summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* s3-rpc_client: make sure cli_rpc_pipe_open_schannel() does not always return ↵Günther Deschner2009-11-111-1/+3
| | | | | | | | | NT_STATUS_OK. Guenther Part of a fix for bug #6697. And hopefully a fix for bug #6889.
* s3-rpc_client: protect rpc_pipe_np_smb_conn against a NULL struct ↵Günther Deschner2009-11-111-0/+3
| | | | | | | | rpc_pipe_client. Guenther Part of a fix for bug #6697.
* Second part of the fix for bug 6828 - infinite timeout occurs when byte lock ↵Jeremy Allison2009-11-101-8/+1
| | | | held outside of samba. Fixes case where a connection with a pending lock can me marked "idle", and ensures that the lock queue timeout is always recalculated. Jeremy.
* Fix bug 6875 - trans2 FIND_FIRST2 response --> FIND_FIRST2 Data -> Fille ↵Jeremy Allison2009-11-101-0/+14
| | | | Attributes are returned as 0x220 for LANMAN2.1 dialect Jeremy.
* Fix bug 6880 - cannot list workgroup servers reported by Alban Browaeys ↵Jeremy Allison2009-11-101-5/+14
| | | | <prahal@yahoo.com> with fix. Revert 2e989bab0764c298a2530a2d4c8690258eba210c with extra comments - this broke workgroup enumeration. Jeremy.
* Fix bug 6867 - trans2findnext returns reply_nterror(req, ntstatus) In a ↵Jeremy Allison2009-11-041-12/+16
| | | | directory with a lot of files. Jeremy.
* s3: Fix crash in pam_winbind, another reference to freed memory.Bo Yang2009-10-261-3/+7
| | | | | | Fix bug #6840. Signed-off-by: Bo Yang <boyang@samba.org>
* Fix bug 6829 - smbclient does not show special characters properly. All ↵Jeremy Allison2009-10-232-0/+5
| | | | successful calls to cli_session_setup() *must* be followed by calls to cli_init_creds() to stash the credentials we successfully connected with. There were 2 codepaths where this was missing. This caused smbclient to be unable to open the \srvsvc pipe to do an RPC netserverenum, and cause it to fall back to a RAP netserverenum, which uses DOS codepage conversion rather than the full UCS2 of RPC, so the returned characters were not correct (unless the DOS codepage was set correctly). Phew. That was fun to track down :-). Includes logic simplification in libsmb_server.c Jeremy.
* Fix bug 6828 - infinite timeout occurs when byte lock held outside of samba ↵Jeremy Allison2009-10-221-8/+18
| | | | Jeremy.
* s3: Don't fail authentication when one or some group of ↵Bo Yang2009-10-221-2/+23
| | | | | | | | require-membership-of is invalid. Signed-off-by: Bo Yang <boyang@samba.org> Fix bug #6826.
* s3:packaging: Adapt directory name.Karolin Seeger2009-10-161-2/+2
| | | | Karolin
* cifs.upcall: do a brute-force search for KRB5 credcacheJeff Layton2009-10-161-46/+138
| | | | | | | | | | | | | | | | | | | | | | A few weeks ago, I added some code to cifs.upcall to take the pid sent by the kernel and use that to get the value of the $KRB5CCNAME environment var for the process. That works fine on the initial mount, but could be problematic on reconnect. There's no guarantee on a reconnect that the process that initiates the upcall will have $KRB5CCNAME pointed at the correct credcache. Because of this, the current scheme isn't going to be reliable enough and we need to use something different. This patch replaces that scheme with one very similar to the one used by rpc.gssd in nfs-utils. It searches the credcache dir (currently hardcoded to /tmp) for a valid credcache for the given uid. If it finds one then it uses that as the credentials cache. If it finds more than one, it uses the one with the latest TGT expiration. Signed-off-by: Jeff Layton <jlayton@redhat.com> Addresses bug #6810.
* cifs.upcall: make using ip address conditional on new optionJeff Layton2009-10-162-27/+50
| | | | | | | | | | | | | | | Igor Mammedov pointed out that reverse resolving an IP address to get the hostname portion of a principal could open a possible attack vector. If an attacker were to gain control of DNS, then he could redirect the mount to a server of his choosing, and fix the reverse resolution to point to a hostname of his choosing (one where he has the key for the corresponding cifs/ or host/ principal). That said, we often trust DNS for other reasons and it can be useful to do so. Make the code that allows trusting DNS to be enabled by adding --trust-dns to the cifs.upcall invocation. Signed-off-by: Jeff Layton <jlayton@redhat.com>
* cifs.upcall: switch to getopt_longJeff Layton2009-10-161-1/+7
| | | | | | ...to allow long option names. Signed-off-by: Jeff Layton <jlayton@redhat.com>
* cifs.upcall: fix IPv6 addrs sent to upcall to have colon delimitersJeff Layton2009-10-161-4/+29
| | | | | | | Current kernels don't send IPv6 addresses with the colon delimiters, add a routine to add them when they're not present. Signed-off-by: Jeff Layton <jlayton@redhat.com>
* cifs.upcall: use ip address passed by kernel to get server's hostnameJeff Layton2009-10-161-12/+56
| | | | | | | | Instead of using the hostname given by the upcall to get the server's principal, take the IP address given in the upcall and reverse resolve it to a hostname. Signed-off-by: Jeff Layton <jlayton@redhat.com>
* cifs.upcall: clean up flag handlingJeff Layton2009-10-161-10/+10
| | | | | | | | | | Add a new stack var to hold the flags returned by the decoder routine so that we don't need to worry so much about preserving "rc". With this, we can drop privs before trying to find the location of the credcache. Signed-off-by: Jeff Layton <jlayton@redhat.com>
* cifs.upcall: try getting a "cifs/" principal and fall back to "host/"Jeff Layton2009-10-162-14/+18
| | | | | | | | | | | | | cifs.upcall takes a "-c" flag that tells the upcall to get a principal in the form of "cifs/hostname.example.com@REALM" instead of "host/hostname.example.com@REALM". This has turned out to be a source of great confusion for users. Instead of requiring this flag, have the upcall try to get a "cifs/" principal first. If that fails, fall back to getting a "host/" principal. Signed-off-by: Jeff Layton <jlayton@redhat.com>
* cifs.upcall: declare a structure for holding decoded argsJeff Layton2009-10-161-30/+33
| | | | | | | | The argument list for the decoder is becoming rather long. Declare an args structure and use that for holding the args. This also simplifies pointer handling a bit. Signed-off-by: Jeff Layton <jlayton@redhat.com>
* cifs.upcall: formatting cleanupJeff Layton2009-10-161-47/+37
| | | | | | Clean up some unneeded curly braces, and fix some indentation. Signed-off-by: Jeff Layton <jlayton@redhat.com>
* cifs.upcall: clean up logging and add debug messagesJeff Layton2009-10-161-32/+47
| | | | | | | | | | | | Change the log levels to be more appropriate to the messages being logged. Error messages should be LOG_ERR and not LOG_WARNING, for instance. Add some LOG_DEBUG messages that we can use to diagnose problems with krb5 upcalls. With these, someone can set up syslog to log daemon.debug and should be able to get more info when things aren't working. Signed-off-by: Jeff Layton <jlayton@redhat.com>
* Attempt to fix the build -- jlayton, please check!Volker Lendecke2009-10-161-1/+1
|
* cifs.upcall: use pid value from kernel to determine KRB5CCNAME to useJeff Layton2009-10-161-12/+75
| | | | | | | | If the kernel sends the upcall a pid of the requesting process, we can open that process' /proc/<pid>/environ file and scrape the KRB5CCNAME value out of it. Signed-off-by: Jeff Layton <jlayton@redhat.com>
* s3:winbind: Fix bug 6793 -- segfault in winbindd_pam_authVolker Lendecke2009-10-161-7/+8
|
* s3/aio: Correctly handle aio_error() and errno.Olaf Flebbe2009-10-151-35/+26
| | | | Fix bug #6805.
* Fix bug 6811 - pam_winbind references freed memory. s3: Fix reference to ↵Bo Yang2009-10-151-3/+4
| | | | freed memory in pam_winbind.
* WHATSNEW: Start WHATSNEW for 3.3.10.Karolin Seeger2009-10-151-2/+46
| | | | Karolin
* VERSION: Raise version number up to 3.3.10.Karolin Seeger2009-10-151-1/+1
| | | | Karolin
* WHATSNEW: Update changes.Karolin Seeger2009-10-121-0/+1
| | | | Karolin
* WHATSNEW. Update changes since 3.3.8.Karolin Seeger2009-10-121-0/+5
| | | | Karolin
* s3:wbc_sid: Fix build.Karolin Seeger2009-10-121-2/+2
| | | | | | Use talloc_free instead of TALLOC_FREE. Signed-off-by: Volker Lendecke <vl@samba.org>
* s3: Fix a memleak reported by dmarkey (cherry picked from commit ↵Volker Lendecke2009-10-121-0/+4
| | | | | | 5aeb954ba9382e1975c64ac96f1e377ed6af3ae0) Fix bug #6797.
* s3:smbclient: Fix bug 6606 (reported as 6744) in 3.3Volker Lendecke2009-10-121-20/+168
| | | | | | This is a port of 1f34ffa0ca and 24309bdb2efc to 3.3. Fix file corruption using smbclient with NT4 server.
* Correct fix for bug 6781 - Cannot rename subfolders in Explorer view with ↵Jeremy Allison2009-10-091-2/+7
| | | | recent versions of Samba. Without this fix, renaming a directory ./a to ./b, whilst a directory ./aa was already open would fail. Jeremy.
* Fix bug 6769 - symlink unlink does nothing. Jeremy.Jeremy Allison2009-10-093-27/+85
|
* s3:mount.cifs: make "mount.cifs -V" print the version, not usage.Michael Adam2009-10-091-5/+28
| | | | | | | | | | (cherry-picked from d7ca4997017e86b6f23ced64f1f1672bfb15716b) Also make "mount.cifs -h" not exit with error exit code but with return code 0. Michael Part 2/2 of a fix for bug #6692 (mount.cifs segfault).
* Revert "cifs mount did not properly display version string when no other ↵Jeff Layton2009-10-091-8/+0
| | | | | | | | parameters passed in." This reverts commit c7bf0f4c222ae46be2a751997e03197832b494cd. Part 1/2 of a fix for bug #6692.
* WHATSNEW: Add more coherent explanation for bug #6680.Karolin Seeger2009-10-081-2/+2
| | | | Karolin
* s3-pamsmbpass: copy _pam_get_item and _pam_get_data from pam_winbind.Günther Deschner2009-10-085-18/+45
| | | | | | Fix bug #6790. Guenther
* WHATSNEW: List major enhancements.Karolin Seeger2009-10-081-1/+2
| | | | Karolin
* WHATSNEW: Update release notes.Karolin Seeger2009-10-081-2/+11
| | | | Karolin
* s3-{u}mount.cifs: remove unrequired dependency on popt.Günther Deschner2009-10-081-4/+4
| | | | | | Fixes bug #6789. Guenther
* s3:winbind: Only ever handle one event after a select callVolker Lendecke2009-10-081-2/+6
| | | | | | | While handling an fd event, the situation with other fds can change. I've just seen a winbind stuck in the accept() call on the privileged pipe. I can only imagine this happen because under high load we first handled other requests and meanwhile the client on the privileged pipe went away.
* Fix bug 6776 - Running overlapping Byte Lock test will core dump Samba ↵Jeremy Allison2009-10-081-137/+214
| | | | daemon. Re-write core of POSIX locking logic. Jeremy.
* s3:smbd: Fix bug 6690, wrong error checkAndrew Klosterman2009-10-081-1/+1
|
* s3:winbindd_cm: don't invalidate the whole connection when just samr gave ↵Stefan Metzmacher2009-10-081-1/+12
| | | | | | ACCCESS_DENIED metze
* s3:rpc_server: we need to make a copy of my_name in serverinfo_to_SamInfo3()Günther Deschner2009-10-081-1/+1
| | | | | | This is important for the case the server_info already contains a logon_server. metze
* s3-rpc_client: fix rpccli_set_timeout to cope with abstract transport.Günther Deschner2009-10-081-3/+7
| | | | | | taken from: b7094c0b804984de8e0b50c17e7908a2685df557 Guenther
* s3:winbind: Fix an uninitialized variable (cherry picked from commit ↵Volker Lendecke2009-10-081-1/+1
| | | | 0724649a8a7c04d015317d9dc2ae43ee87c1bd25)
* s3-winbindd: Fix Bug #6711: trusts to windows 2008 (2008 r2) not working.Günther Deschner2009-10-083-5/+63
| | | | | | | | | | | | Winbindd should always try to use LSA via an schannel authenticated ncacn_ip_tcp connection when talking to AD for LSA lookup calls. In Samba <-> W2k8 interdomain trust scenarios, LookupSids3 and LookupNames4 via an schannel ncacn_ip_tcp LSA connection are the *only* options to successfully resolve sids and names. Guenther (cherry picked from commit 6a8ef6c424c52be861ed2a9806f917a64ec892a6)
generated by cgit (git 2.34.1) at 2025-09-04 09:23:09 +0000