| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
...to silence -Wmissing-prototypes
Signed-off-by: Jeff Layton <jlayton@redhat.com>
|
| |
|
|
|
|
|
| |
...to silence -Wmissing-prototypes and some uninit'ed variable
warnings. Thanks to GD for the extra-paranoid compiler flags.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
|
| |
|
|
|
| |
Make this match the non-ACL case.
Jeremy.
|
| |
|
|
|
|
|
| |
<fumiyas@osstech.co.jp>.
Fix for smbclient and libsmbclient.
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| | |
|
| |
|
|
| |
Thanks to Christophe Curis for the suggestion
|
| |
|
|
|
|
|
|
|
|
|
|
| |
When we added the ability for the kernel to send sec=mskrb5 to the
upcall, we subtly broke old cifs.upcall versions that don't understand
it. Bump the spnego message version to 2 to make this clear. Also,
change cifs.upcall to not reject requests with a version that's lower
than the current one, and to send the reply with the same version that
the request sent. The idea is to try and keep cifs.upcall backward
compatible with old kernels.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
|
| |
|
|
| |
Signed-off-by: Jeff Layton <jlayton@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
When the kernel sends the upcall a sec=mskrb5 parameter, that means
the the MSKRB5 OID is preferred by the server. This patch fixes the
upcall to use that OID in place of the "normal" krb5 OID when it
gets a sec=mskrb5 parameter.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Acked-by: Steve French <smfrench@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
krb5 mounts require that the user already have a valid krb5 ticket.
Since we can't currently use the password entered, don't prompt for it.
Also, switch to using strncmp instead of strcmp here.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
|
| |
|
|
|
|
|
| |
This one was introduced with 8eff35bc.
Thanks to Noèl Köthe for tracking that down!
Karolin
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
When a request-key upcall exits without instantiating a key, the kernel
will negatively instantiate the key with a 60s timeout. Older kernels,
however seem to also link that key into the session keyring. This
behavior can interefere with subsequent mount attempts until the
key times out. The next request_key() call will get this negative key
even if the upcall would have worked the second time.
Fix this by having cifs.upcall negatively instantiate the key itself
with a 1s timeout and don't attach it to the session keyring.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
|
| |
|
|
|
| |
as proposed by James Peach.
Jeremy.
|
| |
|
|
|
|
|
|
|
| |
client/cifs.upcall.c:205: warning: function declaration isn’t a prototype
This patch fixes this by properly declaring usage() args as void.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@samba.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The "cifs.resolver" key type has been changed to "dns_resolver". Fix
the comments at the top of cifs.upcall and the manpage accordingly.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@samba.org>
---
docs-xml/manpages-3/cifs.upcall.8.xml | 4 ++--
source/client/cifs.upcall.c | 8 ++++----
2 files changed, 6 insertions(+), 6 deletions(-)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(so parsing for domain parameter in mount.cifs matches online help)
and rephrasing original code to make it more clear.
The check for "domain" was meant to allow for "dom" or "DOM" and the
option ("dom") described in the help (e.g. "/sbin/mount.cifs -?") is the
shorter ("dom") form. The reason that the string we compare against
is larger was to improve readability (we could compare against "dom"
but note /* "domain" or "DOMAIN" or "dom" or "DOM" */ but it seemed
terser to just show the larger string in the strcmp target. The
change to "workgoup" from workg* (anything which begins with "workg"
doesn't matter - it is a minor behavior change - but probably few
scripts depend on the "alias" for this option).
Rework code so that it is clearer what we are comparing against.
|
| |
|
|
|
|
|
| |
(as a synonym for the older "cifs.resolver" name) when resolving host
names to ip addresses for the kernel.
Acked-by: Jeff Layton
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Steve French noticed these warnings when building cifs.upcall:
Compiling client/cifs.upcall.c
client/cifs.upcall.c: In function 'usage':
client/cifs.upcall.c:204: warning: declaration of 'prog' shadows a global declaration
client/cifs.upcall.c:33: warning: shadowed declaration is here
Change the usage function to not take and arg and have it just use the global
"prog" variable. Fix a typo in the log message generated when an unknown
option is specified. Also getopt() always returns '?' when it sees an unknown
option so there's no point in printing it out.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
|
| |
|
|
| |
Pass in ndr_syntax_id instead of pipe_idx, return NTSTATUS
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
binary. The biggest change is that it renames it from cifs.spnego
to cifs.upcall since the cifs.spnego name really isn't applicable
anymore.
It also fixes a segfault when the program is run without any args
and adds a manpage. Comments and/or suggestions appreciated.
This set should apply cleanly to the 3.3 test branch.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Jeremy.
|
| |
|
|
|
|
| |
strlcat gives error.
Jeremy.
|
| |
|
|
|
|
|
|
| |
Steve, please check!
Thanks,
Volker
|
| |
|
|
|
|
|
| |
Thanks to "No Body is Perfect" from gmail, whoever that is :-)
Volker
(cherry picked from commit 679d8dfa390601f777bfb43c02cd921eae5edcf4)
|
| |\
| |
| |
| | |
v3-3-test
|
| | |
| |
| |
| |
| | |
can result in a buffer overrun.
Jeremy.
|
| |/
|
|
|
|
|
|
|
|
| |
All,
Noticed that smbspool.c still has my Easy Software Products copyright
on it. The following patch fixes it to match the other code I've
contributed over the years...
Jeremy.
|
| | |
|
| |
|
|
| |
Michael
|
| | |
|
| |
|
|
| |
Michael
|
| |
|
|
| |
Guenther
|
| |
|
|
|
| |
cases.
Jeremy.
|
| |
|
|
|
|
| |
Introduced by me in the strlcpy cleanup. Ensure the
loaded password doesn't contain the '\n' at the end.
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
| |
Karolin
|
| |
|
|
|
|
|
| |
SAFE_FREE. Use #define constants not arbitrary numbers. Stevef
please check. Karolyn, once Steve has checked please pull for
3.2-stable.
Jeremy.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
There were a couple of places where we weren't checking for
authentication correctly. This chance fixes those places and properly
supports Kerberos where available.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To summarize the changes, the patches remove the old (probably non-
working) Kerberos support code which is unnecessary with CUPS 1.3
and adds some checks on the NT status we get back to see whether
the connection error is related to authentication. If so, we send
the ATTR: message to tell CUPS we need a username and password and
return exit code 2 so cupsd will do the right thing.
AUTH_USERNAME, AUTH_PASSWORD, and KRB5CCNAME are set and supported
by CUPS 1.3. The new exit code is supported by CUPS 1.2.x and 1.3,
and it treated as a general failure in CUPS 1.1. The ATTR: message
is only supported by CUPS 1.3, while CUPS 1.2 will assume the
"username,password" value we are setting.
The current code only uses the AUTH_* env vars if they are set.
If not, we fall back to the previous behavior.
I really can't tell whether the Kerberos code that was in there
would work at all. It did not work for Mac OS X which is why
I dropped it.
|
| | |
|
| |
|
|
| |
This reduces the dependency on cli_state
|
| |
|
|
|
|
| |
connect on port 139 with IPv6. Found by David Holder @ Erion.
Karolin please merge to 3.2-stable.
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch is the second patch to attempt to fix up some of the problems
with mounting subdirectories of shares. The earlier patch didn't handle
this correctly when POSIX extensions were enabled. This one does.
This is a bit of a confusing area since the different components of
a service string have different rules:
1) hostname: no '/' (slash) or '\' (backslash) is allowed to be
embedded within the string
2) sharename: same rules as hostname
3) prefixpath: '\' *is* allowed to be embedded in a path component,
iff POSIX extensions are enabled. Otherwise, neither
character is allowed.
The idea here is to allow either character to act as a delimiter when we
know that the character can't be anything but a delimiter (namely
everywhere up to the start of the prefixpath). The patch will convert
any '\' unconditionally to '/' in the UNC portion of the string.
However, inside the prefixpath, we can't make assumptions about what
constitutes a delimiter because POSIX allows for embedded '\'
characters. So there we don't attempt to do any conversion, and pass the
prefixpath to the kernel as is. Once the kernel determines whether POSIX
extensions are enabled, it can then convert the path if needed and it's
able to do so. A patch to handle this has already been committed to the
cifs-2.6 git tree.
This patch also fixes an annoyance. When you mount a subdir of a share,
mount.cifs munges the device string so that you can't tell what the
prefixpath is. So if I mount:
//server/share/p1/p2/p3
..then /proc/mounts and mtab will show only:
//server/share
Finally, it also tries to apply some consistent rules to the uppercasing
of strings.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
|
| | |
|
| | |
|
| |
|
|
| |
dirmask is always set here, we've dereferenced it before anyway
|
