summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* s3: Fix crash in pam_winbind, another reference to freed memory.Bo Yang2009-10-261-3/+7
| | | | | | | | Fix bug #6840. Signed-off-by: Bo Yang <boyang@samba.org> (cherry picked from commit b9a3f1dd85d168c15df846dba525f4f882d1acf8) (cherry picked from commit a0fbf067011ae50d63c6ed2a79f1ff00c2ce2d11)
* Fix bug 6829 - smbclient does not show special characters properly. All ↵Jeremy Allison2009-10-262-0/+17
| | | | | | successful calls to cli_session_setup() *must* be followed by calls to cli_init_creds() to stash the credentials we successfully connected with. There were 2 codepaths where this was missing. This caused smbclient to be unable to open the \srvsvc pipe to do an RPC netserverenum, and cause it to fall back to a RAP netserverenum, which uses DOS codepage conversion rather than the full UCS2 of RPC, so the returned characters were not correct (unless the DOS codepage was set correctly). Phew. That was fun to track down :-). Includes logic simplification in libsmb_server.c Jeremy. (cherry picked from commit 587ca743bf1491e97c984ce4bec5a9bd0a1ae69a)
* Fix bug 6828 - infinite timeout occurs when byte lock held outside of samba ↵Jeremy Allison2009-10-261-8/+18
| | | | | | Jeremy. (cherry picked from commit a572c28ca3daa199d78fc340819c5c9ff53a3ed6)
* s3: Don't fail authentication when one or some group of ↵Bo Yang2009-10-261-2/+23
| | | | | | | | | | require-membership-of is invalid. Signed-off-by: Bo Yang <boyang@samba.org> (cherry picked from commit 31f1a36901b5b8959dc51401c09c114829b50392) Fix bug #6826. (cherry picked from commit f383e5f549f9f2075a064ba3d88fa9b34c5e3389)
* WHATSNEW: Update changes since 3.4.2.Karolin Seeger2009-10-221-2/+86
| | | | | Karolin (cherry picked from commit 8e55d149ab4de1a769a8a720e6f432476e719055)
* s3:docs: Add info about how to obtain cifs module in cifs mount helper manpageVolker Lendecke2009-10-201-0/+8
| | | | | | | (cherry picked from commit a224392649ffb81dc1d67f41a01dd983b76d513b) Fixes bug #5129. (cherry picked from commit 646f0534acf0c480a61e0a02d1d815347b5e6d52)
* s3-spnego: Fix Bug #6815. Windows 2008 R2 SPNEGO negTokenTarg parsing failure.Günther Deschner2009-10-202-20/+17
| | | | | | | | | When parsing a SPNEGO session setup retry (falling back from KRB5 to NTLMSSP), we failed to parse the ASN1_ENUMERATED negResult in the negTokenTarg, thus failing spnego_parse_auth() completely. Guenther (cherry picked from commit 78ba2e1b9e5a63443f4cd51d34c16bc7cc9c6941)
* s3-spnego: avoid NULL talloc context in read_spnego_data().Günther Deschner2009-10-203-18/+18
| | | | | Guenther (cherry picked from commit a830aa269f44e28a2390e162adbb2e26092f179b)
* WHATSNEW: Start release notes for Samba 3.4.3.Karolin Seeger2009-10-201-2/+48
| | | | | Karolin (cherry picked from commit e97037236fb82bd990382301fbab20e8d44e9371)
* VERSION: Raise version number up to 3.4.3.Karolin Seeger2009-10-201-1/+1
| | | | | Karolin (cherry picked from commit de5151e59f2e060938b957b074e3d0dabd60161c)
* s3:configure: fix avahi activationBjörn Jacke2009-10-201-4/+4
| | | | | | | | Avahi was correctly found but not activated since e4a26c942. (cherry picked from commit 718d2801d6bafedfe91d7b475294d69e2d6a77a4) Fix bug #6824. (cherry picked from commit f1023e5f6252bc8efa732f519ec9588deed6c774)
* Fix symlink calls in all vfs modules.Jeremy Allison2009-10-207-14/+78
| | | | | Additional patch to fix bug #6769. (cherry picked from commit d8c7a5aafe0c17c69013766022418edcec481f8c)
* s3:packaging: Fix building RHEL packages.Karolin Seeger2009-10-202-6/+23
| | | | | | | | | | Fix bug #6721. Thanks to Eero Volotinen <eero.volotinen@medicel.com> for providing the patch! Karolin (cherry picked from commit 79c2c61b99eb7c47c8bfbbb479d9d2197d1ad1fb) (cherry picked from commit 11a6d88ea387fa50690880561f0ffffefbeb8956) (cherry picked from commit ece84bf7a8066999ac7198e7625a4d1a8fddb91b)
* cifs.upcall: do a brute-force search for KRB5 credcacheJeff Layton2009-10-201-46/+138
| | | | | | | | | | | | | | | | | | | | | | | A few weeks ago, I added some code to cifs.upcall to take the pid sent by the kernel and use that to get the value of the $KRB5CCNAME environment var for the process. That works fine on the initial mount, but could be problematic on reconnect. There's no guarantee on a reconnect that the process that initiates the upcall will have $KRB5CCNAME pointed at the correct credcache. Because of this, the current scheme isn't going to be reliable enough and we need to use something different. This patch replaces that scheme with one very similar to the one used by rpc.gssd in nfs-utils. It searches the credcache dir (currently hardcoded to /tmp) for a valid credcache for the given uid. If it finds one then it uses that as the credentials cache. If it finds more than one, it uses the one with the latest TGT expiration. Signed-off-by: Jeff Layton <jlayton@redhat.com> Addresses bug #6810. (cherry picked from commit 5df191a5fdad480d00d278c7f5046c6f0b80e386)
* cifs.upcall: make using ip address conditional on new optionJeff Layton2009-10-202-27/+50
| | | | | | | | | | | | | | | | Igor Mammedov pointed out that reverse resolving an IP address to get the hostname portion of a principal could open a possible attack vector. If an attacker were to gain control of DNS, then he could redirect the mount to a server of his choosing, and fix the reverse resolution to point to a hostname of his choosing (one where he has the key for the corresponding cifs/ or host/ principal). That said, we often trust DNS for other reasons and it can be useful to do so. Make the code that allows trusting DNS to be enabled by adding --trust-dns to the cifs.upcall invocation. Signed-off-by: Jeff Layton <jlayton@redhat.com> (cherry picked from commit f3b2402a737ff0a7e80a03ade9f57d65dabdc7eb)
* cifs.upcall: switch to getopt_longJeff Layton2009-10-201-1/+7
| | | | | | | ...to allow long option names. Signed-off-by: Jeff Layton <jlayton@redhat.com> (cherry picked from commit d95570b60832e980f0ff6bad96a3a45a7ba9789a)
* cifs.upcall: fix IPv6 addrs sent to upcall to have colon delimitersJeff Layton2009-10-201-4/+29
| | | | | | | | Current kernels don't send IPv6 addresses with the colon delimiters, add a routine to add them when they're not present. Signed-off-by: Jeff Layton <jlayton@redhat.com> (cherry picked from commit 00f298804be8f561e6ed584fcd516634ec74c4d7)
* cifs.upcall: use ip address passed by kernel to get server's hostnameJeff Layton2009-10-201-12/+56
| | | | | | | | | Instead of using the hostname given by the upcall to get the server's principal, take the IP address given in the upcall and reverse resolve it to a hostname. Signed-off-by: Jeff Layton <jlayton@redhat.com> (cherry picked from commit 95d7a6d7699604ec1b5b0e90b341c57c2d3c55c2)
* cifs.upcall: clean up flag handlingJeff Layton2009-10-201-10/+10
| | | | | | | | | | | Add a new stack var to hold the flags returned by the decoder routine so that we don't need to worry so much about preserving "rc". With this, we can drop privs before trying to find the location of the credcache. Signed-off-by: Jeff Layton <jlayton@redhat.com> (cherry picked from commit 531a2f482d7519122f79d9d8049a96f63d361a2f)
* cifs.upcall: try getting a "cifs/" principal and fall back to "host/"Jeff Layton2009-10-202-14/+18
| | | | | | | | | | | | | | cifs.upcall takes a "-c" flag that tells the upcall to get a principal in the form of "cifs/hostname.example.com@REALM" instead of "host/hostname.example.com@REALM". This has turned out to be a source of great confusion for users. Instead of requiring this flag, have the upcall try to get a "cifs/" principal first. If that fails, fall back to getting a "host/" principal. Signed-off-by: Jeff Layton <jlayton@redhat.com> (cherry picked from commit edca7df0dd43ee1d7ae2fc4954470efdf64a4d8e)
* cifs.upcall: declare a structure for holding decoded argsJeff Layton2009-10-201-30/+33
| | | | | | | | | The argument list for the decoder is becoming rather long. Declare an args structure and use that for holding the args. This also simplifies pointer handling a bit. Signed-off-by: Jeff Layton <jlayton@redhat.com> (cherry picked from commit 3eac202b211b382ebe299538647cbbd7d0c803b1)
* cifs.upcall: formatting cleanupJeff Layton2009-10-201-47/+37
| | | | | | | Clean up some unneeded curly braces, and fix some indentation. Signed-off-by: Jeff Layton <jlayton@redhat.com> (cherry picked from commit 8bf083788bed03fdc7b535595eea8ce83a6f15f9)
* cifs.upcall: clean up logging and add debug messagesJeff Layton2009-10-201-32/+47
| | | | | | | | | | | | | Change the log levels to be more appropriate to the messages being logged. Error messages should be LOG_ERR and not LOG_WARNING, for instance. Add some LOG_DEBUG messages that we can use to diagnose problems with krb5 upcalls. With these, someone can set up syslog to log daemon.debug and should be able to get more info when things aren't working. Signed-off-by: Jeff Layton <jlayton@redhat.com> (cherry picked from commit 7c7bb1572c86767658852426e6eb7de901b1cab2)
* Attempt to fix the build -- jlayton, please check!Volker Lendecke2009-10-201-1/+1
| | | | (cherry picked from commit 78b53b878a7871ea0ef311317da561008ad07e08)
* cifs.upcall: use pid value from kernel to determine KRB5CCNAME to useJeff Layton2009-10-201-12/+75
| | | | | | | | | If the kernel sends the upcall a pid of the requesting process, we can open that process' /proc/<pid>/environ file and scrape the KRB5CCNAME value out of it. Signed-off-by: Jeff Layton <jlayton@redhat.com> (cherry picked from commit 416f92e3ae739d6ba6593c8e9c43192e4671fc77)
* Final part of fix for bug 6793 - winbindd crash with "INTERNAL ERROR: Signal ↵Jeremy Allison2009-10-201-0/+2
| | | | | | 6" Don't use mapped_user uninitialized. Jeremy. (cherry picked from commit 85ee2971db36455d908066eae2630925081792c9)
* s3/aio: Correctly handle aio_error() and errno.Olaf Flebbe2009-10-201-32/+26
| | | | | Fix bug #6805. (cherry picked from commit dd28b7850c7ace008558571caee9679ff97a5e91)
* Fix bug 6811 - pam_winbind references freed memory. s3: Fix reference to ↵Bo Yang2009-10-201-3/+4
| | | | | | freed memory in pam_winbind. (cherry picked from commit 106e3d5bdb1683d53b5525e3fe2e9e2d9de27e2c)
* s3: Fix bug 6606Volker Lendecke2009-10-201-25/+164
| | | | | | | This is a port of 1f34ffa0caae5 and 24309bdb2efc to 3.4. Fix file corruption using smbclient with NT4 server. (cherry picked from commit c685beb091cb0fedfb3f64bcc2ec2beb00fc9328)
* s3:winbind: Fix a double-freeVolker Lendecke2009-10-201-1/+0
| | | | | Part of a fix for bug #6793. (cherry picked from commit 0fc64947526f4eea896fd83b01194e40416d15f4)
* s3:winbind: Fix bug 6793 -- segfault in winbindd_pam_authVolker Lendecke2009-10-201-7/+6
| | | | (cherry picked from commit 2e478cc8c31bc60325a8e01885222d1db29ca21c)
* s3:net: Fix a segfault in "net rpc trustdom list" for overlong domain namesVolker Lendecke2009-10-201-8/+2
| | | | | | | | That was a complicated way to say "%-20.s"... But that code was from 2002 ... (cherry picked from commit 8a27fdea89bc54aa35e363a376836662103c7cb7) Fix Bug #6807. (cherry picked from commit aa5a43143f26dee14dc1efe2a979a6701ddc650b)
* s3/loadparm: Fix hpux compiler issue.Olaf Flebbe2009-10-201-0/+4
| | | | | Fixes bug #6804. (cherry picked from commit bf64668cb114ca7afdc81545d229bcb73b59c8f6)
* s3: Fix a memleak reported by dmarkeyVolker Lendecke2009-10-201-0/+4
| | | | | | | (cherry picked from commit 5aeb954ba9382e1975c64ac96f1e377ed6af3ae0) Fix bug #6797. (cherry picked from commit a5e71f765927de5aa2a8e6a21cc297d274e8a1c2)
* Fix bug 6796 - Deleting an event context on shutdown can cause smbd to crash.Jeremy Allison2009-10-201-8/+2
| | | | | | | | Sync's tevent signal code with 3.5.x tree. Protects against ev pointer being NULL. Jeremy (cherry picked from commit 56290654c0c2056c31e0b348ba0d01e5c28ba89b)
* Fix bug 6774 - smbd crashes if "aio write behind" is set.Jeremy Allison2009-10-201-1/+1
| | | | | | | Don't dereference a talloc_move'd pointer. Jeremy. (cherry picked from commit 951991df2976b5f8f57c0418257d9d817ebda661)
* s3/aio: allow for outstanding_aio_calls to be decremented.Olaf Flebbe2009-10-201-2/+4
| | | | | Fixes bug #6772. (cherry picked from commit a13f8bf949300079419cd86982012212323fcb65)
* s3/Makefile: BUG 6791: Fix link order for libwbclient.Karolin Seeger2009-10-201-3/+3
| | | | | | | Patch was provided by Buchan Milne <bgmilne@mandriva.org>. Signed-off-by: Björn Jacke <bj@sernet.de> (cherry picked from commit c0cbfdef387bf70e589dec6a3bbd434d12cacc34)
* s3/Makefile: BUG 6791: Fix linking order in cifs.upcall.Karolin Seeger2009-10-201-1/+1
| | | | | | | Patch was originally provided by Buchan Milne <bgmilne@mandriva.org>. Signed-off-by: Björn Jacke <bj@sernet.de> (cherry picked from commit 7aea6adcede87a2389d933eedc50f836ba161f95)
* Correct fix for bug 6781 - Cannot rename subfolders in Explorer view with ↵Jeremy Allison2009-10-201-20/+12
| | | | | | recent versions of Samba. Without this fix, renaming a directory ./a to ./b, whilst a directory ./aa was already open would fail. Simplifies logic of earlier code. Jeremy. (cherry picked from commit 37f42ad6a1fff1e43bfd6dcaa8244b738ea37363)
* Fix bug 6769 - symlink unlink does nothing. Jeremy.Jeremy Allison2009-10-203-27/+85
| | | | (cherry picked from commit 9f7d155001bc4c2808b6d17e9cb5ce87173b6061)
* s3:winbind: Only ever handle one event after a select callVolker Lendecke2009-10-201-3/+9
| | | | | | | | While handling an fd event, the situation with other fds can change. I've just seen a winbind stuck in the accept() call on the privileged pipe. I can only imagine this happen because under high load we first handled other requests and meanwhile the client on the privileged pipe went away. (cherry picked from commit 8ef4a183da8bdc9997c198678a931b111396c104)
* Fix bug 6776 - Running overlapping Byte Lock test will core dump Samba ↵Jeremy Allison2009-10-201-148/+219
| | | | | | daemon. Re-write core of POSIX locking logic. Jeremy. (cherry picked from commit e3a41dd3167df58990d4b0f1f2ea6b6583826cf9)
* s3:smbd: Fix bug 6690, wrong error checkAndrew Klosterman2009-10-201-1/+1
| | | | (cherry picked from commit f1f6df1747164f3f57adc9c6912b27592baa0802)
* s3:winbindd: only notify the client when we exist, if the connection isn't ↵Stefan Metzmacher2009-10-201-5/+7
| | | | | | | | | dead already This is similar to commit 83edf3e43e86781872a07d8eb53084f59ad7384c. metze (cherry picked from commit 722ba568d79451a527976181b360de82b87b68e8)
* s3:winbindd_cm: don't invalidate the whole connection when just samr gave ↵Stefan Metzmacher2009-10-201-1/+12
| | | | | | | | ACCCESS_DENIED metze (cherry picked from commit bfd3a6f13aa935950142a24bf331feb98f987bde) (cherry picked from commit 53a426986a0ead7903ff6cf576b3d5501210e379)
* s3:rpc_client: don't randomly fragment rpc pdu's in developer modeStefan Metzmacher2009-10-201-2/+2
| | | | | | | | | This is really confusing and also breaks against windows, as it doesn't accept fragmented bind requests. metze (cherry picked from commit 68b8149d1fb26b2fe1138c99d971754b0a30378b) (cherry picked from commit 10ff61b24f0604c9686e728ac92c1a2987a31aed)
* s3:lib/select: don't overwrite errno in the signal handlerStefan Metzmacher2009-10-201-0/+4
| | | | | | metze (cherry picked from commit 00e378f17c39c52689601bc622b9cd78a0cdce12) (cherry picked from commit 8d8bcfbfbe95f1623870b54cfc9329187a06d526)
* tevent: make sure we don't set errno within the signal handler function.Stefan Metzmacher2009-10-201-0/+3
| | | | | | metze (cherry picked from commit d13dfbeb6c6ab5b20277439da5b95f1a7f2850eb) (cherry picked from commit 017586bb84a073f03a04ade6fb0bbe26af4112c1)
* s3:rpc_server: we need to make a copy of my_name in serverinfo_to_SamInfo_base()Stefan Metzmacher2009-10-201-1/+1
| | | | | | | | This is important for the case the server_info already contains a logon_server. metze (This is similar to commit 9ef39406d8072a1a102813fb4448af76e9020fcd) (cherry picked from commit dd5519d926ecdccc38f488d9a6d5138bfd871aa0)
generated by cgit (git 2.34.1) at 2025-09-26 08:44:15 +0000