Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2009-06-06 | mount.cifs: properly check for mount being in fstab when running setuid root ↵ | Jeff Layton | 1 | -40/+162 | |
(try#3) This is the third attempt to clean up the checks when a setuid mount.cifs is run by an unprivileged user. The main difference in this patch from the last one is that it fixes a bug where the mount might have failed if unnecessarily if CIFS_LEGACY_SETUID_CHECK was set. When mount.cifs is installed setuid root and run as an unprivileged user, it does some checks to limit how the mount is used. It checks that the mountpoint is owned by the user doing the mount. These checks however do not match those that /bin/mount does when it is called by an unprivileged user. When /bin/mount is called by an unprivileged user to do a mount, it checks that the mount in question is in /etc/fstab, that it has the "user" option set, etc. This means that it's currently not possible to set up user mounts the standard way (by the admin, in /etc/fstab) and simultaneously protect from an unprivileged user calling mount.cifs directly to mount a share on any directory that that user owns. Fix this by making the checks in mount.cifs match those of /bin/mount itself. This is a necessary step to make mount.cifs safe to be installed as a setuid binary, but not sufficient. For that, we'd need to give mount.cifs a proper security audit. Since some users may be depending on the legacy behavior, this patch also adds the ability to build mount.cifs with the older behavior. Signed-off-by: Jeff Layton <jlayton@redhat.com> | |||||
2009-06-07 | s3-samr: fix _QueryDisplayInformation r->out.returned_size. | Günther Deschner | 1 | -1/+1 | |
*r->out.returned_size needs to be 0 if nothing was enumerated. Found by RPC-SAMR torture test. Guenther | |||||
2009-06-07 | s3-samr: remove total_data_size variable in _samr_QueryDisplayInfo. | Günther Deschner | 1 | -5/+2 | |
Guenther | |||||
2009-06-07 | s3-samr: let _samr_SetGroupInfo level 3 just pass with success. | Günther Deschner | 1 | -0/+2 | |
Guenther | |||||
2009-06-07 | s3-samr: _samr_EnumDomain{Users,Groups} need to return an emtpy array even ↵ | Günther Deschner | 1 | -12/+12 | |
for builtin domain. Found by RPC-SAMR torture test. Guenther | |||||
2009-06-07 | s4-smbtorture: skip samr MultipleMember alias tests for 3 as well as we do ↵ | Günther Deschner | 1 | -2/+3 | |
already for s4. Guenther | |||||
2009-06-07 | s3-samr: cosmetic fixes for _samr_QueryDisplayInfo. | Günther Deschner | 1 | -20/+18 | |
use the variables of the struct samr_QueryDisplayInfo directly to make it easier to track where variables are defined from. Guenther | |||||
2009-06-06 | testsuite/nsswitch/get{gr,pw}ent_r.c(dump_{gr,pw}ent): fixed wrong condition. | Slava Semushin | 2 | -2/+2 | |
When fopen() fails it return NULL, so condition where return value less than zero never evaluated to truth. Found by cppcheck. | |||||
2009-06-06 | lib/tdb/tools/tdbtorture.c: fixed memory leak. | Slava Semushin | 1 | -0/+2 | |
Found by cppcheck: [lib/tdb/tools/tdbtorture.c:326]: (error) Memory leak: pids | |||||
2009-06-06 | s3/docs: Fix example. | Karolin Seeger | 1 | -2/+2 | |
The 'ldap suffix' is not added automatically to the 'ldap admin dn'. This fixes bug #5584. Thanks to Stefan Bauer <stefan.bauer [at] plzk.de> for reporting! Karolin | |||||
2009-06-06 | Attempt to fix the build without system-ldap. | Volker Lendecke | 1 | -1/+1 | |
I really tried, but I knew I would miss something... :-) | |||||
2009-06-06 | s3/passdb: Fix debug message: 'net setmaxrid' does not exist. | Karolin Seeger | 1 | -2/+2 | |
This is aiming bug #6351. Karolin | |||||
2009-06-06 | Add an early prototyp of pdb_ads.c. | Volker Lendecke | 3 | -1/+1290 | |
The purpose of this module is to connect to a locally running samba4 ldap server for an alternative "Franky" setup. Right now it contains a couple of gross hacks: For example it just takes the s4-chosed RID directly as uid/gid... Checking in tldap and pdb_ads now, I think 3777 insertions are enough for a start... | |||||
2009-06-06 | Allow access as SYSTEM on a privileged ldapi connection | Volker Lendecke | 1 | -13/+83 | |
This patch creates ldap_priv/ as a subdirectory under the private dir with the appropriate permissions to only allow the same access as the privileged winbind socket allows. Connecting to ldap_priv/ldapi gives SYSTEM access to the ldap database. | |||||
2009-06-06 | Add some samba-style tldap utility functions | Volker Lendecke | 4 | -1/+406 | |
2009-06-06 | Add the early start of an async ldap library | Volker Lendecke | 4 | -0/+2075 | |
There's a lot of things this does not do yet: For example it does not parse the reply blob in the sasl bind, it does not do anything with controls yet, a lot of the ldap requests are not covered yet. But it provides a basis for me to play with a pdb_ads passdb module. | |||||
2009-06-06 | s3:smbd: FSCTL_PIPE_TRANSCEIVE on a none IPC$ share should give NOT_SUPPORTED | Stefan Metzmacher | 1 | -1/+1 | |
metze | |||||
2009-06-06 | s3:smbd: return the same things as Windows 7 for SMB2 Ioctl responses | Stefan Metzmacher | 1 | -7/+23 | |
metze | |||||
2009-06-06 | Fix some nonempty blank lines | Volker Lendecke | 2 | -64/+60 | |
2009-06-06 | Use data_blob_null instead of data_blob(NULL, 0) | Volker Lendecke | 1 | -1/+1 | |
2009-06-06 | Fix an uninitialized variable read in async_connect_send | Volker Lendecke | 1 | -5/+5 | |
2009-06-06 | Allow AF_UNIX for open_socket_out | Volker Lendecke | 1 | -0/+4 | |
2009-06-06 | s3-winbindd: add some debug statements while tracking down a bug. | Günther Deschner | 2 | -2/+20 | |
Guenther | |||||
2009-06-06 | nss_wrapper: rename nwrap_cache_{re,un}load as per metzes request. | Günther Deschner | 1 | -10/+10 | |
Guenther | |||||
2009-06-05 | Make cli_ftruncate async. Also add a simple test. | Jeremy Allison | 4 | -74/+148 | |
Jeremy. | |||||
2009-06-06 | nss_wrapper: add support for loading nss_winbind.so via WINBIND_SO_PATH env. | Günther Deschner | 1 | -0/+12 | |
Guenther | |||||
2009-06-06 | nss_wrapper: fill in module nwrap_backend. | Günther Deschner | 1 | -13/+332 | |
Guenther | |||||
2009-06-05 | nss_wrapper: add missing return in nwrap_module_init(). | Günther Deschner | 1 | -0/+1 | |
Guenther | |||||
2009-06-05 | nss_wrapper: add skeleton for module nwrap_backend. | Günther Deschner | 1 | -0/+159 | |
Guenther | |||||
2009-06-05 | nss_wrapper: add capability to load nss modules. | Günther Deschner | 1 | -1/+115 | |
Guenther | |||||
2009-06-05 | nss_wrapper: add struct nwrap_backend. | Günther Deschner | 1 | -85/+320 | |
Guenther | |||||
2009-06-05 | s3:smbd: split smbd_smb2_flush() into a tevent_req based _send()/_recv() pair | Stefan Metzmacher | 1 | -25/+97 | |
metze | |||||
2009-06-05 | s3:smbd: split smbd_smb2_create() into a tevent_req based _send()/_recv() pair | Stefan Metzmacher | 1 | -99/+199 | |
metze | |||||
2009-06-05 | s3:smbd: fix the build in smb2_ioctl.c | Stefan Metzmacher | 1 | -1/+1 | |
metze | |||||
2009-06-05 | s3:smbd: add support for SMB2 Ioctl FSCTL_DFS_GET_REFERRALS | Stefan Metzmacher | 1 | -0/+74 | |
metze | |||||
2009-06-05 | s3:smbd: add support for STATUS_BUFFER_OVERFLOW to SMB2 Ioctl | Stefan Metzmacher | 1 | -5/+10 | |
metze | |||||
2009-06-05 | s3:smbd: keep the chain_fsp for SMB2 requests | Stefan Metzmacher | 3 | -0/+5 | |
metze | |||||
2009-06-05 | s3:smbd: fix the logic for compounded requests | Stefan Metzmacher | 1 | -1/+1 | |
metze | |||||
2009-06-05 | s3:smbd: only setup the dyn iovec if a a dyn blob is given | Stefan Metzmacher | 1 | -2/+1 | |
Otherwise leave the default in there, which takes care of padding for compounded requests. metze | |||||
2009-06-05 | s3:smbd: add support for SMB2 Ioctl FSCTL_PIPE_TRANSCEIVE on IPC$ | Stefan Metzmacher | 1 | -0/+92 | |
metze | |||||
2009-06-05 | s3:smbd: add support for SMB2 Read on IPC$ | Stefan Metzmacher | 1 | -6/+52 | |
metze | |||||
2009-06-05 | s3:smbd: add support for SMB2 Write on IPC$ | Stefan Metzmacher | 1 | -5/+49 | |
metze | |||||
2009-06-05 | s3:smbd: add support for SMB2 Create on IPC$ | Stefan Metzmacher | 1 | -1/+17 | |
metze | |||||
2009-06-05 | s3:smbd: add support for SMB2 Ioctl | Stefan Metzmacher | 4 | -4/+281 | |
We don't implement any level yet. metze | |||||
2009-06-05 | nss_wrapper: add cross checking test to testsuite. | Günther Deschner | 1 | -0/+90 | |
Guenther | |||||
2009-06-05 | nss_wrapper: add tests for getgrent_r to testsuite. | Günther Deschner | 1 | -0/+131 | |
Guenther | |||||
2009-06-05 | nss_wrapper: add tests for getpwent_r to testsuite. | Günther Deschner | 1 | -0/+141 | |
Guenther | |||||
2009-06-05 | nss_wrapper: fix segfault in nwrap_gr_copy_r() | Stefan Metzmacher | 1 | -3/+8 | |
metze | |||||
2009-06-05 | s3/docs: Fix typo. | Karolin Seeger | 1 | -2/+2 | |
Karolin | |||||
2009-06-05 | s3:smbd: add missing return statements to the SMB2 write error cases | Stefan Metzmacher | 1 | -0/+2 | |
metze |