samba.git/client, branch master Unnamed repository; edit this file 'description' to name the repository. samba: remove Linux cifs-utils files from samba master branch 2010-03-08T20:05:05+00:00 Jeff Layton jlayton@redhat.com 2010-03-08T20:05:05+00:00 8a76352544ccbac7e9aca2c3357256a01493cc7b This patch removes all of the files from the samba tree that should now be provided by the cifs-utils package. It also drops a "README.cifs-utils" into the topdir with a URL to the main cifs-utils webpage. This is for people who don't want the lists and might be taken by surprise by the change. That's optional, but I think it's a good idea for a least a release or two. Signed-off-by: Jeff Layton <jlayton@samba.org> 
This patch removes all of the files from the samba tree that should now
be provided by the cifs-utils package. It also drops a
"README.cifs-utils" into the topdir with a URL to the main cifs-utils
webpage. This is for people who don't want the lists and might be taken
by surprise by the change. That's optional, but I think it's a good idea
for a least a release or two.

Signed-off-by: Jeff Layton <jlayton@samba.org>
cifs.upcall: allocate a talloc context for smb_krb5_unparse_name 2010-02-17T11:15:50+00:00 Jeff Layton jlayton@redhat.com 2010-02-16T14:16:42+00:00 a8cc2fa09ed43a167f62711bef363a5ac335dc78 cifs.upcall calls smb_krb5_unparse_name with a NULL talloc context. Older versions of this function though will conditionally use SMB_REALLOC instead of TALLOC_REALLOC when a NULL context is passed in. To make it more consistent, just spawn a talloc context that we can pass into this function. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=565446 https://bugzilla.samba.org/show_bug.cgi?id=6868 Reported-by: Ludek Finstrle <luf@seznam.cz> Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Günther Deschner <gd@samba.org> 
cifs.upcall calls smb_krb5_unparse_name with a NULL talloc context.
Older versions of this function though will conditionally use
SMB_REALLOC instead of TALLOC_REALLOC when a NULL context is passed
in. To make it more consistent, just spawn a talloc context that
we can pass into this function.

Resolves:
https://bugzilla.redhat.com/show_bug.cgi?id=565446
https://bugzilla.samba.org/show_bug.cgi?id=6868

Reported-by: Ludek Finstrle <luf@seznam.cz>
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Günther Deschner <gd@samba.org>
Fix const warning. 2010-01-29T22:36:36+00:00 Jeremy Allison jra@samba.org 2010-01-29T22:36:36+00:00 ce73f91ee2681862e26e84e5572336d84cf341c4 Jeremy 
Jeremy
mount.cifs: don't allow it to be run as setuid root program 2010-01-26T13:15:41+00:00 Jeff Layton jlayton@redhat.com 2010-01-26T13:15:41+00:00 a0c31ec1c8d1220a5884e40d9ba6b191a04a24d5 mount.cifs has been the subject of several "security" fire drills due to distributions installing it as a setuid root program. This program has not been properly audited for security and the Samba team highly recommends that it not be installed as a setuid root program at this time. To make that abundantly clear, this patch forcibly disables the ability for mount.cifs to run as a setuid root program. People are welcome to trivially patch this out, but they do so at their own peril. A security audit and redesign of this program is in progress and we hope that we'll be able to remove this in the near future. Signed-off-by: Jeff Layton <jlayton@redhat.com> 
mount.cifs has been the subject of several "security" fire drills due to
distributions installing it as a setuid root program. This program has
not been properly audited for security and the Samba team highly
recommends that it not be installed as a setuid root program at this
time.

To make that abundantly clear, this patch forcibly disables the ability
for mount.cifs to run as a setuid root program. People are welcome to
trivially patch this out, but they do so at their own peril.

A security audit and redesign of this program is in progress and we hope
that we'll be able to remove this in the near future.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
mount.cifs: check for invalid characters in device name and mountpoint 2010-01-26T13:15:41+00:00 Jeff Layton jlayton@redhat.com 2010-01-26T13:15:41+00:00 a065c177dfc8f968775593ba00dffafeebb2e054 It's apparently possible to corrupt the mtab if you pass embedded newlines to addmntent. Apparently tabs are also a problem with certain earlier glibc versions. Backslashes are also a minor issue apparently, but we can't reasonably filter those. Make sure that neither the devname or mountpoint contain any problematic characters before allowing the mount to proceed. Signed-off-by: Jeff Layton <jlayton@redhat.com> 
It's apparently possible to corrupt the mtab if you pass embedded
newlines to addmntent. Apparently tabs are also a problem with certain
earlier glibc versions. Backslashes are also a minor issue apparently,
but we can't reasonably filter those.

Make sure that neither the devname or mountpoint contain any problematic
characters before allowing the mount to proceed.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
mount.cifs: take extra care that mountpoint isn't changed during mount 2010-01-26T13:15:41+00:00 Jeff Layton jlayton@redhat.com 2010-01-26T13:15:41+00:00 3ae5dac462c4ed0fb2cd94553583c56fce2f9d80 It's possible to trick mount.cifs into mounting onto the wrong directory by replacing the mountpoint with a symlink to a directory. mount.cifs attempts to check the validity of the mountpoint, but there's still a possible race between those checks and the mount(2) syscall. To guard against this, chdir to the mountpoint very early, and only deal with it as "." from then on out. Signed-off-by: Jeff Layton <jlayton@redhat.com> 
It's possible to trick mount.cifs into mounting onto the wrong directory
by replacing the mountpoint with a symlink to a directory. mount.cifs
attempts to check the validity of the mountpoint, but there's still a
possible race between those checks and the mount(2) syscall.

To guard against this, chdir to the mountpoint very early, and only deal
with it as "." from then on out.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
s3-kerberos: only use krb5 headers where required. 2009-11-27T15:36:00+00:00 Günther Deschner gd@samba.org 2009-11-27T14:52:57+00:00 04f8c229de7ffad5f4ec1a0bb68c2c8b4ccf4e15 This seems to be the only way to deal with mixed heimdal/MIT setups during merged build. Guenther 
This seems to be the only way to deal with mixed heimdal/MIT setups during
merged build.

Guenther
cifs.upcall: 2nd part of fix for Bug #6868: support building with Heimdal we well as with MIT. 2009-11-25T16:58:52+00:00 Günther Deschner gd@samba.org 2009-11-25T14:06:19+00:00 660ee2e74523194e5f6b2b6428d76628beb74717 Guenther 
Guenther
mount.cifs: Fix a const error 2009-11-21T19:49:16+00:00 Volker Lendecke vl@samba.org 2009-11-21T18:03:45+00:00 b2db4c51625077569ccc0fdf39471a67c3646066 






cifs.upcall: Fix Bug #6868: support building with Heimdal we well as with MIT.
2009-11-12T09:22:39+00:00

Günther Deschner
gd@samba.org

2009-11-11T23:52:38+00:00

b29eed492f1c056adb0b53510be10e738276ca11

Guenther





Guenther