similar to: [cifs-utils PATCH] cifs.upcall: switch group IDs when handling an upcall

Displaying 20 results from an estimated 1000 matches similar to: "[cifs-utils PATCH] cifs.upcall: switch group IDs when handling an upcall"

2017 Feb 11
2
[RFC][cifs-utils PATCH] cifs.upcall: allow scraping of KRB5CCNAME out of initiating task's /proc/<pid>/environ file
Chad reported that he was seeing a regression in cifs-utils-6.6. Prior to that, cifs.upcall was able to find credcaches in non-default FILE: locations, but with the rework of that code, that ability was lost. Unfortunately, the krb5 library design doesn't really take into account the fact that we might need to find a credcache in a process that isn't descended from the session. When the
2017 Feb 15
5
[cifs-utils PATCH v3 0/4] cifs.upcall: allow cifs.upcall to scrape cache location initiating task's environment
Third respin of this series. Reordered for better safety for bisecting. The environment scraping is now on by default, but can be disabled with "-E" in environments where it's not needed. Also, I've added a patch to make cifs.upcall drop capabilities before doing most of its work. This may help reduce the attack surface of the program. Jeff Layton (4): cifs.upcall: convert
2017 Feb 15
5
[cifs-utils PATCH v3 0/4] cifs.upcall: allow cifs.upcall to scrape cache location initiating task's environment
Apologies for v3 series, I had some extra patches in there. This is the one that should have been sent. Relabeled as v4 for clarity. Third respin of this series. Reordered for better safety for bisecting. The environment scraping is now on by default, but can be disabled with "-E" in environments where it's not needed. Also, I've added a patch to make cifs.upcall drop
2017 Feb 14
3
[PATCH v2 0/2] cifs.upcall: allow cifs.upcall to grab $KRB5CCNAME from initiating process
Small respin of the patches that I posted a few days ago. The main difference is the reordering of the series to make it do the group and grouplist manipulation first, and then the patch that makes it grab the KRB5CCNAME from the initiating process. I think the code is sound, my main question is whether we really need the command-line switch for this. Should this just be the default mode of
2017 Feb 10
0
cifs-utils: regression in (mulituser?) mounting 'CIFS VFS: Send error in SessSetup = -126'
On Fri, 2017-02-10 at 15:14 -0500, Simo Sorce wrote: > On Fri, 2017-02-10 at 14:29 -0500, Jeff Layton wrote: > > On Fri, 2017-02-10 at 14:14 -0500, Simo Sorce wrote: > > > On Fri, 2017-02-10 at 13:30 -0500, Jeff Layton wrote: > > > > On Fri, 2017-02-10 at 12:39 -0500, Jeff Layton wrote: > > > > > On Fri, 2017-02-10 at 11:15 -0600, Chad William Seys
2017 Feb 13
0
[RFC][cifs-utils PATCH] cifs.upcall: allow scraping of KRB5CCNAME out of initiating task's /proc/<pid>/environ file
On Mon, 2017-02-13 at 05:02 -0500, Simo Sorce wrote: > On Sat, 2017-02-11 at 10:16 -0500, Jeff Layton wrote: > > On Sat, 2017-02-11 at 08:41 -0500, Jeff Layton wrote: > > > Chad reported that he was seeing a regression in cifs-utils-6.6. > > > Prior > > > to that, cifs.upcall was able to find credcaches in non-default > > > FILE: > > >
2009 Oct 28
4
compiling 3.2.15: cifs.upcall not found afer RPM build
Hello, Trying to compile Samba 3.2.15 on a RHEL AS 4u2 (i686) and I'm getting the following result from 'sh makerpms.sh': > Provides: samba-doc = 3.2.15-1 > Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1 rpmlib(VersionedDependencies) <= 3.0.3-1 > > > RPM build errors: > File not found:
2009 Sep 19
1
cifs.upcall not respecting krb5ccname env var?
Hello, I've been doing some extensive troubleshooting with respect to some issues mounting CIFS shares on a Windows box via Kerberos. We're using the command: /sbin/mount.cifs //whatever/whatever /whatever -o sec=krb5i This should mount the share using Kerberos & Packet-signing by using the cached credentials of the user executing the command. With judicious use of strace, it
2017 Feb 10
5
cifs-utils: regression in (mulituser?) mounting 'CIFS VFS: Send error in SessSetup = -126'
On Fri, 2017-02-10 at 11:15 -0600, Chad William Seys wrote: > Hi Jeff, > > > So we have a default credcache for the user for whom we are operating > > as, but we can't get the default principal name from it. My guess is > > that it's not finding the > > This mount is run by root UID=0 and seems to be find that credential > cache without problem (earlier
2009 May 08
0
error while building samba with cifs upcall
:/usr/src/samba/samba/source3 # grep -i ldap config.log $ ./configure --with-cifsupcall --with-ads --with-ldap --with-krb5 configure:59539: checking for LDAP support configure:59585: checking ldap.h usability configure:59627: checking ldap.h presence configure:59696: checking for ldap.h | #define HAVE_LDAP_H 1 | #define HAVE_LDAP_H 1 | #define HAVE_LDAP_H 1 configure:60066: checking for
2007 Oct 18
0
[PATCH] Use a control socket directory to restrict access
This approach is more complex than I'd like, but it works even on Solaris, which has neither credential passing nor permissions on the socket itself. --- src/control.c | 82 +++++++++++++++++++++++++++++++++++++++----------- src/control_common.h | 1 + src/tincctl.c | 67 +++++++++++++++++++++++++++++++++-------- src/tincd.c | 2 +- 4 files changed, 120
2017 Feb 08
2
cifs-utils: regression in (mulituser?) mounting 'CIFS VFS: Send error in SessSetup = -126'
Hello, On Debian 9 (stretch prerelease) I am able to mount with the following command with root using the following command: mount -t cifs //smb.physics.wisc.edu/smb /smb -osec=krb5,multiuser,username=smbadmin at PHYSICS.WISC.EDU --verbose root can also access files as expected However, when cifs-utils 6.6-5 is installed, a different user cannot access as expected: ls /smb ls: cannot
2000 Nov 08
1
socket leakage patch
We have been fighting with intermittent connections here and have noticed that tinc seems to use up its supply of file descriptors. After a whole bunch of Nov 8 03:51:23 tserver tinc.calgary[23909]: Could not set up a meta connection. Nov 8 03:51:23 tserver tinc.calgary[23909]: Still failed to connect to other. Will retry Nov 8 03:51:33 tserver tinc.calgary[23909]: 10.38.9.1:8193: Connection
2013 Apr 11
1
Samba4 Does cifs need a keytab for the multiuser option?
Hi samba --version Version 4.0.6-GIT-4bebda4 smb.conf: [users] path = /home/users read only = No Working on the DC which is also the fileserver user steve2 can write to his folder at /home/users/steve2 But if we now mount the share: sudo mount -t cifs //doloresdc/users /mnt -osec=krb5,multiuser he can't write to the mounted share at /mnt/users/steve2 He gets 'Permission denied'.
2023 Oct 15
1
reliability of mounting shares while login
Hi @all, I have some problems when using pam_mount.conf.xml to mount shares via kerberos (and also for ntlm) regarding reliability of the mount. I have tested the issue with 2 different environments. My environments are: 2 Microsoft Domain Controllers + a separate fileserver and Ubuntu 18.04 or 22.04 as clients. My other tested environment is one Microsoft Server 2019 (as domain controller and
2019 Jan 08
0
mount cifs with sec=krb5
Hai Mourik-Jan, Beste wensen he ;-) Lets start here.. A and PTR record exists for both servers? Does CIFS/spn and root/spn exist in the AD? In krb5.conf, set these : ; not used for nfs4 but cifs might need it. ; for Windows 2003 ; default_tgs_enctypes = rc4-hmac des-cbc-crc des-cbc-md5 ; default_tkt_enctypes = rc4-hmac des-cbc-crc des-cbc-md5 ; permitted_enctypes = rc4-hmac
2019 Jan 07
2
mount cifs with sec=krb5
Hi, I am trying to mount fileserver (samba, 10.20.30.16) shares on a linux domain member server, where I logged on via ssh using AD my credentials. I am unable to get past the "mount error(126): Required key not available" error message. I have read and googled a lot, and could use some help. See this: > domainuser at memberserver-45:~$ sudo tail -f /var/log/debug & >
2024 Jan 26
1
permission denied with windows acls
On 1/26/24 02:35, Rowland Penny via samba wrote: > On Thu, 25 Jan 2024 18:45:52 -0800 Peter Carlson via samba > <samba at lists.samba.org> wrote: >> The share mounts and I am a member of the correct groups >> CARLSON\peter at u2gui:~$ cat /etc/fstab //fs.carlson.lab/test /mnt/test >> cifs credentials=/root/smbcreds,multiuser,sec=ntlmssp,_netdev 0 0 > I think
2020 Mar 09
0
mount share using kerberos ticket fails
Did you "deleated the computer object" to allow kerberos services. And did you add the CIFS/spn to the computer and keytab ? https://wiki.samba.org/index.php/Generating_Keytabs If its a member, which i assume. kinit Administrator net ads keytab add cifs/$(hostname -f) -k net ads keytab add_update_ads -k Add these and it should work. You might need to restart or reboot., sometimes
2003 Feb 20
0
Netbios name service forwarding.
I wrote this little program to deal with the situation where there are a number of workgroups on a number of subnets with no WINS server [actually I couldn't get this configuration to run with a WINS server - but that's another story] You run this program on machines bridging your subnets and it listens for netbios nameserver packets and forwards them. [Broadcast packets are sent on to