Age | Commit message (Collapse) | Author | Files | Lines |
|
Guenther
|
|
here.
Jeremy.
|
|
Karolin
|
|
|
|
|
|
Karolin
|
|
Fix bug #6844 (wrong credential file format in mount.cifs manpage).
Thanks to the Debian Samba package maintainers for reporting!
Karolin
|
|
Part of a fix for bug #6890 (Some smb.conf parameters are undocumented).
Karolin
|
|
Part of a fix for bug #6890 (Some smb.conf parameters are undocumented).
Karolin
|
|
Part of a fix for bug #6890 (Some smb.conf parameters are undocumented).
Karolin
|
|
Part of a fix for bug #6890 (Some smb.conf parameters are undocumented).
Karolin
|
|
|
|
Patchfile from SATOH Fumiyasu <fumiyas@osstech.co.jp>.
Thanks!
Guenther
|
|
|
|
Karolin
|
|
in the "user.DOSATTRIB" EA. From the docs:
In Samba 3.5.0 and above the "user.DOSATTRIB" extended attribute has been extended to store
the create time for a file as well as the DOS attributes. This is done in a backwards compatible
way so files created by Samba 3.5.0 and above can still have the DOS attribute read from this
extended attribute by earlier versions of Samba, but they will not be able to read the create
time stored there. Storing the create time separately from the normal filesystem meta-data
allows Samba to faithfully reproduce NTFS semantics on top of a POSIX filesystem.
Passes make test but will need more testing.
Jeremy.
|
|
inherit acls = yes or xattrs are removed.
We also need dos filemode = true set as well.
Jeremy.
|
|
Karolin
|
|
xattrs are removed.
Jeremy.
|
|
When something in the cluster blocks, it can happen that we wait indefinitely
long for ctdb, just adding to the blocking condition. In theory, nothing should
block, but as someone said "In practice the difference between theory and
practice is larger than in theory". This adds a timeout parameter in seconds,
after which we stop waiting for ctdb and panic.
|
|
It does not cost much and can help a lot when debugging
|
|
Fix bug #4250. Thanks to TAKAHASHI Motonobu <monyo@samba.gr.jp> for reporting!
Karolin
|
|
Fix bug #4252. Thanks to TAKAHASHI Motonobu <monyo@samba.gr.jp> for reporting!
Karolin
|
|
|
|
Karolin
|
|
This parameter will be introduced with Samba 3.5.0.
Karolin
|
|
Fix build warning.
Karolin
|
|
Karolin
|
|
|
|
privilage -> privilege
Karolin
|
|
Avoid warnings.
Karolin
|
|
Guenther
|
|
Guenther
|
|
fix some trusted/trusting mixups, make documentation more precise
and man page more verbose.
|
|
Guenther
|
|
Fix bug #6717.
|
|
|
|
|
|
add interesting detail: lm passwords will be removed from databaѕe with
lanman auth = no
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Karolin
|
|
This addresses bug #6661.
Karolin
|
|
This is necessary because MIT 1.5 can't deal with certain types (Tree Root) of
transitive AD trusts. The workaround is to add a [capaths] directive to
/etc/krb5.conf, which we don't automatically put into the krb5.conf winbind
creates.
The alternative would have been something like a "krb5 conf include", but I
think if someone has to mess with /etc/krb5.conf at this level, it should be
easy to add the site-local KDCs as well.
Next alternative is to correctly figure out the [capaths] parameter for all
trusted domains, but for that I don't have the time right now. Sorry :-)
|
|
Igor Mammedov pointed out that reverse resolving an IP address to get
the hostname portion of a principal could open a possible attack
vector. If an attacker were to gain control of DNS, then he could
redirect the mount to a server of his choosing, and fix the reverse
resolution to point to a hostname of his choosing (one where he has
the key for the corresponding cifs/ or host/ principal).
That said, we often trust DNS for other reasons and it can be useful
to do so. Make the code that allows trusting DNS to be enabled by
adding --trust-dns to the cifs.upcall invocation.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
|
|
cifs.upcall takes a "-c" flag that tells the upcall to get a principal
in the form of "cifs/hostname.example.com@REALM" instead of
"host/hostname.example.com@REALM". This has turned out to be a source of
great confusion for users.
Instead of requiring this flag, have the upcall try to get a "cifs/"
principal first. If that fails, fall back to getting a "host/"
principal.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
|