Age | Commit message (Collapse) | Author | Files | Lines |
|
Thanks to Christophe Curis for the suggestion
(This used to be commit 3b5ad9190d2ad6d2ca0a569194bdff9003bda13b)
|
|
When we added the ability for the kernel to send sec=mskrb5 to the
upcall, we subtly broke old cifs.upcall versions that don't understand
it. Bump the spnego message version to 2 to make this clear. Also,
change cifs.upcall to not reject requests with a version that's lower
than the current one, and to send the reply with the same version that
the request sent. The idea is to try and keep cifs.upcall backward
compatible with old kernels.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
(This used to be commit b868463015dedc684eb13d12118a98ccca71250a)
|
|
Signed-off-by: Jeff Layton <jlayton@redhat.com>
(This used to be commit aa3443492c58a7c109fe159e15d763dbafc66f2a)
|
|
When the kernel sends the upcall a sec=mskrb5 parameter, that means
the the MSKRB5 OID is preferred by the server. This patch fixes the
upcall to use that OID in place of the "normal" krb5 OID when it
gets a sec=mskrb5 parameter.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Acked-by: Steve French <smfrench@gmail.com>
(This used to be commit 6287e13b34efeaa8fd94c7c6d99468350ce6172e)
|
|
krb5 mounts require that the user already have a valid krb5 ticket.
Since we can't currently use the password entered, don't prompt for it.
Also, switch to using strncmp instead of strcmp here.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
(This used to be commit c75791c34abebe23c6f6a5534b0358514ec4eabc)
|
|
This one was introduced with 8eff35bc.
Thanks to Noèl Köthe for tracking that down!
Karolin
(This used to be commit 250f5a40d6e80305220d7cdc6a8f8459d8d0de74)
|
|
When a request-key upcall exits without instantiating a key, the kernel
will negatively instantiate the key with a 60s timeout. Older kernels,
however seem to also link that key into the session keyring. This
behavior can interefere with subsequent mount attempts until the
key times out. The next request_key() call will get this negative key
even if the upcall would have worked the second time.
Fix this by having cifs.upcall negatively instantiate the key itself
with a 1s timeout and don't attach it to the session keyring.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
(This used to be commit f760dd3f3128c846cdeab16cc52bbb5189427955)
|
|
as proposed by James Peach.
Jeremy.
(This used to be commit 5c27ad75836136c39774c9456d63f46fa62e281f)
|
|
client/cifs.upcall.c:205: warning: function declaration isn’t a prototype
This patch fixes this by properly declaring usage() args as void.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@samba.org>
(This used to be commit 148a012421cdd875167e708c5dfa771d97bf9856)
|
|
The "cifs.resolver" key type has been changed to "dns_resolver". Fix
the comments at the top of cifs.upcall and the manpage accordingly.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@samba.org>
---
docs-xml/manpages-3/cifs.upcall.8.xml | 4 ++--
source/client/cifs.upcall.c | 8 ++++----
2 files changed, 6 insertions(+), 6 deletions(-)
(This used to be commit 24a93d03c2ca4e718968e2024604e0f398c96659)
|
|
(so parsing for domain parameter in mount.cifs matches online help)
and rephrasing original code to make it more clear.
The check for "domain" was meant to allow for "dom" or "DOM" and the
option ("dom") described in the help (e.g. "/sbin/mount.cifs -?") is the
shorter ("dom") form. The reason that the string we compare against
is larger was to improve readability (we could compare against "dom"
but note /* "domain" or "DOMAIN" or "dom" or "DOM" */ but it seemed
terser to just show the larger string in the strcmp target. The
change to "workgoup" from workg* (anything which begins with "workg"
doesn't matter - it is a minor behavior change - but probably few
scripts depend on the "alias" for this option).
Rework code so that it is clearer what we are comparing against.
(This used to be commit 92fad0fc537e75c726d5d6794dd0c4fd61edca2d)
|
|
(as a synonym for the older "cifs.resolver" name) when resolving host
names to ip addresses for the kernel.
Acked-by: Jeff Layton
(This used to be commit 22c36b27c60193102b3153e073216865adb1b6c1)
|
|
Steve French noticed these warnings when building cifs.upcall:
Compiling client/cifs.upcall.c
client/cifs.upcall.c: In function 'usage':
client/cifs.upcall.c:204: warning: declaration of 'prog' shadows a global declaration
client/cifs.upcall.c:33: warning: shadowed declaration is here
Change the usage function to not take and arg and have it just use the global
"prog" variable. Fix a typo in the log message generated when an unknown
option is specified. Also getopt() always returns '?' when it sees an unknown
option so there's no point in printing it out.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
(This used to be commit 4b8362f9777debd21c47154e786b7017fbf847f7)
|
|
Pass in ndr_syntax_id instead of pipe_idx, return NTSTATUS
(This used to be commit 9abc9dc4dc13bd3e42f98eff64eacf24b51f5779)
|
|
binary. The biggest change is that it renames it from cifs.spnego
to cifs.upcall since the cifs.spnego name really isn't applicable
anymore.
It also fixes a segfault when the program is run without any args
and adds a manpage. Comments and/or suggestions appreciated.
This set should apply cleanly to the 3.3 test branch.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Jeremy.
(This used to be commit c633f10d9e78327664e6bca51f66756bcf0505a6)
|
|
strlcat gives error.
Jeremy.
(This used to be commit d7c82997bdcf1acd7ac104efa0ad05e0b94935ea)
|
|
Steve, please check!
Thanks,
Volker
(This used to be commit 5222b8db3fb692e5071bfd1b41849a8eb0a17995)
|
|
Thanks to "No Body is Perfect" from gmail, whoever that is :-)
Volker
(cherry picked from commit 679d8dfa390601f777bfb43c02cd921eae5edcf4)
(This used to be commit b8e1d62b8e8f724b855c8ab9801abee0b2791e36)
|
|
v3-3-test
(This used to be commit 3d01248f63d0d476c16236453983ffe759d0b2c2)
|
|
All,
Noticed that smbspool.c still has my Easy Software Products copyright
on it. The following patch fixes it to match the other code I've
contributed over the years...
Jeremy.
(This used to be commit 9f5897e28dfa0d0563cd2568b4bedc601681e41b)
|
|
can result in a buffer overrun.
Jeremy.
(This used to be commit 23b825e9d2c74c5b940cf4d3aa56c18692259972)
|
|
(This used to be commit c1e115964b671802a4af5beab3ad3222ee17b9c0)
|
|
Michael
(This used to be commit f7db445c828c0eef2c08b538bd07d485dc248689)
|
|
(This used to be commit 9e39ac1cc31d48db968e79c4698901e079007ff7)
|
|
Michael
(This used to be commit f8c0710165ee1ede46d7ed34daa5564d20d3f069)
|
|
Guenther
(This used to be commit d077ef64cd1d9bbaeb936566c2c70da508de829f)
|
|
cases.
Jeremy.
(This used to be commit 818fbc9889af8c9fb6e7978e8ed2269a78f14404)
|
|
Introduced by me in the strlcpy cleanup. Ensure the
loaded password doesn't contain the '\n' at the end.
Jeremy.
(This used to be commit 41984743d9e89b6568119832c35ee4c0024e43a2)
|
|
Jeremy.
(This used to be commit 7a724d78e11f016f154c0029dc394ce133f41110)
|
|
Karolin
(This used to be commit d99a31848bd2172c15500dd61ce30fef963c1ac6)
|
|
SAFE_FREE. Use #define constants not arbitrary numbers. Stevef
please check. Karolyn, once Steve has checked please pull for
3.2-stable.
Jeremy.
(This used to be commit cc23f91d639db61903bf8b6c9fa46ec9c1f44178)
|
|
(This used to be commit a51cb3c1a9549d74c1e5cf05bc43b955af1a25b7)
|
|
(This used to be commit 831a09ae25e98eacc0b0be5390d3ac3aa671a8a5)
|
|
(This used to be commit 4244be792eeb69e883a1ece013b62fe6941086f2)
|
|
(This used to be commit b294b2055a422e1af59e3b6843b84750b6786d99)
|
|
There were a couple of places where we weren't checking for
authentication correctly. This chance fixes those places and properly
supports Kerberos where available.
(This used to be commit 8eff35bc4acc13807c895af43b52db79ee195cb5)
|
|
To summarize the changes, the patches remove the old (probably non-
working) Kerberos support code which is unnecessary with CUPS 1.3
and adds some checks on the NT status we get back to see whether
the connection error is related to authentication. If so, we send
the ATTR: message to tell CUPS we need a username and password and
return exit code 2 so cupsd will do the right thing.
AUTH_USERNAME, AUTH_PASSWORD, and KRB5CCNAME are set and supported
by CUPS 1.3. The new exit code is supported by CUPS 1.2.x and 1.3,
and it treated as a general failure in CUPS 1.1. The ATTR: message
is only supported by CUPS 1.3, while CUPS 1.2 will assume the
"username,password" value we are setting.
The current code only uses the AUTH_* env vars if they are set.
If not, we fall back to the previous behavior.
I really can't tell whether the Kerberos code that was in there
would work at all. It did not work for Mac OS X which is why
I dropped it.
(This used to be commit 8c12c5cea01d9b801fe80c2a87b8139c488a62a5)
|
|
(This used to be commit 99fc3283c4ecc791f5a242bd1983b4352ce3e6cf)
|
|
This reduces the dependency on cli_state
(This used to be commit 783afab9c891dd7bcb78895b2a639b6f3a0edf5b)
|
|
connect on port 139 with IPv6. Found by David Holder @ Erion.
Karolin please merge to 3.2-stable.
Jeremy.
(This used to be commit c003e66ff10b23bb30aef0071ba7a3ae9579174e)
|
|
This patch is the second patch to attempt to fix up some of the problems
with mounting subdirectories of shares. The earlier patch didn't handle
this correctly when POSIX extensions were enabled. This one does.
This is a bit of a confusing area since the different components of
a service string have different rules:
1) hostname: no '/' (slash) or '\' (backslash) is allowed to be
embedded within the string
2) sharename: same rules as hostname
3) prefixpath: '\' *is* allowed to be embedded in a path component,
iff POSIX extensions are enabled. Otherwise, neither
character is allowed.
The idea here is to allow either character to act as a delimiter when we
know that the character can't be anything but a delimiter (namely
everywhere up to the start of the prefixpath). The patch will convert
any '\' unconditionally to '/' in the UNC portion of the string.
However, inside the prefixpath, we can't make assumptions about what
constitutes a delimiter because POSIX allows for embedded '\'
characters. So there we don't attempt to do any conversion, and pass the
prefixpath to the kernel as is. Once the kernel determines whether POSIX
extensions are enabled, it can then convert the path if needed and it's
able to do so. A patch to handle this has already been committed to the
cifs-2.6 git tree.
This patch also fixes an annoyance. When you mount a subdir of a share,
mount.cifs munges the device string so that you can't tell what the
prefixpath is. So if I mount:
//server/share/p1/p2/p3
..then /proc/mounts and mtab will show only:
//server/share
Finally, it also tries to apply some consistent rules to the uppercasing
of strings.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
(This used to be commit e03d1dfdb80333c071b600245eb749ef5664aa22)
|
|
(This used to be commit 8dd6458049d1b9d6849730ac19c39b049a68f302)
|
|
(This used to be commit 3fc85d22590550f0539215d020e4411bf5b14363)
|
|
dirmask is always set here, we've dereferenced it before anyway
(This used to be commit e6787aa133a1b241987319486c3bc46ac6ad41af)
|
|
finfo1==NULL just does not happen in current code
(This used to be commit 9ea0078c3151984a901c9bba559ae2bd7959e077)
|
|
Guenther
(This used to be commit 1121633652ffb77dce8df9cc91b7dfc2d55fd348)
|
|
Derrell
(This used to be commit b7f34e7ef2907b498a0645ce68f2773ed7d60cdc)
|
|
I did not do any scientific tests, but the dummy test on my laptop against a
w2k3 vmware shows that in this specific situation going beyond 512k seems not
to gain anything anymore.
smb: \> iosize 64512
iosize is now 64512
smb: \> lcd /dev
smb: \> get random null
getting file \random of size 104857600 as null (33453,1 kb/s) (average 19718,5 kb/s)
smb: \> get random null
getting file \random of size 104857600 as null (34236,0 kb/s) (average 20509,1 kb/s)
smb: \> iosize 524288
iosize is now 524288
smb: \> get random null
getting file \random of size 104857600 as null (49042,1 kb/s) (average 22521,9 kb/s)
smb: \> get random null
getting file \random of size 104857600 as null (49420,8 kb/s) (average 23432,9 kb/s)
smb: \> iosize 1048576
iosize is now 1048576
smb: \> get random null
getting file \random of size 104857600 as null (49420,8 kb/s) (average 24284,2 kb/s)
smb: \> get random null
getting file \random of size 104857600 as null (49136,3 kb/s) (average 25076,9 kb/s)
(This used to be commit 1bcfef6a9093aa873550a263dc142c8a3f5edffd)
|
|
(This used to be commit e602f06cbba852a7eacd15b2511ef2571a95cc80)
|
|
This is the big (and potentially controversial) one. It took a phone call to
explain to metze what is going on inside cli_pull_read_done, but I would really
like everybody to understand this function. It is a very good and reasonably
complex example of async programming. If we want more asynchronism in s3, this
is what we will have to deal with :-)
Make use of it in the smbclient "get" command.
Volker
(This used to be commit 76f9b360ee1d973630d82d401eeddce858189301)
|