Jeff Layton [Wed, 7 Nov 2012 15:19:16 +0000 (10:19 -0500)]
cifs.idmap: fix endianness on SIDs before sending to kernel
Winbind keeps wbcDomainSids in host-endian format. They must be
converted to little-endian before we can ship them off to the
kernel.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Wed, 7 Nov 2012 15:19:16 +0000 (10:19 -0500)]
setcifsacl: fix endianness on SIDs provided by winbind routines
Winbind keeps SID fields in host-endian format, but setcifsacl doesn't
currently account for that. Make sure that when we get a valid SID
from wbc that we convert the subauth fields to little-endian, which
the server will expect. The other fields are single bytes and don't
need conversion.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Wed, 7 Nov 2012 15:19:16 +0000 (10:19 -0500)]
cifsacl: header file cleanup
Remove the unused ace_action enum, and express mask values by or'ing
what they represent. Add a comment about the endianness of these values
in the packed structs too.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Wed, 7 Nov 2012 15:19:15 +0000 (10:19 -0500)]
setcifsacl: fix up getopt() usage
'?' has a special meaning in getopt(). It means that the option
character was not recognized. You can override that behavior by making
':' the first character of the optstring, but that wasn't done here. I'm
not sure what the effect of having '?' in the actual optstring is in
this case, but it's probably best not to put it in there.
Remove '?' from the optstring and replace it 'h'. Also add '-h' as a
valid option to the manpage.
'-v' doesn't require an argument, so fix the optstring to reflect that.
Finally declare a new variable to hold optarg. Currently we only call
getopt() once, which is a little odd. Eventually we may want to make it
call it more than once, in which case we'll need some way to store the
optarg on each pass.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Wed, 7 Nov 2012 15:19:15 +0000 (10:19 -0500)]
setcifsacl: declare an enum for the action values
...instead of relying on magic values of an int.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Wed, 7 Nov 2012 15:19:15 +0000 (10:19 -0500)]
get/setcifsacl: set "prog" via basename(argv[0])
This saves a tiny bit of memory, and doesn't make the program assume
that the binary is named something in particular.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Wed, 7 Nov 2012 15:19:15 +0000 (10:19 -0500)]
setcifsacl: clean up get_numfaces
pntsd is never NULL here, and get rid of extra "else" that adds some
unneeded indentation.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Wed, 7 Nov 2012 15:19:14 +0000 (10:19 -0500)]
setcifsacl: fix overrun of subauths array when copying SIDs
copy_sec_desc() copies the owner and group SIDs from one security
descriptor to another. Unfortunately, it doesn't take into account the
fact that these are variable length and routinely overruns the SID
structure when doing this copy and scribbles over the destination ACL.
This wasn't noticed before the change in the maximum number of subauths
because the code either overwrote the damage afterward, or the overrun
part was the same between source and destination anyway. Now that the
max number of subauths is 15, it's more noticable.
Fix it to only copy the number of subauths that claimed in the buffer
instead.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Mon, 29 Oct 2012 20:04:11 +0000 (16:04 -0400)]
setcifsacl: clean up sizing of cifs_sid
The max number of subauthorities on windows and in winbind is generally
15, not 5. If winbind sends more than 5, then this code may end up
overrunning the buffer. Also, define some preprocessor constants and
use those instead of hardcoding '5' and '6' all over the place.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Mon, 29 Oct 2012 19:45:37 +0000 (15:45 -0400)]
cifs.idmap: add a --help option for cifs.idmap
To make it print the usage message and exit.
Reviewed-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Mon, 29 Oct 2012 19:45:37 +0000 (15:45 -0400)]
cifs.idmap: set a timeout on keys that it instantiates
...and add a command-line option to allow the admin to tune that value.
I think this is a better way to handle this instead of trying to set the
timeouts in kernel space.
Reviewed-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Mon, 29 Oct 2012 19:45:37 +0000 (15:45 -0400)]
cifs.idmap: don't use atoi to convert unsigned int to number
atoi() is for signed integers, and is deprecated in any case. Use
strtoul() instead and check the result carefully before using it.
Also add a log message when the string(s) can't be converted and
fix the signedness of the types in other log messages.
Reviewed-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Mon, 29 Oct 2012 19:45:37 +0000 (15:45 -0400)]
cifs.idmap: clean up strget and avoid memory allocation
Don't do a strlen() call if strstr() isn't going to match anyway.
There's no need to duplicate the string here. None of the callers modify
it, so just return a pointer into the original string.
Reviewed-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Mon, 29 Oct 2012 19:45:37 +0000 (15:45 -0400)]
cifs.idmap: add an options struct to handle long options
...since the manpage advertises them.
Reviewed-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Mon, 29 Oct 2012 19:45:37 +0000 (15:45 -0400)]
cifs.idmap: get rid of useless strcmp prior to idmapping
The code copies off the key description and then ensures that it's
prefixed with "cifs.idmap". What's the point of that?
Presumably request-key would never have called this otherwise. There's
little harm in going ahead and doing the idmapping if this is called
with the wrong string.
Also, the error handling here is wrong. If the prefix doesn't match
the code will exit 0 without doing any mapping. Just remove it.
Reviewed-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Mon, 29 Oct 2012 19:45:37 +0000 (15:45 -0400)]
cifs.idmap: make sure cifsacl structs are packed
The kernel equivalent definitions are defined with
__attribute__((packed)), and the code seems to assume the userspace and
kernel ones will be properly aligned. Fix the userspace definitions in a
similar fashion.
Given the way these structs are, there is probably not any padding
between fields on most arches, but it's best to be safe here.
Reviewed-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
Signed-off-by: Jeff Layton <jlayton@samba.org>
Scott Lovenberg [Tue, 23 Oct 2012 19:37:03 +0000 (15:37 -0400)]
mount.cifs: add warning that NFS syntax is deprecated and will be
removed in cifs-utils-6.0.
[jlayton: Added newline to end of warning]
Signed-off-by: Scott Lovenberg <scott.lovenberg@gmail.com>
Jeff Layton [Fri, 12 Oct 2012 17:28:37 +0000 (13:28 -0400)]
autoconf: set release to 5.7.1 for interim builds
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Tue, 9 Oct 2012 19:21:33 +0000 (15:21 -0400)]
autoconf: set version to 5.7
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Mon, 8 Oct 2012 10:44:49 +0000 (06:44 -0400)]
mount.cifs: implement the "nofail" option
The mount(8) manpage lists this as a fs-independent option:
nofail: Do not report errors for this device if it does not exist.
Implement that in mount.cifs by not returning an error if we were unable
to find a suitable address for the mount attempt.
Reported-by: Peter Trenholme <PTrenholme@gmail.com>
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Tue, 25 Sep 2012 15:07:08 +0000 (11:07 -0400)]
manpage: clarify usage of the username= option
Specifying the username as "user=" can confuse some versions of /bin/mount,
and cause it to append noexec to the mount string. Also, remove the blurb
about how cifs.ko will accept abbreviations -- it's just bad practice since
it leads to these sorts of conflicts.
A wonderful example of this confusion was reported by Stefan here:
https://bugzilla.redhat.com/show_bug.cgi?id=860154
Reported-by: Stefan Walter <walteste@inf.ethz.ch>
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Wed, 12 Sep 2012 11:49:44 +0000 (07:49 -0400)]
mount.cifs: running out of addresses is not a system error
This patch fixes a minor regression. It used to be that when the mount
helper would run out of addresses that it would return EX_FAIL to
userspace. It now returns EX_SYSERR which is incorrect. Reinstate
the correct error code.
Reported-by: Ales Zelinka <azelinka@redhat.com>
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Thu, 23 Aug 2012 14:18:02 +0000 (10:18 -0400)]
mount.cifs: silence compiler warnings about ignoring return code
In this case we explicitly don't care what these functions return, so
declare a couple of unused variables to catch the results.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Thu, 23 Aug 2012 11:46:40 +0000 (07:46 -0400)]
cifs.upcall: use strncmp in scandir filter function
We want to require that the filename begins with the correct string,
not just that it contains it somewhere.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Nalin Dahyabhai [Thu, 23 Aug 2012 15:14:56 +0000 (11:14 -0400)]
cifs.upcall: scan /run/user/${UID} for ccaches, too
When scanning for credential caches, check the user's directory under
/run/user first, then fall back to /tmp as we have previously. Because
we now call find_krb5_cc() twice (once for each directory), we move its
state to be outside of the function. We also add a substitution
mechanism to make the process of resolving the location of the user's
home directory before searching it a bit more explicable.
Nalin Dahyabhai [Thu, 23 Aug 2012 15:14:45 +0000 (11:14 -0400)]
cifs.upcall: also consider DIR:-type ccaches
If we encounter a subdirectory while scanning a directory for a user's
ccache, check if it's a "DIR" ccache. Otherwise, continue as before,
checking if it's a "FILE" ccache if it looks like a regular file.
Jeff Layton [Tue, 21 Aug 2012 19:18:54 +0000 (15:18 -0400)]
cifs-utils: fix up references to getcifsacl and setcifsacl files
When I moved the manpages for this to section 1, I missed some references
to them. Also, get rid of the unneeded clean-local-aclprogs makefile target.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Tue, 7 Aug 2012 15:52:15 +0000 (11:52 -0400)]
mount.cifs: handle username= differently depending on sec= option
This patch is intended as a temporary workaround for krb5 users that need
to specify usernames with '/' in them. I intend to remove this hack from
mount.cifs once the legacy username handling code is removed.
The idea here is to save off the raw username string while we're parsing
options. If the mount options specify "sec=krb5" or "sec=krb5i" then
we'll not do the legacy username parsing and will instead just pass in
the username string as-is.
Obviously, this is a nasty hack and we don't really want to carry this
in perpetuity, so this can go away once the "legacy" username parsing
has gone away.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Tue, 7 Aug 2012 15:11:26 +0000 (11:11 -0400)]
mount.cifs: deprecate the DOMAIN/username%password username syntax
mount.cifs has in the past allowed users to specify a username using
the above syntax, which would populate the domain and password fields
with the different pieces.
Unfortunately, there are cases where it is legit to have a '/' in a
username. krb5 SPNs generally contain a '/' and we have no clear way
to distinguish between the two.
I don't see any real value in keeping that syntax allowed. It's no
easier than specifying "pass=" and "domain=" on the command line. Ditto
for credential files.
Begin the transition away from that syntax by adding a warning message
that support for it will be removed in 5.9.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Tue, 7 Aug 2012 15:06:41 +0000 (11:06 -0400)]
autoconf: set version to 5.6.1 for interim builds
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Thu, 26 Jul 2012 14:41:24 +0000 (10:41 -0400)]
autoconf: set version to 5.6
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Fri, 20 Jul 2012 14:30:50 +0000 (10:30 -0400)]
cifscreds: add a check and warnings for session keyring problems
Many distros do not call into pam_keyinit to set up the session keyring
properly at login time. When cifscreds add is used in such a session,
the kernel will spawn a new session keyring in which to install the
credentials. That keyring will then go away once the cifscreds process
exits.
Check for this situation by looking to see if the session and
user-session keyrings are the same. Throw a warning if so, and add some
verbiage to the cifscreds manpage that explains the issue. Also, if
the session keyring can't be queried for any reason, then cause the
program to error out.
Acked-by: David Howells <dhowells@redhat.com>
Reported-by: Milan Knížek <knizek.confy@gmail.com>
Signed-off-by: Jeff Layton <jlayton@samba.org>
Luk Claes [Thu, 19 Jul 2012 13:27:01 +0000 (09:27 -0400)]
mount.cifs: Use errno instead of having unknown error
When access() fails, use errno for a sensible error message.
Signed-off-by: Luk Claes <luk@debian.org>
Ankit Jain [Wed, 18 Jul 2012 10:47:07 +0000 (06:47 -0400)]
mount.cifs: Use systemd's mechanism for getting password, if present.
If systemd is running and /bin/systemd-ask-password if available,
then use that else fallback on getpass(..).
And add a --enable-systemd configure option, which defaults to yes.
Signed-off-by: Ankit Jain <jankit@suse.com>
Andreas Schneider [Tue, 10 Jul 2012 02:21:04 +0000 (22:21 -0400)]
autoconf: Fix building with autoconf version older than 2.60.
AC_PROG_SED is only avaliable in recent autoconf versions.
Use AC_CHECK_PROG instead if AC_PROG_SED is not present.
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Jeff Layton [Mon, 9 Jul 2012 18:12:33 +0000 (14:12 -0400)]
autoconf: add --enable-pie and --enable-relro
-pie and -fpie enable the building of position-independent executables,
and -Wl,-z,relro turns on read-only relocation support in gcc. These
options are important for security purposes to guard against possible
buffer overflows that lead to exploits.
Follow the example of samba here and enable these by default, but add
configure options that allow people to turn them off at build-time if
necessary.
We may also want to eventually add checks to ensure that the compiler
and linker understand these options, but I'll wait until we have some
evidence that it's needed before I expend the effort.
Reported-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Fri, 6 Jul 2012 15:48:18 +0000 (11:48 -0400)]
replace: remove bzero() redefinition from replace.h
I borrowed replace.h from samba when I split off the package, and we
have a ton of definitions in there that we don't really need. This is
one of them and it causes a warning when we build on RHEL5.
Reported-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Thu, 14 Jun 2012 15:05:43 +0000 (11:05 -0400)]
cifs.upcall: more debug logging for krb5 upcalls
While helping to track down a configuration problem, I found this
little bit of extra debug logging to be helpful. Might as well
make it part of the stock binary.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Thu, 14 Jun 2012 14:59:18 +0000 (10:59 -0400)]
mount.cifs: set rc to 0 in libcap toggle_dac_capability
Thus spake Jochen:
The mount.cifs program from the cifs-utils package 5.5 did not work on
my Linux system. It just exited without an error message and did not
mount anything.
[...]
I think, when this variable rc is now used in this function, it has also
to be properly initialized there.
Reported-by: Jochen Roderburg <roderburg@uni-koeln.de>
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Thu, 14 Jun 2012 14:59:18 +0000 (10:59 -0400)]
automake: revert -Werror by default
I think in hindsight, that adding -Werror by default was a mistake.
cifs-utils is built in a wide range of environments and tools, and it's
very difficult to eliminate all of the possible warnings.
Let's go ahead and remove it and reduce the steady trickle of patches
that are simply to silence obscure warnings.
Cc: Suresh Jayaraman <sjayaraman@suse.com>
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Fri, 1 Jun 2012 17:56:21 +0000 (13:56 -0400)]
autoconf: set version to 5.5.1 for interim builds
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Wed, 30 May 2012 10:12:16 +0000 (06:12 -0400)]
autoconf: set version to 5.5
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Mon, 21 May 2012 13:14:17 +0000 (09:14 -0400)]
manpage: document the cache= option and mark strictcache and directio as
being deprecated
...also add a CACHE COHERENCY section so that we can explain cifs' behavior
in detail.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Luk Claes [Sat, 19 May 2012 10:37:21 +0000 (06:37 -0400)]
mount.cifs: unused variables
Jeff Layton [Thu, 17 May 2012 10:46:38 +0000 (06:46 -0400)]
doc: remove old XML sources for mount.cifs.8 and cifs.upcall.8
These files were added when I originally split these tools off from the
samba sources, but we haven't ever used them to build the actual
manpages and they haven't been maintained. Remove them.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Thu, 17 May 2012 10:46:38 +0000 (06:46 -0400)]
mount.cifs: remove smb2 multicall binary code
This was added when it was thought that smb2 would be a different fstype
altogether. Now that we are not adding a separate fstype, this code is
no longer needed since nothing will ever call /sbin/mount.smb2.
Cc: Steve French <smfrench@gmail.com>
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Thu, 17 May 2012 10:46:38 +0000 (06:46 -0400)]
mount.cifs: don't send a mandatory ver= option to the kernel
Traditionally, this ver= option was used to specify the "options
version" that we're passing in. It has always been set to '1' though
and we have never changed that.
Eventually we want to have a ver= (or vers=) option that allows users
to specify the SMB version that they want to use to talk to the server.
At that point, this option will just get in the way. Let's go ahead
and remove it now in preparation for that day.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Mon, 14 May 2012 10:41:29 +0000 (06:41 -0400)]
doc: update mailing list
Signed-off-by: Luk Claes <luk@debian.org>
Jeff Layton [Wed, 2 May 2012 18:25:28 +0000 (14:25 -0400)]
mount.cifs: don't pass credentials= option to the kernel
We handle this option in userspace, so there's little value in also
passing it to the kernel.
Also fix minor double-comma nit in the options string.
Reported-by: Ronald <ronald645@gmail.com>
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Fri, 20 Apr 2012 11:59:17 +0000 (07:59 -0400)]
mount.cifs: remove unnecessary getuid() check in libcap version of toggle_dac_capability
I'm not sure what I was thinking when I added that check in, but it's
been there since the inception. We shouldn't care at all what the
real uid is when we call toggle_dac_capability and indeed we don't
care with the libcap-ng version. Remove that check.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Lars Mueller [Fri, 20 Apr 2012 11:59:15 +0000 (07:59 -0400)]
mount.cifs: toggle_dac_capability() stores return code
the build process of the cifs-utils for Mandriva 2011 made me notice of
the unused variable rc in toggle_dac_capability() of mount.cifs.c.
A bit up in the code we store the return value and do not make use of it
while calling return.
The attached patch intends to fix this.
The failing build result is still visible at
https://build.opensuse.org/package/live_build_log?arch=x86_64&package=cifs-utils&project=network%3Asamba%3ASTABLE&repository=Mandriva_2011
Acked-by: Suresh Jayaraman <sjayaraman@suse.com>
Signed-off-by: Lars Mueller <lmuelle@suse.com>
Lars Mueller [Fri, 20 Apr 2012 11:59:06 +0000 (07:59 -0400)]
cifs.upcall: missing prototype for krb5_auth_con_set_req_cksumtype in MIT
krb5 < 1.7
products coming with MIT krb5 < 1.7 (like SUSE Linux Enterprise 11 SP 1
or SP 2) suffer from the same issue as described by
https://bugzilla.samba.org/show_bug.cgi?id=6918
The declaration of krb5_auth_con_set_req_cksumtype is missing.
Inspiration: https://bugzilla.samba.org/show_bug.cgi?id=6918
Acked-by: Suresh Jayaraman <sjayaraman@suse.com>
Signed-off-by: Lars Mueller <lmuelle@suse.com>
Lars Mueller [Fri, 20 Apr 2012 11:58:54 +0000 (07:58 -0400)]
mount.cifs: uninitialized variables in mount.cifs
older gcc versions (4.3 in the case of SUSE Linux Enterprise 11 SP 1 and
SP 2) complain about uninitialized variables in the recent 5.4 release.
The attached patch makes the build process a bit quieter.
Acked-by: Suresh Jayaraman <sjayaraman@suse.com>
Signed-off-by: Lars Mueller <lmuelle@suse.com>
Jeff Layton [Thu, 19 Apr 2012 11:29:46 +0000 (07:29 -0400)]
mount.cifs: fix up some -D_FORTIFY_SOURCE=2 warnings
...and add -D_FORTIFY_SOURCE=2 to the default $CFLAGS.
Acked-by: Acked-by: Suresh Jayaraman <sjayaraman@suse.com>
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Thu, 19 Apr 2012 11:29:33 +0000 (07:29 -0400)]
autoconf: set version to 5.4.1 for interim builds
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Wed, 18 Apr 2012 19:40:06 +0000 (15:40 -0400)]
autoconf: set version to 5.4
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Wed, 18 Apr 2012 18:47:47 +0000 (14:47 -0400)]
docs: update to project resources in README
...and add Igor Druzhinin and Pavel Shilovsky to AUTHORS.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Mon, 16 Apr 2012 18:13:14 +0000 (14:13 -0400)]
automake: add -Werror to CFLAGS
With the recent patch to fix the warnings in asn1.c, cifs-utils now
builds without any warnings. Ban them henceforth by adding -Werror for
builds.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Sun, 15 Apr 2012 12:14:59 +0000 (08:14 -0400)]
asn1: fix up some compiler warnings in asn1.c
These have been around for quite some time.
gcc -DHAVE_CONFIG_H -I. -Wall -Wextra -g -O2 -MT asn1.o -MD -MP -MF
.deps/asn1.Tpo -c -o asn1.o asn1.c
asn1.c: In function ‘asn1_write’:
asn1.c:45:19: warning: comparison between signed and unsigned integer
expressions [-Wsign-compare]
asn1.c: In function ‘asn1_peek’:
asn1.c:411:22: warning: comparison between signed and unsigned integer
expressions [-Wsign-compare]
asn1.c: In function ‘asn1_tag_remaining’:
asn1.c:541:16: warning: comparison between signed and unsigned integer
expressions [-Wsign-compare]
asn1.c: In function ‘_ber_read_OID_String_impl’:
asn1.c:570:22: warning: comparison between signed and unsigned integer
expressions [-Wsign-compare]
Almost all of these are due to the fact that asn1_data->ofs is a
signed value, and ->length is unsigned.
This should clear the way to add -Werror to the cflags in the near
future.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Sun, 15 Apr 2012 12:11:53 +0000 (08:11 -0400)]
autoconf: fix tests for wbclient to use pkgconfig
Use the pkgconfig file that's included with wbclient to perform the test
for wbclient usability, and to set the correct CFLAGS and LDADD.
This is particularly necessary on recent Fedora with samba4 since it
puts the wbclient.h file in a different directory than before.
Also, remove a redundant test for wbclient.h from configure.ac.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Mon, 2 Apr 2012 19:28:56 +0000 (15:28 -0400)]
mount.cifs: don't allow unprivileged users to mount onto dirs to which they
can't chdir
If mount.cifs is installed as a setuid root program, then a user can
use it to gather information about files and directories to which he
does not have access.
One of the first things that mount.cifs does is to chdir() into the
mountpoint and then proceeds to perform the mount onto ".". A malicious
user could exploit this fact to determine information about directories
to which he does not have access. Specifically, whether the dentry in
question is a file or directory and whether it exists at all.
This patch fixes this by making the program switch the fsuid to the
real uid for unprivileged users when mounting.
Note that this is a behavior change. mount.cifs has in the past allowed
users to mount onto any directory as long as it's listed in /etc/fstab
as a user mount. With this change, the user must also be able to chdir
into the mountpoint without needing special privileges. Hopefully not
many people have such a pathological configuration.
This patch should fix CVE-2012-1586.
Reported-by: Jesus Olmos <jesus.olmos@blueliv.com>
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Thu, 29 Mar 2012 13:11:29 +0000 (09:11 -0400)]
cifs.upcall: use krb5_sname_to_principal to construct principal name
Currently, we build the string by hand then then construct the
principal name with krb5_parse_name. That bypasses the domain_realm
section in krb5.conf however.
Switch the code to use krb5_sname_to_principal instead which is more
suited to this task. In order for that to work, we change a couple of
calling functions to pass down a hostname instead of a principal
name, and then pass in "cifs" as the service name.
Reported-and-Tested-by: Nirupama Karandikar <nkarandi@redhat.com>
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Tue, 6 Mar 2012 15:54:28 +0000 (10:54 -0500)]
mount.cifs: add support for -s option
autofs generally calls mount helpers with '-s'. Handle that the same
way we do for NFS -- append ",sloppy" option to the mount options.
The kernel can look for that option to decide whether to ignore
unknown mount options, warn, or error out.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Thu, 23 Feb 2012 15:42:09 +0000 (10:42 -0500)]
mount.cifs: fix tests for strtoul success
The current test just looks to see if errno was 0 after the conversion
but we need to do a bit more. According to the strtoul manpage:
If there were no digits at all, strtoul() stores the original value
of nptr in *endptr (and returns 0).
So, if you pass in a string of letters, strtoul will return 0, but
won't actually have converted anything. Luckily, in most cases, /bin/mount
papers over this bug by doing uid/gid conversions itself before calling
mount.cifs.
Fix this by also checking to ensure that strtoul() converted the entire
string in addition to checking that it didn't set errno. While we're at
it, fix the test in backupuid/backupgid options as well which don't
currently check whether errno got set.
Reported-by: Kyle Squizzato <ksquizza@redhat.com>
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Mon, 20 Feb 2012 14:02:54 +0000 (09:02 -0500)]
manpage: update wsize= entry to account for change in default wsize
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Sun, 12 Feb 2012 12:33:05 +0000 (07:33 -0500)]
cifs-utils: allow specifying rootsbindir at configure time
...via the $ROOTSBINDIR environment variable, and AC_ARG_VAR macro.
The default is to use /sbin for this value, which only currently
affects the installation location of mount.cifs.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Sun, 12 Feb 2012 12:33:01 +0000 (07:33 -0500)]
autoconf: set release to 5.3.1 for interim builds
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Sun, 12 Feb 2012 12:32:27 +0000 (07:32 -0500)]
autoconf: set release to 5.3.1 for interim builds
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Sat, 28 Jan 2012 13:18:32 +0000 (08:18 -0500)]
autoconf: set version to 5.3
...and fix the URL for cifs-utils.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Tue, 24 Jan 2012 13:34:09 +0000 (08:34 -0500)]
cifscreds: build it by default
...but either error out or disable it if keyutils.h isn't present.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Tue, 24 Jan 2012 13:30:16 +0000 (08:30 -0500)]
cifscreds: add a manpage
...I'm also including the POD sources here for easier editing, but we
may remove them in the future if it becomes burdensome to keep up 2
copies.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Tue, 17 Jan 2012 21:35:55 +0000 (16:35 -0500)]
cifscreds: change prefix on keys to "cifs:" instead of "cifscreds:"
The "creds" portion seems redundant.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Tue, 17 Jan 2012 21:35:55 +0000 (16:35 -0500)]
cifscreds: make key_search use keyctl_search
...which is much more efficient than walking the keyring by hand.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Tue, 17 Jan 2012 21:35:50 +0000 (16:35 -0500)]
cifscreds: make cifscreds use the "logon" key_type
...and have it loosen the permissions to allow searching. There seems
to be no clear way to make user keys unreadable, but still allow for
them to be searched, so we'll need a new key_type that doesn't allow
you to read the payload from userspace. That will be proposed in a
separate kernel patch.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Tue, 17 Jan 2012 19:43:24 +0000 (14:43 -0500)]
cifscreds: use the session keyring
This seems like a reasonable change, but I'm willing to listen to
arguments to the contrary...
cifscreds currently hangs the keys off of the uid keyring. It seems
more appropriate though that we require that each session have its
own set. This might be particularly important in a containerized
situation. If a user authenticates in one container, then we probably
don't want to allow a user in another to "borrow" those creds.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Tue, 17 Jan 2012 19:43:24 +0000 (14:43 -0500)]
cifscreds: loosen allowed characters in domain names
As Donald points out, NetBIOS domains are allowed more characters than
the code currently allows. Change the test to one that checks for
disallowed characters instead.
Also, I can't find anything that says that '@' is not allowed in a
username. Might as well allow that too. Worst case, the server will
reject the username.
Reported-by: Donald R. Gray Jr <donald.r.gray@gmail.com>
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Tue, 17 Jan 2012 19:43:24 +0000 (14:43 -0500)]
cifscreds: add --domain flag
...to indicate that the first argument is not a hostname but an
NT domain name. If it's set, then treat the argument as a
string literal.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Tue, 17 Jan 2012 19:43:24 +0000 (14:43 -0500)]
cifscreds: make username parameter optional
...and use getopt_long to get it. If someone doesn't specify the username,
use getusername() to get it.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Tue, 17 Jan 2012 19:43:24 +0000 (14:43 -0500)]
cifscreds: move option parsing into main()
Having to parse options in every command routine is cumbersome and
restrictive. Declare a struct to hold arguments, and then have the
functions take that struct as an argument.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Tue, 17 Jan 2012 19:43:24 +0000 (14:43 -0500)]
cifscreds: make usage use "return" and have callers return
...banish the use of exit(), which may be helpful in the future in
the event that we eventually move some of this code into a library.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Tue, 17 Jan 2012 19:43:24 +0000 (14:43 -0500)]
cifscreds: make username part of value instead of description
Change the payload to be "username:password". Since usernames can't
contain ':', this is suitable delimiter. Also, create_description
is just a sprintf now, so eliminate it.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Tue, 17 Jan 2012 19:43:24 +0000 (14:43 -0500)]
cifscreds: remove user parameter from create_description
The username should be part of the key payload and not part of
the description. Also, prefix the address with an "a:" in the
description. Eventually we'll also need a "domain" key variant.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Tue, 17 Jan 2012 19:43:23 +0000 (14:43 -0500)]
cifscreds: eliminate domain parm from most functions
Eventually we'll add this back in a different way. The domain and
address should be exclusive of one another. IOW, we want the kernel to
be able to find credentials for a specific address or for the domain of
which the server is a member.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Tue, 17 Jan 2012 19:43:23 +0000 (14:43 -0500)]
cifscreds: add unused attribute to argv parm in cifscreds_clearall
...to eliminate this warning:
cifscreds.c: In function ‘cifscreds_clearall’:
cifscreds.c:422:47: warning: unused parameter ‘argv’
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Tue, 17 Jan 2012 19:43:23 +0000 (14:43 -0500)]
util: move getusername to util.c
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Mon, 16 Jan 2012 18:22:28 +0000 (13:22 -0500)]
mount.cifs: handle errors from rename() in del_mtab
The new del_mtab code ignored errors from rename(). Make it handle that
error as well like it does other errors.
Cc: Carlos Maiolino <cmaiolino@redhat.com>
Signed-off-by: Jeff Layton <jlayton@samba.org>
Carlos Maiolino [Mon, 16 Jan 2012 17:29:49 +0000 (12:29 -0500)]
mount.cifs: Properly update mtab during remount
During a remount of a cifs filesystem, the mtab file is not properly
updated, which leads to a doubled entry of the same filesystem in the
/etc/mtab file. This patch adds a new function del_mtab() which is
called before the add_mtab() in case the fs is being remounted.
The del_mtab() function will delete from the mtab, the old entry from
the filesystem which is being remounted, and then, calls add_mtab() to
add an updated entry to the mtab file.
Signed-off-by: Carlos Maiolino <cmaiolino@redhat.com>
Jeff Layton [Tue, 10 Jan 2012 23:34:43 +0000 (18:34 -0500)]
cifs.upcall: allow admins to specify an alternate krb5.conf file
This was actually requested by the Red Hat QA group, who sometimes work
with multiple krb5.conf files when testing.
Requested-by: Marko Myllynen <myllynen@redhat.com>
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Tue, 10 Jan 2012 23:30:56 +0000 (18:30 -0500)]
get/setcifsacl: don't link in -lkeyutils
These binaries don't use keys API at all. There's no need to link in
the keys library.
Reported-by: Frédéric L. W. Meunier <fredlwm@fredlwm.net>
Signed-off-by: Jeff Layton <jlayton@samba.org>
Acked-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
Jeff Layton [Sat, 10 Dec 2011 11:49:33 +0000 (06:49 -0500)]
contrib: add a set of sample /etc/request-key.d files
Add a contrib directory, a set of sample /etc/request-key.d files and
a README that explains what they're for. This version sets the path
to the upcall programs based on the configure options.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Sat, 10 Dec 2011 02:36:00 +0000 (21:36 -0500)]
autoconf: bump release to 5.2.1 for interim builds
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Sat, 10 Dec 2011 01:28:17 +0000 (20:28 -0500)]
autoconf: set version to 5.2
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Mon, 5 Dec 2011 16:40:17 +0000 (11:40 -0500)]
manpage: add an entry for prefixpath= to the mount.cifs manpage
Reported-by: Sumit Bose <sbose@redhat.com>
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Sat, 3 Dec 2011 10:57:14 +0000 (05:57 -0500)]
cifs.upcall: try and guess the domain name on unqualified names
Resolve the unqualified hostname and set AI_CANONNAME to make sure that
field is populated. Scan forward to the first '.' in ai_canonname, and
append that value onto the unqualified hostname to get a FQDN. Then
prepend that value with "cifs/" and try to get a service ticket for
that principal.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Sat, 3 Dec 2011 10:57:14 +0000 (05:57 -0500)]
cifs.upcall: move to Andrew's suggested algorithm for picking a principal
Andrew Bartlett suggests the heuristic supplied in the comments.
For now, we don't try to guess the domainname when the hostname is not
qualified, but add a comment with what needs to be done in order to
support that.
Also, with this change we no longer need util.o to be linked in.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Sat, 3 Dec 2011 10:57:14 +0000 (05:57 -0500)]
cifs.upcall: always lowercase the hostname
Most KDCs are case-sensitive (the notable exception being AD), but DNS
is case-insensitive. To prevent admins from having to put in all
possible case combinations of a principal, lowercase the hostname prior
to trying to get a principal.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Sat, 3 Dec 2011 10:57:14 +0000 (05:57 -0500)]
cifs.upcall: move to an on-stack princ buffer
...and check to see if provided hostname will exceed it.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Sat, 3 Dec 2011 10:57:11 +0000 (05:57 -0500)]
resolve_host: silence compiler warning about discarding const qualifier
...don't use "ipaddr" here since it's a const pointer.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Reviewed-by: Steve French <sfrench@us.ibm.com>
Jeff Layton [Sat, 12 Nov 2011 14:58:02 +0000 (09:58 -0500)]
cifs.upcall: silence unused parameter warning
cifs.upcall.c: In function ‘cifs_krb5_principal_get_realm’:
cifs.upcall.c:80:57: warning: unused parameter ‘context’ [-Wunused-parameter]
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Wed, 19 Oct 2011 18:25:31 +0000 (14:25 -0400)]
manpage: document new rsize= behavior
With the addition of async readpages in 3.2 kernels, the behavior of
the rsize= option has changed.
Signed-off-by: Jeff Layton <jlayton@samba.org>