IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Windows allows up to 127 byte passwords, and we using a 64 byte limit
in most places and a 16 byte limit when using the "pass=" mount option
Acked-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
Convert all uses of cli_open(), cli_nt_createXXX to NTSTATUS versions.
This is smaller than it looks, it just fixes a lot of old code.
Next up, ensure all cli_XX functions return NTSTATUS.
Jeremy.
callers pass in a struct user_auth_info * instead. This commit causes
smbc_set_credentials() to print out a message telling callers to use
smbc_set_credentials_with_fallback() instead, as smbc_set_credentials()
has a broken API (no SMBCCTX * pointer). No more global variables used
in the connection manager API for client dfs calls.
Jeremy.
the problem that stops libsmbclient being thread safe. Subsidiary
DFS connections are now hung off a list inside the cli_state struct.
Much more to do in order to get libsmbclient to thread safety, but
this is a good start.
Jeremy.
This reverts commit 9579a6f193.
It's confusing to have a boolean to alter the behavior of cli_push
and as the new feature isn't used yet I revert it.
We can readd a extra function later.
metze
guest session setup, login (user id) as anonymous.
This patch is for samba bugzilla bug 4640.
Signed-off-by: Shirish Pargaonkar <shirishp@us.ibm.com>
Acked-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@samba.org>
The value of rc in main() isn't initialized in the declaration. This
wasn't a problem before, but Shirish's fakemount patch can make it so
that we return the uninitialized variable if the -n flag is used.
Fix this by initializing rc to 0.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
This patch removes the remaining entry in /etc/mtab after a filesystem
is unmounted by canonicalizing the mountpoint supplied on the command
line.
Please refer to bug 4370 in samba bugzilla.
version.h changes rather frequently. Since it is included via includes.h,
this means each C file will be a cache miss. This applies to the following
situations:
* When building a new package with a new Samba version
* building in a git branch after calling mkversion.sh
after a new commit (i.e. virtually always)
This patch improves the situation in the following way:
* remove inlude "version.h" from includes.h
* Use samba_version_string() instead of SAMBA_VERSION_STRING
in files that use no other macro from version.h instead of
SAMBA_VERSION_STRING.
* explicitly include "version.h" in those files that use more
macros from "version.h" than just SAMBA_VERSION_STRING.
Michael
The current name resolution scheme in mount.cifs is IPv4 only. Expand
it to be protocol-independent. Also take advantage of the fact that
getaddrinfo() returns a list of addresses and have mount.cifs try each
in turn until it hits one that's reachable and allows the socket to
connect.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
smbfs also would use the USER environment variable if the user was not
specified on the mount command and no credential file specified, and
mount.cifs man page says that we will use this environment variable
(in most cases this will not cause a behavior change, because
we were doing getuid of the current process which will usually be
the same name).
Fixes Samba bug #5934
Acked-by: Jeff Layton
The util-linux-ng sources have a good, but rather complex scheme for
locking the mtab before updating it. Mount helpers need to follow the
same scheme. Advisory locking only works if everyone is using the same
locking scheme.
Copy the routines we need from util-linux-ng into a separate source file
and then have mount.cifs and umount.cifs link in this object.
The long term goal is to have these routines in a separate helper
library (libmount). Mount helpers can then dynamically link in that lib.
Until that happens, this should serve as a suitable stopgap solution.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
The manpage for /bin/mount specifies that the return code should be a
positive integer (actually, it's a bitfield). Clean up the return
codes from mount.cifs to make them match the expected return values
from /bin/mount. This necessary for proper integration with autofs.
This is the third attempt at this patch. The changes here are minor,
just changing some return's from main() into exit() calls for
consistency's sake.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
We currently don't attempt to uppercase the device portion of the mount
string if there isn't a prefixpath. Fix that by making uppercase_string
return success without doing anything on a NULL pointer.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
...to silence -Wmissing-prototypes and some uninit'ed variable
warnings. Thanks to GD for the extra-paranoid compiler flags.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
(This used to be commit f0ee2c145f)
When we added the ability for the kernel to send sec=mskrb5 to the
upcall, we subtly broke old cifs.upcall versions that don't understand
it. Bump the spnego message version to 2 to make this clear. Also,
change cifs.upcall to not reject requests with a version that's lower
than the current one, and to send the reply with the same version that
the request sent. The idea is to try and keep cifs.upcall backward
compatible with old kernels.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
(This used to be commit b868463015)
When the kernel sends the upcall a sec=mskrb5 parameter, that means
the the MSKRB5 OID is preferred by the server. This patch fixes the
upcall to use that OID in place of the "normal" krb5 OID when it
gets a sec=mskrb5 parameter.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Acked-by: Steve French <smfrench@gmail.com>
(This used to be commit 6287e13b34)
krb5 mounts require that the user already have a valid krb5 ticket.
Since we can't currently use the password entered, don't prompt for it.
Also, switch to using strncmp instead of strcmp here.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
(This used to be commit c75791c34a)
When a request-key upcall exits without instantiating a key, the kernel
will negatively instantiate the key with a 60s timeout. Older kernels,
however seem to also link that key into the session keyring. This
behavior can interefere with subsequent mount attempts until the
key times out. The next request_key() call will get this negative key
even if the upcall would have worked the second time.
Fix this by having cifs.upcall negatively instantiate the key itself
with a 1s timeout and don't attach it to the session keyring.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
(This used to be commit f760dd3f31)
client/cifs.upcall.c:205: warning: function declaration isn’t a prototype
This patch fixes this by properly declaring usage() args as void.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@samba.org>
(This used to be commit 148a012421)
The "cifs.resolver" key type has been changed to "dns_resolver". Fix
the comments at the top of cifs.upcall and the manpage accordingly.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@samba.org>
---
docs-xml/manpages-3/cifs.upcall.8.xml | 4 ++--
source/client/cifs.upcall.c | 8 ++++----
2 files changed, 6 insertions(+), 6 deletions(-)
(This used to be commit 24a93d03c2)
(so parsing for domain parameter in mount.cifs matches online help)
and rephrasing original code to make it more clear.
The check for "domain" was meant to allow for "dom" or "DOM" and the
option ("dom") described in the help (e.g. "/sbin/mount.cifs -?") is the
shorter ("dom") form. The reason that the string we compare against
is larger was to improve readability (we could compare against "dom"
but note /* "domain" or "DOMAIN" or "dom" or "DOM" */ but it seemed
terser to just show the larger string in the strcmp target. The
change to "workgoup" from workg* (anything which begins with "workg"
doesn't matter - it is a minor behavior change - but probably few
scripts depend on the "alias" for this option).
Rework code so that it is clearer what we are comparing against.
(This used to be commit 92fad0fc53)
(as a synonym for the older "cifs.resolver" name) when resolving host
names to ip addresses for the kernel.
Acked-by: Jeff Layton
(This used to be commit 22c36b27c6)
Steve French noticed these warnings when building cifs.upcall:
Compiling client/cifs.upcall.c
client/cifs.upcall.c: In function 'usage':
client/cifs.upcall.c:204: warning: declaration of 'prog' shadows a global declaration
client/cifs.upcall.c:33: warning: shadowed declaration is here
Change the usage function to not take and arg and have it just use the global
"prog" variable. Fix a typo in the log message generated when an unknown
option is specified. Also getopt() always returns '?' when it sees an unknown
option so there's no point in printing it out.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
(This used to be commit 4b8362f977)
binary. The biggest change is that it renames it from cifs.spnego
to cifs.upcall since the cifs.spnego name really isn't applicable
anymore.
It also fixes a segfault when the program is run without any args
and adds a manpage. Comments and/or suggestions appreciated.
This set should apply cleanly to the 3.3 test branch.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Jeremy.
(This used to be commit c633f10d9e)
All,
Noticed that smbspool.c still has my Easy Software Products copyright
on it. The following patch fixes it to match the other code I've
contributed over the years...
Jeremy.
(This used to be commit 9f5897e28d)
SAFE_FREE. Use #define constants not arbitrary numbers. Stevef
please check. Karolyn, once Steve has checked please pull for
3.2-stable.
Jeremy.
(This used to be commit cc23f91d63)
There were a couple of places where we weren't checking for
authentication correctly. This chance fixes those places and properly
supports Kerberos where available.
(This used to be commit 8eff35bc4a)
To summarize the changes, the patches remove the old (probably non-
working) Kerberos support code which is unnecessary with CUPS 1.3
and adds some checks on the NT status we get back to see whether
the connection error is related to authentication. If so, we send
the ATTR: message to tell CUPS we need a username and password and
return exit code 2 so cupsd will do the right thing.
AUTH_USERNAME, AUTH_PASSWORD, and KRB5CCNAME are set and supported
by CUPS 1.3. The new exit code is supported by CUPS 1.2.x and 1.3,
and it treated as a general failure in CUPS 1.1. The ATTR: message
is only supported by CUPS 1.3, while CUPS 1.2 will assume the
"username,password" value we are setting.
The current code only uses the AUTH_* env vars if they are set.
If not, we fall back to the previous behavior.
I really can't tell whether the Kerberos code that was in there
would work at all. It did not work for Mac OS X which is why
I dropped it.
(This used to be commit 8c12c5cea0)
This patch is the second patch to attempt to fix up some of the problems
with mounting subdirectories of shares. The earlier patch didn't handle
this correctly when POSIX extensions were enabled. This one does.
This is a bit of a confusing area since the different components of
a service string have different rules:
1) hostname: no '/' (slash) or '\' (backslash) is allowed to be
embedded within the string
2) sharename: same rules as hostname
3) prefixpath: '\' *is* allowed to be embedded in a path component,
iff POSIX extensions are enabled. Otherwise, neither
character is allowed.
The idea here is to allow either character to act as a delimiter when we
know that the character can't be anything but a delimiter (namely
everywhere up to the start of the prefixpath). The patch will convert
any '\' unconditionally to '/' in the UNC portion of the string.
However, inside the prefixpath, we can't make assumptions about what
constitutes a delimiter because POSIX allows for embedded '\'
characters. So there we don't attempt to do any conversion, and pass the
prefixpath to the kernel as is. Once the kernel determines whether POSIX
extensions are enabled, it can then convert the path if needed and it's
able to do so. A patch to handle this has already been committed to the
cifs-2.6 git tree.
This patch also fixes an annoyance. When you mount a subdir of a share,
mount.cifs munges the device string so that you can't tell what the
prefixpath is. So if I mount:
//server/share/p1/p2/p3
..then /proc/mounts and mtab will show only:
//server/share
Finally, it also tries to apply some consistent rules to the uppercasing
of strings.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
(This used to be commit e03d1dfdb8)
I did not do any scientific tests, but the dummy test on my laptop against a
w2k3 vmware shows that in this specific situation going beyond 512k seems not
to gain anything anymore.
smb: \> iosize 64512
iosize is now 64512
smb: \> lcd /dev
smb: \> get random null
getting file \random of size 104857600 as null (33453,1 kb/s) (average 19718,5 kb/s)
smb: \> get random null
getting file \random of size 104857600 as null (34236,0 kb/s) (average 20509,1 kb/s)
smb: \> iosize 524288
iosize is now 524288
smb: \> get random null
getting file \random of size 104857600 as null (49042,1 kb/s) (average 22521,9 kb/s)
smb: \> get random null
getting file \random of size 104857600 as null (49420,8 kb/s) (average 23432,9 kb/s)
smb: \> iosize 1048576
iosize is now 1048576
smb: \> get random null
getting file \random of size 104857600 as null (49420,8 kb/s) (average 24284,2 kb/s)
smb: \> get random null
getting file \random of size 104857600 as null (49136,3 kb/s) (average 25076,9 kb/s)
(This used to be commit 1bcfef6a90)
This is the big (and potentially controversial) one. It took a phone call to
explain to metze what is going on inside cli_pull_read_done, but I would really
like everybody to understand this function. It is a very good and reasonably
complex example of async programming. If we want more asynchronism in s3, this
is what we will have to deal with :-)
Make use of it in the smbclient "get" command.
Volker
(This used to be commit 76f9b360ee)
This is the big (and potentially controversial) one. It took a phone call to
explain to metze what is going on inside cli_pull_read_done, but I would really
like everybody to understand this function. It is a very good and reasonably
complex example of async programming. If we want more asynchronism in s3, this
is what we will have to deal with :-)
Make use of it in the smbclient "get" command.
Volker
(This used to be commit 844a163458)
This reverts commit 6b1a118eaa.
We found that this patch does not play well with currently released cifs.ko
code, so after discussions with Jeff Layton and Steve french we decided it
is best to back it off and re-think a better approach. Jeff will send new
patches later, but for now it is better to just revert to the previous code
(This used to be commit c5b7d538ec)
Here is a patch for userspace cifs.spnego handler that adds support for cifs.resolver
upcall used in DFS code.
Any comments are appreciated.
#############################
Cifs upcall with key type cifs.resolver is used for resolving
server names in handling DFS refferals.
Signed-off-by: Igor Mammedov <niallain@gmail.com>
(This used to be commit dfc80b4f1c)
on a share (or global) and have the server reply with
ACCESS_DENIED for all non-encrypted traffic (except
that used to query encryption requirements and set
encryption state).
Jeremy.
(This used to be commit d241bfa577)
Only client.c and clitar.c used this, I think they should carry the static
themselves. Also move the a bit funny routine toktocliplist to clitar.c, the
only place where it is used.
(This used to be commit 86d9412611)
for bug #4780. Cause user mounts to inherit uid= and gid= from the
calling user when called as non-root, except when overridden on the
commandline.
Jeremy.
(This used to be commit 7fad5f38ea)
authorization
* Added -c option to set service prefix to "cifs" in service principal by
default service prefix "host" is used
* replaced malloc/free/srtncpy with replacements from samba project
Signed-off-by: Igor Mammedov <niallain@gmail.com>
(This used to be commit 705f06a031)
Remove pstring from libsmb/clidfs.c except for a nasty
hack (that will be removed when pstrings are gone from
client/).
Jeremy.
(This used to be commit cc257b71d1)
Canonicalize mountpoint by trimming trailing slashes before unmounting.
This allows for correct cleanup of /etc/mtab after unmounting.
Thanks to Steve Langasek <vorlon@debian.org>.
Michael
(This used to be commit 118fd6213d)
one horror (pstring_clean_name()) which will have to
remain until I've removed all pstrings from the client code.
Jeremy.
(This used to be commit 1ea3ac8014)
Each cli struct has it's own local copy of this variable,
so use that in client code. In the smbd server, add one
static to smbd/proccess.c and use that inside smbd. Fix
a bunch of places where smb_rw_error could be set by
calling read_data() in places where we weren't reading
from the SMB client socket (ie. winbindd).
Jeremy.
(This used to be commit 255c2adf7b)
the incoming buffer in the non-signed case. Speeds
up writes by over 10% or so. Complete the server
recvfile implementation.
Jeremy.
(This used to be commit 81ca5853b2)
zero_addr(&ss). All current uses were always of the
AF_INET form, so simplify the call. If in the future
we need to zero an addr to AF_INET6 this can be
done separately.
Jeremy.
(This used to be commit 2e92418a13)
Hi!
Can you check and push them?
Thanks,
Volker
From b488af5905e2dee12a1a72a3b40801ae5c26f24f Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl@sernet.de>
Date: Sat, 27 Oct 2007 14:20:09 +0200
Subject: [PATCH] Fix some warnings and errors
(This used to be commit e17d3e10e8)
to struct sockaddr_storage in most places that matter (ie.
not the nmbd and NetBIOS lookups). This passes make test
on an IPv4 box, but I'll have to do more work/testing on
IPv6 enabled boxes. This should now give us a framework
for testing and finishing the IPv6 migration. It's at
the state where someone with a working IPv6 setup should
(theorecically) be able to type :
smbclient //ipv6-address/share
and have it work.
Jeremy.
(This used to be commit 98e154c312)
bugs in various places whilst doing this (places that assumed
BOOL == int). I also need to fix the Samba4 pidl generation
(next checkin).
Jeremy.
(This used to be commit f35a266b3c)
IPv6 in winbindd, but moves most of the socket functions that were
wrongly in lib/util.c into lib/util_sock.c and provides generic
IPv4/6 independent versions of most things. Still lots of work
to do, but now I can see how I'll fix the access check code.
Nasty part that remains is the name resolution code which is
used to returning arrays of in_addr structs.
Jeremy.
(This used to be commit 3f6bd0e1ec)
Thanks to SATOH Fumiyasu
Fixes 4720
Jerry,
this is a showstopper for 3.0.25b, please grab it into
SAMBA_3_0_RELEASE before cuting the tarballs.
Simo.
(This used to be commit d2846e6b90)
Got report this is all ok form a tester. Close a loong
standing bug preventing people to freely use any character
in their password when printing via cups were involved.
(This used to be commit 54ca011212)
process deep dfs links (ie. links that go to non root
parts of a share). Make the directory handling conanonical
in POSIX and Windows pathname processing.
dfs should not be fully working in client tools. Please
bug me if not.
Jeremy.
(This used to be commit 1c9e10569c)
for utimes - change the call to ntimes. This preserves
nsec timestamps we get from stat (if the system supports
it) and only maps back down to usec or sec resolution
on time set. Looks bigger than it is as I had to move
lots of internal code from using time_t and struct utimebuf
to struct timespec.
Jeremy.
(This used to be commit 8f3d530c5a)
add [ref] pointers where necessary (top-level [ref] pointers,
by spec, don't appear on the wire).
This brings us closer to the DCE/RPC standard again.
(This used to be commit 580f2a7197)
This has had some basic testing. I'll do more during the next couple of days and hopefully also
make RPC-SRVSVC from Samba4 pass against it.
(This used to be commit ef10672399)
on the wire. This allows us to go to nsec resolution
for systems that support it. It should also now be
easy to add a correct "create time" (birth time)
for systems that support it (*BSD). I'll be watching
the build farm closely after this one for breakage :-).
Jeremy.
(This used to be commit 425280a1d2)
