summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* Fix bug 6875 - trans2 FIND_FIRST2 response --> FIND_FIRST2 Data -> Fille ↵Jeremy Allison2010-01-131-0/+14
| | | | | | Attributes are returned as 0x220 for LANMAN2.1 dialect Jeremy. (cherry picked from commit f871ff6367b7bd1b49e8aab649f614fd511bfa6a)
* Fix bug 6880 - cannot list workgroup servers reported by Alban Browaeys ↵Jeremy Allison2010-01-131-5/+14
| | | | | | <prahal@yahoo.com> with fix. Revert 2e989bab0764c298a2530a2d4c8690258eba210c with extra comments - this broke workgroup enumeration. Jeremy. (cherry picked from commit ed99189208b65bcc1a108c4f1a60c0535e75022c)
* Fix bug 6867 - trans2findnext returns reply_nterror(req, ntstatus) In a ↵Jeremy Allison2010-01-131-12/+16
| | | | | | directory with a lot of files. Jeremy. (cherry picked from commit 92c618cf167b3e9b18db986b05b2c4188b57f882)
* s3: Fix crash in pam_winbind, another reference to freed memory.Bo Yang2010-01-131-3/+7
| | | | | | | Fix bug #6840. Signed-off-by: Bo Yang <boyang@samba.org> (cherry picked from commit 1791b1cc43ce744c73b473aff0e311acbdf0ee4e)
* Fix bug 6829 - smbclient does not show special characters properly. All ↵Jeremy Allison2010-01-132-0/+5
| | | | | | successful calls to cli_session_setup() *must* be followed by calls to cli_init_creds() to stash the credentials we successfully connected with. There were 2 codepaths where this was missing. This caused smbclient to be unable to open the \srvsvc pipe to do an RPC netserverenum, and cause it to fall back to a RAP netserverenum, which uses DOS codepage conversion rather than the full UCS2 of RPC, so the returned characters were not correct (unless the DOS codepage was set correctly). Phew. That was fun to track down :-). Includes logic simplification in libsmb_server.c Jeremy. (cherry picked from commit bbeda1398687b79596769a5d046e1e0f249bd382)
* Fix bug 6828 - infinite timeout occurs when byte lock held outside of samba ↵Jeremy Allison2010-01-131-8/+18
| | | | | | Jeremy. (cherry picked from commit 4fce98ce2578f4bc5063a766fdacbdd5f840e446)
* s3: Don't fail authentication when one or some group of ↵Bo Yang2010-01-131-2/+23
| | | | | | | | | require-membership-of is invalid. Signed-off-by: Bo Yang <boyang@samba.org> Fix bug #6826. (cherry picked from commit 74b861908edc427d57928a7af0aa7ffd5fdb8d5a)
* s3:packaging: Adapt directory name.Karolin Seeger2010-01-131-2/+2
| | | | | Karolin (cherry picked from commit 606ec3a311067377ec3d633ee23155f6800dc73f)
* cifs.upcall: do a brute-force search for KRB5 credcacheJeff Layton2010-01-131-46/+138
| | | | | | | | | | | | | | | | | | | | | | | A few weeks ago, I added some code to cifs.upcall to take the pid sent by the kernel and use that to get the value of the $KRB5CCNAME environment var for the process. That works fine on the initial mount, but could be problematic on reconnect. There's no guarantee on a reconnect that the process that initiates the upcall will have $KRB5CCNAME pointed at the correct credcache. Because of this, the current scheme isn't going to be reliable enough and we need to use something different. This patch replaces that scheme with one very similar to the one used by rpc.gssd in nfs-utils. It searches the credcache dir (currently hardcoded to /tmp) for a valid credcache for the given uid. If it finds one then it uses that as the credentials cache. If it finds more than one, it uses the one with the latest TGT expiration. Signed-off-by: Jeff Layton <jlayton@redhat.com> Addresses bug #6810. (cherry picked from commit 6eacb25d736d47e1b4572aec5a143b15fbed619e)
* cifs.upcall: make using ip address conditional on new optionJeff Layton2010-01-132-27/+50
| | | | | | | | | | | | | | | | Igor Mammedov pointed out that reverse resolving an IP address to get the hostname portion of a principal could open a possible attack vector. If an attacker were to gain control of DNS, then he could redirect the mount to a server of his choosing, and fix the reverse resolution to point to a hostname of his choosing (one where he has the key for the corresponding cifs/ or host/ principal). That said, we often trust DNS for other reasons and it can be useful to do so. Make the code that allows trusting DNS to be enabled by adding --trust-dns to the cifs.upcall invocation. Signed-off-by: Jeff Layton <jlayton@redhat.com> (cherry picked from commit 6aa0f05509ec1b8578021051f83627f4ca296ef8)
* cifs.upcall: switch to getopt_longJeff Layton2010-01-131-1/+7
| | | | | | | ...to allow long option names. Signed-off-by: Jeff Layton <jlayton@redhat.com> (cherry picked from commit 8fed5de25979654baf1c62b0346c725b9c6b6866)
* cifs.upcall: fix IPv6 addrs sent to upcall to have colon delimitersJeff Layton2010-01-131-4/+29
| | | | | | | | Current kernels don't send IPv6 addresses with the colon delimiters, add a routine to add them when they're not present. Signed-off-by: Jeff Layton <jlayton@redhat.com> (cherry picked from commit 177e5437a75267fdfce8ba693f039a10344e5974)
* cifs.upcall: use ip address passed by kernel to get server's hostnameJeff Layton2010-01-131-12/+56
| | | | | | | | | Instead of using the hostname given by the upcall to get the server's principal, take the IP address given in the upcall and reverse resolve it to a hostname. Signed-off-by: Jeff Layton <jlayton@redhat.com> (cherry picked from commit ff1b2c8725e21ed7fc944020a1c1cc12a80a9bec)
* cifs.upcall: clean up flag handlingJeff Layton2010-01-131-10/+10
| | | | | | | | | | | Add a new stack var to hold the flags returned by the decoder routine so that we don't need to worry so much about preserving "rc". With this, we can drop privs before trying to find the location of the credcache. Signed-off-by: Jeff Layton <jlayton@redhat.com> (cherry picked from commit fe57399ac4ddbdc601871579478b996cfc85fcee)
* cifs.upcall: try getting a "cifs/" principal and fall back to "host/"Jeff Layton2010-01-132-14/+18
| | | | | | | | | | | | | | cifs.upcall takes a "-c" flag that tells the upcall to get a principal in the form of "cifs/hostname.example.com@REALM" instead of "host/hostname.example.com@REALM". This has turned out to be a source of great confusion for users. Instead of requiring this flag, have the upcall try to get a "cifs/" principal first. If that fails, fall back to getting a "host/" principal. Signed-off-by: Jeff Layton <jlayton@redhat.com> (cherry picked from commit e919c3ac1229eae35614b92a9daebc71e770ca1b)
* cifs.upcall: declare a structure for holding decoded argsJeff Layton2010-01-131-30/+33
| | | | | | | | | The argument list for the decoder is becoming rather long. Declare an args structure and use that for holding the args. This also simplifies pointer handling a bit. Signed-off-by: Jeff Layton <jlayton@redhat.com> (cherry picked from commit 0b516e8e9e5b1c4b2ab32b27c37ec708d6afd5d2)
* cifs.upcall: formatting cleanupJeff Layton2010-01-131-47/+37
| | | | | | | Clean up some unneeded curly braces, and fix some indentation. Signed-off-by: Jeff Layton <jlayton@redhat.com> (cherry picked from commit 56de963329bed9a06d27d70dad1d6a21f5f9213a)
* cifs.upcall: clean up logging and add debug messagesJeff Layton2010-01-131-32/+47
| | | | | | | | | | | | | Change the log levels to be more appropriate to the messages being logged. Error messages should be LOG_ERR and not LOG_WARNING, for instance. Add some LOG_DEBUG messages that we can use to diagnose problems with krb5 upcalls. With these, someone can set up syslog to log daemon.debug and should be able to get more info when things aren't working. Signed-off-by: Jeff Layton <jlayton@redhat.com> (cherry picked from commit e9b932b242cac1061a19da9421b515cacf6c631b)
* Attempt to fix the build -- jlayton, please check!Volker Lendecke2010-01-131-1/+1
| | | | (cherry picked from commit 223bee1fc5f655adb61db603a5423c8bf4a5f582)
* cifs.upcall: use pid value from kernel to determine KRB5CCNAME to useJeff Layton2010-01-131-12/+75
| | | | | | | | | If the kernel sends the upcall a pid of the requesting process, we can open that process' /proc/<pid>/environ file and scrape the KRB5CCNAME value out of it. Signed-off-by: Jeff Layton <jlayton@redhat.com> (cherry picked from commit 9ecd9e7dbd6f5f6a07614084207b4891a93ca79b)
* s3:winbind: Fix bug 6793 -- segfault in winbindd_pam_authVolker Lendecke2010-01-131-7/+8
| | | | (cherry picked from commit 96b600d429561f3ea155ffcb51a87c0d74151f52)
* s3/aio: Correctly handle aio_error() and errno.Olaf Flebbe2010-01-131-35/+26
| | | | | Fix bug #6805. (cherry picked from commit 4a6a623affe9e055340fee51d10bc321e175a31b)
* Fix bug 6811 - pam_winbind references freed memory. s3: Fix reference to ↵Bo Yang2010-01-131-3/+4
| | | | | | freed memory in pam_winbind. (cherry picked from commit 80c18ba49f4751dc104062de6a438f00a7afc39d)
* WHATSNEW: Start WHATSNEW for 3.3.10.Karolin Seeger2010-01-131-2/+46
| | | | | Karolin (cherry picked from commit 1b2536765b8678ac27c213244b4b301b142a17bd)
* VERSION: Raise version number up to 3.3.10.Karolin Seeger2010-01-131-1/+1
| | | | | Karolin (cherry picked from commit 6147260f3d258d58f71f3bf32717d50419c68a9e)
* WHATSNEW: Update changes.samba-3.3.9Karolin Seeger2009-10-121-0/+1
| | | | | Karolin (cherry picked from commit 0e52cec95a7b6040a1dd6e6bb5c5439fd3378a32)
* WHATSNEW. Update changes since 3.3.8.Karolin Seeger2009-10-121-0/+5
| | | | | Karolin (cherry picked from commit 680e39a6795729dfa5e9a748e189f1424324434f)
* s3:wbc_sid: Fix build.Karolin Seeger2009-10-121-2/+2
| | | | | | | Use talloc_free instead of TALLOC_FREE. Signed-off-by: Volker Lendecke <vl@samba.org> (cherry picked from commit 95389ecdeb2e1d9d9512210a92c05c7a2d753409)
* s3: Fix a memleak reported by dmarkey (cherry picked from commit ↵Volker Lendecke2009-10-121-0/+4
| | | | | | | 5aeb954ba9382e1975c64ac96f1e377ed6af3ae0) Fix bug #6797. (cherry picked from commit 68c77a51410bd3a1a0fbe61d6714a9a95b4d82cd)
* s3:smbclient: Fix bug 6606 (reported as 6744) in 3.3Volker Lendecke2009-10-121-20/+168
| | | | | | | This is a port of 1f34ffa0ca and 24309bdb2efc to 3.3. Fix file corruption using smbclient with NT4 server. (cherry picked from commit b0fdc578fb10062c36ce2df18ab37cab57a89692)
* Correct fix for bug 6781 - Cannot rename subfolders in Explorer view with ↵Jeremy Allison2009-10-121-2/+7
| | | | | | recent versions of Samba. Without this fix, renaming a directory ./a to ./b, whilst a directory ./aa was already open would fail. Jeremy. (cherry picked from commit 1f604d26d038956a6ddde892610c9b2254268160)
* Fix bug 6769 - symlink unlink does nothing. Jeremy.Jeremy Allison2009-10-123-27/+85
| | | | (cherry picked from commit fdc28f6700c97e1276e3d6ae1f242f7daa9bab9e)
* s3:mount.cifs: make "mount.cifs -V" print the version, not usage.Michael Adam2009-10-121-5/+28
| | | | | | | | | | | (cherry-picked from d7ca4997017e86b6f23ced64f1f1672bfb15716b) Also make "mount.cifs -h" not exit with error exit code but with return code 0. Michael Part 2/2 of a fix for bug #6692 (mount.cifs segfault). (cherry picked from commit d41131948346619be98514331d7059d9bffecac5)
* Revert "cifs mount did not properly display version string when no other ↵Jeff Layton2009-10-121-8/+0
| | | | | | | | | parameters passed in." This reverts commit c7bf0f4c222ae46be2a751997e03197832b494cd. Part 1/2 of a fix for bug #6692. (cherry picked from commit 2cda51b4e6fba53c04f87e4c2dd99a952a63d812)
* WHATSNEW: Add more coherent explanation for bug #6680.Karolin Seeger2009-10-081-2/+2
| | | | | Karolin (cherry picked from commit 6c4fe1086020d7bc278d84c56b6cbcc6e3a64b5d)
* s3-pamsmbpass: copy _pam_get_item and _pam_get_data from pam_winbind.Günther Deschner2009-10-085-18/+45
| | | | | | | Fix bug #6790. Guenther (cherry picked from commit baa2c10b11a960dd70b3d32b4868a303d85ca9b2)
* WHATSNEW: List major enhancements.Karolin Seeger2009-10-081-1/+2
| | | | | Karolin (cherry picked from commit 113e33cc8d9cb4f68345a39081580db18c0468d8)
* WHATSNEW: Update release notes.Karolin Seeger2009-10-081-2/+11
| | | | | Karolin (cherry picked from commit 30064fe10bab01bea629b0564078323725bdea03)
* s3-{u}mount.cifs: remove unrequired dependency on popt.Günther Deschner2009-10-081-4/+4
| | | | | | | Fixes bug #6789. Guenther (cherry picked from commit f8b2fc49937a72fe64c3e4310141f45fb7d679bf)
* s3:winbind: Only ever handle one event after a select callVolker Lendecke2009-10-081-2/+6
| | | | | | | | While handling an fd event, the situation with other fds can change. I've just seen a winbind stuck in the accept() call on the privileged pipe. I can only imagine this happen because under high load we first handled other requests and meanwhile the client on the privileged pipe went away. (cherry picked from commit a4df4406f12281db60fd6612c6ebf93d77af9152)
* Fix bug 6776 - Running overlapping Byte Lock test will core dump Samba ↵Jeremy Allison2009-10-081-137/+214
| | | | | | daemon. Re-write core of POSIX locking logic. Jeremy. (cherry picked from commit faf7197b3b4ac9fefeb0fca31a888c9e84bed92f)
* s3:smbd: Fix bug 6690, wrong error checkAndrew Klosterman2009-10-081-1/+1
| | | | (cherry picked from commit 076e24cbaf9009f744978b03ddf6ef593d90e9c1)
* s3:winbindd_cm: don't invalidate the whole connection when just samr gave ↵Stefan Metzmacher2009-10-081-1/+12
| | | | | | | ACCCESS_DENIED metze (cherry picked from commit c6d485583aba69b38b2972224e27edb60c3bf09a)
* s3:rpc_server: we need to make a copy of my_name in serverinfo_to_SamInfo3()Günther Deschner2009-10-081-1/+1
| | | | | | | This is important for the case the server_info already contains a logon_server. metze (cherry picked from commit 855ac932cf86272aaf02bf68e1fbf0e0a2902982)
* s3-rpc_client: fix rpccli_set_timeout to cope with abstract transport.Günther Deschner2009-10-081-3/+7
| | | | | | | taken from: b7094c0b804984de8e0b50c17e7908a2685df557 Guenther (cherry picked from commit 3ca4a7bb33c56aa813247d0ea51863d7ded2e5de)
* s3:winbind: Fix an uninitialized variable (cherry picked from commit ↵Volker Lendecke2009-10-081-1/+1
| | | | | | 0724649a8a7c04d015317d9dc2ae43ee87c1bd25) (cherry picked from commit b50ae28be07b93eef04e6e4b9eeb9fc440e21bd4)
* s3-winbindd: Fix Bug #6711: trusts to windows 2008 (2008 r2) not working.Günther Deschner2009-10-083-5/+63
| | | | | | | | | | | | | Winbindd should always try to use LSA via an schannel authenticated ncacn_ip_tcp connection when talking to AD for LSA lookup calls. In Samba <-> W2k8 interdomain trust scenarios, LookupSids3 and LookupNames4 via an schannel ncacn_ip_tcp LSA connection are the *only* options to successfully resolve sids and names. Guenther (cherry picked from commit 6a8ef6c424c52be861ed2a9806f917a64ec892a6) (cherry picked from commit acc5e6012adca290ddc067a4ed25a8161b74250e)
* s3-winbindd: add cm_connect_lsa_tcp().Günther Deschner2009-10-083-0/+63
| | | | | | Guenther (cherry picked from commit 58f2deb94024f002e3c3df47f45454edc97f47e1) (cherry picked from commit 7e4e12f120c666f31af042ab59fd9478017740ea)
* s3-rpc_client: fix non initialized structure in rpccli_lsa_lookup_sids_noalloc.Günther Deschner2009-10-081-0/+2
| | | | | | Guenther (cherry picked from commit a4b5c792c55ef90648a528d279beec32f86a9b22) (cherry picked from commit bd2e674cc3ab0fb6f1d988b0b19b6ad5544512b3)
* s3-rpc_client: add rpccli_lsa_lookup_sids3 wrapper.Günther Deschner2009-10-082-17/+82
| | | | | | Guenther (cherry picked from commit 2f9adf04e4b3e16c046cb371a428a8a70d5de041) (cherry picked from commit 18ba75b763a2fec8f7b05af0444212990753fe1b)
generated by cgit (git 2.34.1) at 2025-09-03 11:27:40 +0000