summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* s3-kerberos: add check for prerequisite krb5/krb5.h header while checking ↵Günther Deschner2010-01-131-2/+7
| | | | | | | | | | for krb5/locate_plugin.h. (Needed for new Heimdal versions). Guenther (cherry picked from commit c438b2b3923db66672ec82e795eef543de5fcb8a) (cherry picked from commit e5592560bb8f90446bd8cbe8019663cbf00e22ab)
* nsswitch: fix compile of winbind_krb5_locator with recent Heimdal versions.Günther Deschner2010-01-131-0/+1
| | | | | | Guenther (cherry picked from commit 51864219cc12ceb66c281355f3e1191d5e32842d) (cherry picked from commit dff3d01119c91fbdac613508c64f3f8fc0b8a413)
* cifs.upcall: 2nd part of fix for Bug #6868: support building with Heimdal we ↵Günther Deschner2010-01-131-0/+2
| | | | | | | | well as with MIT. Guenther (cherry picked from commit 660ee2e74523194e5f6b2b6428d76628beb74717) (cherry picked from commit 1d5af511dd6f88d211b6c63b1e2d9d7ec97b03ad)
* s3-build: really fix build of winbind_krb5_locator.Günther Deschner2010-01-131-1/+1
| | | | | | Guenther (cherry picked from commit fc9f199f2619635f73e8ee7f3b5359521d63f325) (cherry picked from commit 3aaec6a346a88b732e66796514bc21e47c23e850)
* nsswitch: fix the build of the winbind krb5 locator plugin.Günther Deschner2010-01-131-1/+1
| | | | | | Guenther (cherry picked from commit b9d9353b548d9b2ab684aa171f511174e6414762) (cherry picked from commit 087c41e390b8be513016ca29a96d1702b0d03587)
* cifs.upcall: Fix Bug #6868: support building with Heimdal we well as with MIT.Günther Deschner2010-01-131-18/+16
| | | | | | Guenther (cherry picked from commit b29eed492f1c056adb0b53510be10e738276ca11) (cherry picked from commit cca1f7a80317e09208a9e56ff2744b113e0dfbc5)
* s3-kerberos: add smb_krb5_principal_get_realm().Günther Deschner2010-01-132-1/+27
| | | | | Guenther (cherry picked from commit bddafc6de8e37e014d7f074b6107dda6f76ebdc5)
* s3-kerberos: fix some build warnings when building against heimdal.Günther Deschner2010-01-131-2/+2
| | | | | Guenther (cherry picked from commit 6664d015c986946c509f4f8d3524f84fb2f34ff1)
* kerberos: fix some heimdal build warnings.Günther Deschner2010-01-131-4/+4
| | | | | Guenther (cherry picked from commit ce1bea7d692dcf09faafa0941c15313d0d75a9c8)
* s3: Fix shadow copy display on Windows 7Volker Lendecke2010-01-131-1/+1
| | | | | | | | Windows 7 is a bit more picky on our NT_STATUS_BUFFER_TOO_SMALL. Announce the right buffer size, the same amount we later check for. Fix bug #6850 (Shadow Copy Support for VISTA / Windows 7). (cherry picked from commit dc3d1f2f073f135bf48a08163010465ba88b9d37)
* s3:docs: Fix typo in man mount.cifs.Karolin Seeger2010-01-131-1/+1
| | | | | | | | | | | Fix bug #6844 (wrong credential file format in mount.cifs manpage). Thanks to the Debian Samba package maintainers for reporting! Karolin (cherry picked from commit 3b7f8a759f57f32a8c1bc2db85236e88f616ffd9) (cherry picked from commit 54e2e0ae51e2e126696570104ed64d0458beb4ce) (cherry picked from commit dbe41dce7491df93a26bb0f4bd2a33b53fe90188) (cherry picked from commit 04fa292f6e7948c10da378ca4b8a741324478008)
* s3:docs: Document "aio write behind".Karolin Seeger2010-01-131-0/+23
| | | | | | | | | | Part of a fix for bug #6890 (Some smb.conf parameters are undocumented). Karolin (cherry picked from commit fde7c2ab19bc7442d8ee9d85ab2fe54e0cfb4782) (cherry picked from commit 267ebc03b43dd8c11f5aebf341620b0d94d95135) (cherry picked from commit 93bbbd3cc776e4aa69239cb086067ec953fc8c8e) (cherry picked from commit 65a3f18ccd9aa8b4ec31e9e7e5465631ee53afca)
* s3:docs: Document "ldap page size".Karolin Seeger2010-01-131-0/+18
| | | | | | | | | | Part of a fix for bug #6890 (Some smb.conf parameters are undocumented). Karolin (cherry picked from commit 9478ec35b5349f50a61bbe2aa88af88577918e91) (cherry picked from commit 940121d666b9e0645584c93db178b763ac5c8c04) (cherry picked from commit a1d8a6127448fbdc25d1d87a2541a2ea8e430e17) (cherry picked from commit eeea76ff150964c7b6db87fb670dbfd1ae68608e)
* s3:docs: Document "enable core files".Karolin Seeger2010-01-131-0/+15
| | | | | | | | | | Part of a fix for bug #6890 (Some smb.conf parameters are undocumented). Karolin (cherry picked from commit b03ad70848e6ea889f382c0cb9f21057370f1ab6) (cherry picked from commit 15f7b70b0e6b6bd2604255cff1c351bb0425e9f3) (cherry picked from commit 5832bc1c5896b391131952a06013154cbdafe3f9) (cherry picked from commit f83733838bf94348c98dbc724d86c9021053639b)
* s3: Fix bug 6338 -- net rpc trustdom list always display "none"Volker Lendecke2010-01-131-8/+20
| | | | (cherry picked from commit ff9d20909cdce671d92f1d5cee1249db465efa9b)
* docs: Fix Bug 6922: Add Registry patchfile for Win7 domain join.Günther Deschner2010-01-131-0/+0
| | | | | | | | | | Patchfile from SATOH Fumiyasu <fumiyas@osstech.co.jp>. Thanks! Guenther (cherry picked from commit 95d0f0aab01fdd751841d57cebe6150cd6fdf80c) (cherry picked from commit 91deb46d6a4dc1e5290e816c40925598e2c6ded9)
* clikrb5: Prefer krb5_free_keytab_entry_contents to krb5_kt_free_entry.Jelmer Vernooij2010-01-131-3/+8
| | | | | | | | Both functions exist in MIT Kerberos >= 1.7, but only krb5_free_keytab_entry_contents has a prototype. Part of a fix for bug #6918 (Build breaks with krb5-client-1.7-6.1.i586). (cherry picked from commit f7f183aba2c53426620bab7e934ce79b516dc4fc)
* s3:idmap_ldap: trim the " chars from the location string in idmap_ldap_db_initMichael Adam2010-01-131-0/+2
| | | | | | | | | | | | | Fix bug #6910 (idmap_ldap stumbles over idmap backend = ldap:"ldap://ldap1 ldap://ldap2"=. When idmap backend is specified as idmap backend = ldap:"ldap://server1 ldap://server2" then currently "ldap://server1 ldap://server2" was passed to ldap_initialize including the quotes, leading to an ldap error. Michael (cherry picked from commit 67f1d0ac6edecec4efb100ae61bc23bd321f518f)
* s3: fixed krb5 build problem on ubuntu karmicAndrew Tridgell2010-01-132-0/+13
| | | | | | | | | | | Karmic has MIT krb5 1.7-beta3, which has the symbol krb5_auth_con_set_req_cksumtype but no prototype for it. See also http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=531635 (cherry picked from commit a6e4cb500b4162cae1d906a1762507370b4ee89e) Part of a fix for bug #6918. (cherry picked from commit fbaed41c8f583f633673aca2f600c517744d28b5)
* s3-rpc_client: make sure cli_rpc_pipe_open_schannel() does not always return ↵Günther Deschner2010-01-131-1/+3
| | | | | | | | | | NT_STATUS_OK. Guenther Part of a fix for bug #6697. And hopefully a fix for bug #6889. (cherry picked from commit b6f1eced1f88b747c4cc8077ebf6bf4370100e09)
* s3-rpc_client: protect rpc_pipe_np_smb_conn against a NULL struct ↵Günther Deschner2010-01-131-0/+3
| | | | | | | | | rpc_pipe_client. Guenther Part of a fix for bug #6697. (cherry picked from commit 1fe281e25708b999a3e9ef1d5808a79995fbb438)
* Second part of the fix for bug 6828 - infinite timeout occurs when byte lock ↵Jeremy Allison2010-01-131-8/+1
| | | | | | held outside of samba. Fixes case where a connection with a pending lock can me marked "idle", and ensures that the lock queue timeout is always recalculated. Jeremy. (cherry picked from commit 31bb625273aac6e3e19f95465580b3bcb1885549)
* Fix bug 6875 - trans2 FIND_FIRST2 response --> FIND_FIRST2 Data -> Fille ↵Jeremy Allison2010-01-131-0/+14
| | | | | | Attributes are returned as 0x220 for LANMAN2.1 dialect Jeremy. (cherry picked from commit f871ff6367b7bd1b49e8aab649f614fd511bfa6a)
* Fix bug 6880 - cannot list workgroup servers reported by Alban Browaeys ↵Jeremy Allison2010-01-131-5/+14
| | | | | | <prahal@yahoo.com> with fix. Revert 2e989bab0764c298a2530a2d4c8690258eba210c with extra comments - this broke workgroup enumeration. Jeremy. (cherry picked from commit ed99189208b65bcc1a108c4f1a60c0535e75022c)
* Fix bug 6867 - trans2findnext returns reply_nterror(req, ntstatus) In a ↵Jeremy Allison2010-01-131-12/+16
| | | | | | directory with a lot of files. Jeremy. (cherry picked from commit 92c618cf167b3e9b18db986b05b2c4188b57f882)
* s3: Fix crash in pam_winbind, another reference to freed memory.Bo Yang2010-01-131-3/+7
| | | | | | | Fix bug #6840. Signed-off-by: Bo Yang <boyang@samba.org> (cherry picked from commit 1791b1cc43ce744c73b473aff0e311acbdf0ee4e)
* Fix bug 6829 - smbclient does not show special characters properly. All ↵Jeremy Allison2010-01-132-0/+5
| | | | | | successful calls to cli_session_setup() *must* be followed by calls to cli_init_creds() to stash the credentials we successfully connected with. There were 2 codepaths where this was missing. This caused smbclient to be unable to open the \srvsvc pipe to do an RPC netserverenum, and cause it to fall back to a RAP netserverenum, which uses DOS codepage conversion rather than the full UCS2 of RPC, so the returned characters were not correct (unless the DOS codepage was set correctly). Phew. That was fun to track down :-). Includes logic simplification in libsmb_server.c Jeremy. (cherry picked from commit bbeda1398687b79596769a5d046e1e0f249bd382)
* Fix bug 6828 - infinite timeout occurs when byte lock held outside of samba ↵Jeremy Allison2010-01-131-8/+18
| | | | | | Jeremy. (cherry picked from commit 4fce98ce2578f4bc5063a766fdacbdd5f840e446)
* s3: Don't fail authentication when one or some group of ↵Bo Yang2010-01-131-2/+23
| | | | | | | | | require-membership-of is invalid. Signed-off-by: Bo Yang <boyang@samba.org> Fix bug #6826. (cherry picked from commit 74b861908edc427d57928a7af0aa7ffd5fdb8d5a)
* s3:packaging: Adapt directory name.Karolin Seeger2010-01-131-2/+2
| | | | | Karolin (cherry picked from commit 606ec3a311067377ec3d633ee23155f6800dc73f)
* cifs.upcall: do a brute-force search for KRB5 credcacheJeff Layton2010-01-131-46/+138
| | | | | | | | | | | | | | | | | | | | | | | A few weeks ago, I added some code to cifs.upcall to take the pid sent by the kernel and use that to get the value of the $KRB5CCNAME environment var for the process. That works fine on the initial mount, but could be problematic on reconnect. There's no guarantee on a reconnect that the process that initiates the upcall will have $KRB5CCNAME pointed at the correct credcache. Because of this, the current scheme isn't going to be reliable enough and we need to use something different. This patch replaces that scheme with one very similar to the one used by rpc.gssd in nfs-utils. It searches the credcache dir (currently hardcoded to /tmp) for a valid credcache for the given uid. If it finds one then it uses that as the credentials cache. If it finds more than one, it uses the one with the latest TGT expiration. Signed-off-by: Jeff Layton <jlayton@redhat.com> Addresses bug #6810. (cherry picked from commit 6eacb25d736d47e1b4572aec5a143b15fbed619e)
* cifs.upcall: make using ip address conditional on new optionJeff Layton2010-01-132-27/+50
| | | | | | | | | | | | | | | | Igor Mammedov pointed out that reverse resolving an IP address to get the hostname portion of a principal could open a possible attack vector. If an attacker were to gain control of DNS, then he could redirect the mount to a server of his choosing, and fix the reverse resolution to point to a hostname of his choosing (one where he has the key for the corresponding cifs/ or host/ principal). That said, we often trust DNS for other reasons and it can be useful to do so. Make the code that allows trusting DNS to be enabled by adding --trust-dns to the cifs.upcall invocation. Signed-off-by: Jeff Layton <jlayton@redhat.com> (cherry picked from commit 6aa0f05509ec1b8578021051f83627f4ca296ef8)
* cifs.upcall: switch to getopt_longJeff Layton2010-01-131-1/+7
| | | | | | | ...to allow long option names. Signed-off-by: Jeff Layton <jlayton@redhat.com> (cherry picked from commit 8fed5de25979654baf1c62b0346c725b9c6b6866)
* cifs.upcall: fix IPv6 addrs sent to upcall to have colon delimitersJeff Layton2010-01-131-4/+29
| | | | | | | | Current kernels don't send IPv6 addresses with the colon delimiters, add a routine to add them when they're not present. Signed-off-by: Jeff Layton <jlayton@redhat.com> (cherry picked from commit 177e5437a75267fdfce8ba693f039a10344e5974)
* cifs.upcall: use ip address passed by kernel to get server's hostnameJeff Layton2010-01-131-12/+56
| | | | | | | | | Instead of using the hostname given by the upcall to get the server's principal, take the IP address given in the upcall and reverse resolve it to a hostname. Signed-off-by: Jeff Layton <jlayton@redhat.com> (cherry picked from commit ff1b2c8725e21ed7fc944020a1c1cc12a80a9bec)
* cifs.upcall: clean up flag handlingJeff Layton2010-01-131-10/+10
| | | | | | | | | | | Add a new stack var to hold the flags returned by the decoder routine so that we don't need to worry so much about preserving "rc". With this, we can drop privs before trying to find the location of the credcache. Signed-off-by: Jeff Layton <jlayton@redhat.com> (cherry picked from commit fe57399ac4ddbdc601871579478b996cfc85fcee)
* cifs.upcall: try getting a "cifs/" principal and fall back to "host/"Jeff Layton2010-01-132-14/+18
| | | | | | | | | | | | | | cifs.upcall takes a "-c" flag that tells the upcall to get a principal in the form of "cifs/hostname.example.com@REALM" instead of "host/hostname.example.com@REALM". This has turned out to be a source of great confusion for users. Instead of requiring this flag, have the upcall try to get a "cifs/" principal first. If that fails, fall back to getting a "host/" principal. Signed-off-by: Jeff Layton <jlayton@redhat.com> (cherry picked from commit e919c3ac1229eae35614b92a9daebc71e770ca1b)
* cifs.upcall: declare a structure for holding decoded argsJeff Layton2010-01-131-30/+33
| | | | | | | | | The argument list for the decoder is becoming rather long. Declare an args structure and use that for holding the args. This also simplifies pointer handling a bit. Signed-off-by: Jeff Layton <jlayton@redhat.com> (cherry picked from commit 0b516e8e9e5b1c4b2ab32b27c37ec708d6afd5d2)
* cifs.upcall: formatting cleanupJeff Layton2010-01-131-47/+37
| | | | | | | Clean up some unneeded curly braces, and fix some indentation. Signed-off-by: Jeff Layton <jlayton@redhat.com> (cherry picked from commit 56de963329bed9a06d27d70dad1d6a21f5f9213a)
* cifs.upcall: clean up logging and add debug messagesJeff Layton2010-01-131-32/+47
| | | | | | | | | | | | | Change the log levels to be more appropriate to the messages being logged. Error messages should be LOG_ERR and not LOG_WARNING, for instance. Add some LOG_DEBUG messages that we can use to diagnose problems with krb5 upcalls. With these, someone can set up syslog to log daemon.debug and should be able to get more info when things aren't working. Signed-off-by: Jeff Layton <jlayton@redhat.com> (cherry picked from commit e9b932b242cac1061a19da9421b515cacf6c631b)
* Attempt to fix the build -- jlayton, please check!Volker Lendecke2010-01-131-1/+1
| | | | (cherry picked from commit 223bee1fc5f655adb61db603a5423c8bf4a5f582)
* cifs.upcall: use pid value from kernel to determine KRB5CCNAME to useJeff Layton2010-01-131-12/+75
| | | | | | | | | If the kernel sends the upcall a pid of the requesting process, we can open that process' /proc/<pid>/environ file and scrape the KRB5CCNAME value out of it. Signed-off-by: Jeff Layton <jlayton@redhat.com> (cherry picked from commit 9ecd9e7dbd6f5f6a07614084207b4891a93ca79b)
* s3:winbind: Fix bug 6793 -- segfault in winbindd_pam_authVolker Lendecke2010-01-131-7/+8
| | | | (cherry picked from commit 96b600d429561f3ea155ffcb51a87c0d74151f52)
* s3/aio: Correctly handle aio_error() and errno.Olaf Flebbe2010-01-131-35/+26
| | | | | Fix bug #6805. (cherry picked from commit 4a6a623affe9e055340fee51d10bc321e175a31b)
* Fix bug 6811 - pam_winbind references freed memory. s3: Fix reference to ↵Bo Yang2010-01-131-3/+4
| | | | | | freed memory in pam_winbind. (cherry picked from commit 80c18ba49f4751dc104062de6a438f00a7afc39d)
* WHATSNEW: Start WHATSNEW for 3.3.10.Karolin Seeger2010-01-131-2/+46
| | | | | Karolin (cherry picked from commit 1b2536765b8678ac27c213244b4b301b142a17bd)
* VERSION: Raise version number up to 3.3.10.Karolin Seeger2010-01-131-1/+1
| | | | | Karolin (cherry picked from commit 6147260f3d258d58f71f3bf32717d50419c68a9e)
* WHATSNEW: Update changes.samba-3.3.9Karolin Seeger2009-10-121-0/+1
| | | | | Karolin (cherry picked from commit 0e52cec95a7b6040a1dd6e6bb5c5439fd3378a32)
* WHATSNEW. Update changes since 3.3.8.Karolin Seeger2009-10-121-0/+5
| | | | | Karolin (cherry picked from commit 680e39a6795729dfa5e9a748e189f1424324434f)
* s3:wbc_sid: Fix build.Karolin Seeger2009-10-121-2/+2
| | | | | | | Use talloc_free instead of TALLOC_FREE. Signed-off-by: Volker Lendecke <vl@samba.org> (cherry picked from commit 95389ecdeb2e1d9d9512210a92c05c7a2d753409)
generated by cgit (git 2.34.1) at 2024-07-04 19:31:11 +0000