffer, size_t buflen, unsigned int timeout,
size_t maxlen, size_t *p_len)
{
size_t len;
@@ -1173,17 +1173,10 @@ NTSTATUS receive_smb_raw(int fd, char *buffer, unsigned int timeout,
return status;
}
- /*
- * A WRITEX with CAP_LARGE_WRITEX can be 64k worth of data plus 65 bytes
- * of header. Don't print the error if this fits.... JRA.
- */
-
- if (len > (BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE)) {
+ if (len > buflen) {
DEBUG(0,("Invalid packet length! (%lu bytes).\n",
(unsigned long)len));
- if (len > BUFFER_SIZE + (SAFETY_MARGIN/2)) {
- return NT_STATUS_INVALID_PARAMETER;
- }
+ return NT_STATUS_INVALID_PARAMETER;
}
if(len > 0) {
diff --git a/source/libsmb/clientgen.c b/source/libsmb/clientgen.c
index 6419123..2af4383 100644
--- a/source/libsmb/clientgen.c
+++ b/source/libsmb/clientgen.c
@@ -57,8 +57,7 @@ int cli_set_port(struct cli_state *cli, int port)
}
/****************************************************************************
- Read an smb from a fd ignoring all keepalive packets. Note that the buffer
- *MUST* be of size BUFFER_SIZE+SAFETY_MARGIN.
+ Read an smb from a fd ignoring all keepalive packets.
The timeout is in milliseconds
This is exactly the same as receive_smb except that it never returns
@@ -76,8 +75,8 @@ static ssize_t client_receive_smb(struct cli_state *cli, size_t maxlen)
set_smb_read_error(&cli->smb_rw_error, SMB_READ_OK);
- status = receive_smb_raw(cli->fd, cli->inbuf, cli->timeout,
- maxlen, &len);
+ status = receive_smb_raw(cli->fd, cli->inbuf, cli->bufsize,
+ cli->timeout, maxlen, &len);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(10,("client_receive_smb failed\n"));
show_msg(cli->inbuf);
@@ -225,93 +224,6 @@ ssize_t cli_receive_smb_data(struct cli_state *cli, char *buffer, size_t len)
return -1;
}
-/****************************************************************************
- Read a smb readX header.
- We can only use this if encryption and signing are off.
-****************************************************************************/
-
-bool cli_receive_smb_readX_header(struct cli_state *cli)
-{
- ssize_t len, offset;
-
- if (cli->fd == -1)
- return false;
-
- again:
-
- /* Read up to the size of a readX header reply. */
- len = client_receive_smb(cli, (smb_size - 4) + 24);
-
- if (len > 0) {
- /* it might be an oplock break request */
- if (!(CVAL(cli->inbuf, smb_flg) & FLAG_REPLY) &&
- CVAL(cli->inbuf,smb_com) == SMBlockingX &&
- SVAL(cli->inbuf,smb_vwv6) == 0 &&
- SVAL(cli->inbuf,smb_vwv7) == 0) {
- ssize_t total_len = smb_len(cli->inbuf);
-
- if (total_len > CLI_SAMBA_MAX_LARGE_READX_SIZE+SAFETY_MARGIN) {
- goto read_err;
- }
-
- /* Read the rest of the data. */
- if ((total_len - len > 0) &&
- !cli_receive_smb_data(cli,cli->inbuf+len,total_len - len)) {
- goto read_err;
- }
-
- if (cli->oplock_handler) {
- int fnum = SVAL(cli->inbuf,smb_vwv2);
- unsigned char level = CVAL(cli->inbuf,smb_vwv3+1);
- if (!cli->oplock_handler(cli, fnum, level)) return false;
- }
- /* try to prevent loops */
- SCVAL(cli->inbuf,smb_com,0xFF);
- goto again;
- }
- }
-
- /* If it's not the above size it probably was an error packet. */
-
- if ((len == (smb_size - 4) + 24) && !cli_is_error(cli)) {
- /* Check it's a non-chained readX reply. */
- if (!(CVAL(cli->inbuf, smb_flg) & FLAG_REPLY) ||
- (CVAL(cli->inbuf,smb_vwv0) != 0xFF) ||
- (CVAL(cli->inbuf,smb_com) != SMBreadX)) {
- /*
- * We're not coping here with asnyc replies to
- * other calls. Punt here - we need async client
- * libs for this.
- */
- goto read_err;
- }
-
- /*
- * We know it's a readX reply - ensure we've read the
- * padding bytes also.
- */
-
- offset = SVAL(cli->inbuf,smb_vwv6);
- if (offset > len) {
- ssize_t ret;
- size_t padbytes = offset - len;
- ret = cli_receive_smb_data(cli,smb_buf(cli->inbuf),padbytes);
- if (ret != padbytes) {
- goto read_err;
- }
- }
- }
-
- return true;
-
- read_err:
-
- cli->smb_rw_error = SMB_READ_ERROR;
- close(cli->fd);
- cli->fd = -1;
- return false;
-}
-
static ssize_t write_socket(int fd, const char *buf, size_t len)
{
ssize_t ret=0;
diff --git a/source/libsmb/clireadwrite.c b/source/libsmb/clireadwrite.c
index 12ba4b7..487f446 100644
--- a/source/libsmb/clireadwrite.c
+++ b/source/libsmb/clireadwrite.c
@@ -472,106 +472,6 @@ ssize_t cli_read(struct cli_state *cli, int fnum, char *buf,
return ret;
}
-#if 0 /* relies on client_receive_smb(), now a static in libsmb/clientgen.c */
-
-/* This call is INCOMPATIBLE with SMB signing. If you remove the #if 0
- you must fix ensure you don't attempt to sign the packets - data
- *will* be currupted */
-
-/****************************************************************************
-Issue a single SMBreadraw and don't wait for a reply.
-****************************************************************************/
-
-static bool cli_issue_readraw(struct cli_state *cli, int fnum, off_t offset,
- size_t size, int i)
-{
-
- if (!cli->sign_info.use_smb_signing) {
- DEBUG(0, ("Cannot use readraw and SMB Signing\n"));
- return False;
- }
-
- memset(cli->outbuf,'\0',smb_size);
- memset(cli->inbuf,'\0',smb_size);
-
- cli_set_message(cli->outbuf,10,0,True);
-
- SCVAL(cli->outbuf,smb_com,SMBreadbraw);
- SSVAL(cli->outbuf,smb_tid,cli->cnum);
- cli_setup_packet(cli);
-
- SSVAL(cli->outbuf,smb_vwv0,fnum);
- SIVAL(cli->outbuf,smb_vwv1,offset);
- SSVAL(cli->outbuf,smb_vwv2,size);
- SSVAL(cli->outbuf,smb_vwv3,size);
- SSVAL(cli->outbuf,smb_mid,cli->mid + i);
-
- return cli_send_smb(cli);
-}
-
-/****************************************************************************
- Tester for the readraw call.
-****************************************************************************/
-
-ssize_t cli_readraw(struct cli_state *cli, int fnum, char *buf, off_t offset, size_t size)
-{
- char *p;
- int size2;
- size_t readsize;
- ssize_t total = 0;
-
- if (size == 0)
- return 0;
-
- /*
- * Set readsize to the maximum size we can handle in one readraw.
- */
-
- readsize = 0xFFFF;
-
- while (total < size) {
- readsize = MIN(readsize, size-total);
-
- /* Issue a read and receive a reply */
-
- if (!cli_issue_readraw(cli, fnum, offset, readsize, 0))
- return -1;
-
- if (!client_receive_smb(cli->fd, cli->inbuf, cli->timeout))
- return -1;
-
- size2 = smb_len(cli->inbuf);
-
- if (size2 > readsize) {
- DEBUG(5,("server returned more than we wanted!\n"));
- return -1;
- } else if (size2 < 0) {
- DEBUG(5,("read return < 0!\n"));
- return -1;
- }
-
- /* Copy data into buffer */
-
- if (size2) {
- p = cli->inbuf + 4;
- memcpy(buf + total, p, size2);
- }
-
- total += size2;
- offset += size2;
-
- /*
- * If the server returned less than we asked for we're at EOF.
- */
-
- if (size2 < readsize)
- break;
- }
-
- return total;
-}
-#endif
-
/****************************************************************************
Issue a single SMBwrite and don't wait for a reply.
****************************************************************************/
diff --git a/source/smbd/process.c b/source/smbd/process.c
index 5946989..ed34e9b 100644
--- a/source/smbd/process.c
+++ b/source/smbd/process.c
@@ -120,9 +120,7 @@ static bool valid_packet_size(size_t len)
if (len > (BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE)) {
DEBUG(0,("Invalid packet length! (%lu bytes).\n",
(unsigned long)len));
- if (len > BUFFER_SIZE + (SAFETY_MARGIN/2)) {
- return false;
- }
+ return false;
}
return true;
}
diff --git a/source/utils/smbfilter.c b/source/utils/smbfilter.c
index e128e1c..d274e09 100644
--- a/source/utils/smbfilter.c
+++ b/source/utils/smbfilter.c
@@ -171,7 +171,8 @@ static void filter_child(int c, struct sockaddr_storage *dest_ss)
if (c != -1 && FD_ISSET(c, &fds)) {
size_t len;
if (!NT_STATUS_IS_OK(receive_smb_raw(
- c, packet, 0, 0, &len))) {
+ c, packet, sizeof(packet),
+ 0, 0, &len))) {
d_printf("client closed connection\n");
exit(0);
}
@@ -184,7 +185,8 @@ static void filter_child(int c, struct sockaddr_storage *dest_ss)
if (s != -1 && FD_ISSET(s, &fds)) {
size_t len;
if (!NT_STATUS_IS_OK(receive_smb_raw(
- s, packet, 0, 0, &len))) {
+ s, packet, sizeof(packet),
+ 0, 0, &len))) {
d_printf("server closed connection\n");
exit(0);
}

19
samba.spec
View File

@ -1,5 +1,5 @@
%define main_release 15
%define samba_version 3.2.0rc1
%define main_release 16
%define samba_version 3.2.0rc2
%define tdb_version 1.1.1
%define talloc_version 1.2.0
@ -7,13 +7,13 @@ Summary: The Samba Suite of programs
Name: samba
Epoch: 0
Version: 3.2.0
Release: 1.rc1.%{main_release}%{?dist}
Release: 1.rc2.%{main_release}%{?dist}
License: GPLv3+ and LGPLv3+
Group: System Environment/Daemons
URL: http://www.samba.org/
#TAG: change for non-pre
Source: http://download.samba.org/samba/ftp/rc/%{name}-%{version}rc1.tar.gz
Source: http://download.samba.org/samba/ftp/rc/%{name}-%{version}rc2.tar.gz
#Source: http://www.samba.org/samba/ftp/samba/%{name}-%{version}.tar.gz
# Red Hat specific replacement-files
@ -46,9 +46,6 @@ Patch107: samba-3.2.0pre1-grouppwd.patch
Patch110: samba-3.0.21pre1-smbspool.patch
Patch111: samba-3.0.13-smbclient.patch
Patch200: samba-3.0.25rc1-inotifiy.patch
Patch220: samba-3.2.0rc1-capget.diff
Patch221: samba-CVE-2008-1105.diff
Patch222: samba-3.2.0rc1-server.diff
Requires(pre): samba-common = %{epoch}:%{version}-%{release}
Requires: pam >= 0:0.64
@ -255,9 +252,6 @@ cp %{SOURCE11} packaging/Fedora/
#%patch110 -p1 -b .smbspool # FIXME: does not apply
#%patch111 -p1 -b .smbclient # FIXME: does not apply
#%patch200 -p0 -b .inotify # FIXME: does not compile
%patch220 -p1 -b .capget
%patch221 -p1 -b .CVE-2008-1105
%patch222 -p1 -b .server
mv source/VERSION source/VERSION.orig
sed -e 's/SAMBA_VERSION_VENDOR_SUFFIX=$/&\"%{release}\"/' < source/VERSION.orig > source/VERSION
@ -852,6 +846,11 @@ exit 0
%{_datadir}/pixmaps/samba/logo-small.png
%changelog
* Tue Jun 10 2008 Guenther Deschner <gdeschner@redhat.com> - 3.2.0-1.rc2.16
- Update to 3.2.0rc2
- resolves: #449522
- resolves: #448107
* Fri May 30 2008 Guenther Deschner <gdeschner@redhat.com> - 3.2.0-1.rc1.15
- Fix security=server
- resolves: #449038, #449039

2
sources
View File

@ -1 +1 @@
df46b81d4921136af3aaade65c054d31 samba-3.2.0rc1.tar.gz
a58610bfa60a1f555bae3cd31dacd955 samba-3.2.0rc2.tar.gz