IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This one fixes together with 2eaf4ed62 bug #5715 and CVE-2008-3789.
Thanks to Steve Langasek <vorlon@debian.org> for reporting!
Karolin
(cherry picked from commit b666d0a4b5)
(This used to be commit 73f54df7fe)
When MS introduces a new PAC type, we should just ignore it, not
generate a parse error. New PAC info structures are supposed to be
backwards compatible with old ones
(This used to be commit 2971b926c8)
We need to become root for AIO read and write to allow the AIO thread
to send a completion signal to the parent process when the IO
completes
(This used to be commit c548e5c69f)
See this test: http://samba.org/~tridge/junkcode/aio_uid.c
The problem is that setresuid() tries to be clever about threads, and
tries to change the euid of any threads that are running. If a AIO read
or write completes while this is going on then the signal from the thread
where the IO completed is lost, as it gets -1/EPERM from rt_sigqueueinfo()
The simplest fix is to try to use setreuid() instead of setresuid(),
as setreuid() doesn't try to be clever. Unfortunately this also means
we must use become_root()/unbecome_root() in the aio code.
(This used to be commit 56c5a6f024)
Fix segv when talking to parent DC (joined to child domain).
The root cause was
(a) storing the parent domain in the cli_state struct caused
the NTLMSSP pipe bind to fail which made us fallover to
the schannel code path
(b) the dcinfo pointer in cm_get_schannel_dcinfo() was returning
NULL even though the function indicated success.
(This used to be commit 5ce4a2ae66)
When we added the ability for the kernel to send sec=mskrb5 to the
upcall, we subtly broke old cifs.upcall versions that don't understand
it. Bump the spnego message version to 2 to make this clear. Also,
change cifs.upcall to not reject requests with a version that's lower
than the current one, and to send the reply with the same version that
the request sent. The idea is to try and keep cifs.upcall backward
compatible with old kernels.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
(This used to be commit b868463015)
When building on linux, default to building cifs.upcall. Throw a
warning if ADS support is disabled or keyutils isn't installed.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
(This used to be commit d8018d15f0)
cifs.upcall links to libraries that live under /usr, so installing it
in /sbin doesn't seem appropriate. Move it to EPREFIX/sbin instead
(i.e. /usr/sbin).
Signed-off-by: Jeff Layton <jlayton@redhat.com>
(This used to be commit 5c9a1b2c98)
When the kernel sends the upcall a sec=mskrb5 parameter, that means
the the MSKRB5 OID is preferred by the server. This patch fixes the
upcall to use that OID in place of the "normal" krb5 OID when it
gets a sec=mskrb5 parameter.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Acked-by: Steve French <smfrench@gmail.com>
(This used to be commit 6287e13b34)
krb5 mounts require that the user already have a valid krb5 ticket.
Since we can't currently use the password entered, don't prompt for it.
Also, switch to using strncmp instead of strcmp here.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
(This used to be commit c75791c34a)
When we negotiated NETLOGON_NEG_PASSWORD_SET2 we need to use
NetrServerPasswordSet2 to change the machine password.
Tested with NT4, W2k, W2k3 and W2k8.
Guenther
(This used to be commit 5820360451)
