git.samba.org - jlayton/cifs-utils.git/log

cifs-utils: add autoconf test for WBC_ID_TYPE_BOTH

WBC_ID_TYPE_BOTH is a new addition (in Samba 4.0 only). Add a test for
its presence. Because it's an enum, we have to jump through some extra
hoops here...

Signed-off-by: Jeff Layton <jlayton@samba.org>

cifs-utils: convert setcifsacl to use the plugin interface

Add str_to_sid() functionality to the plugin API and have setcifsacl
use it.

Signed-off-by: Jeff Layton <jlayton@samba.org>

cifs-utils: new plugin architecture for ID mapping code

Currently, the ACL-related tools in cifs-utils call into the wbclient
libs directly in order to do their bidding. The wbclient developers want
to get away from needing to configure winbind on the clients and instead
allow sssd to handle the mapping in most cases.

This patch represents an initial step in that direction. It adds a
plugin architecture for cifs-utils, adds wrappers around the calls into
libwbclient that find an idmap plugin library to use and then has it
call into that plugin to do the actual ID mapping.

The application will call into a set of routines that find the correct
plugin and dlopen() it. Currently the plugin is located in a well-known
location that is settable via autoconf. That location is intended to be
a symlink that points to the real plugin (generally under $pkglibdir).

The plugin will export a number of functions with well-known names. The
wrappers find those by using dlsym() and then call them.

Signed-off-by: Jeff Layton <jlayton@samba.org>

cifs-utils: struct cifs_sid definition to new cifsidmap.h header

People who want to build a plugin for the idmapping routines will need a
header to describe the data types that they need. Add a cifsidmap.h file
and move the struct cifs_sid definition into it, along with the
constants needed to describe it.

Signed-off-by: Jeff Layton <jlayton@samba.org>

setcifsacl: remove syslog goop

setcifsacl doesn't use syslog, so no need to open a channel to it.

Signed-off-by: Jeff Layton <jlayton@samba.org>

getcifsacl: remove unneeded openlog() call

getcifsacl doesn't log to syslog, so there's no need to open a channel
to it. Also, remove the unneeded "prog" global variable since only
the usage() function needs it.

Signed-off-by: Jeff Layton <jlayton@samba.org>

cifs-utils: only link in -lrt to binaries that need it

...which is really only mount.cifs.

Cc: Björn Jacke <bj@sernet.de>
Signed-off-by: Jeff Layton <jlayton@samba.org>

autoconf: enable full RELRO in cifs-utils binaries

This is safer since it also protects the GOT from getting clobbered.

Signed-off-by: Jeff Layton <jlayton@samba.org>

getcifsacl: ensure that we don't overrun the wbcDomainSid when converting

If we get a SID that contains more than 15 subauthorities, we'll end up
overrunning the struct wbcDomainSid. Just ignore any past 15.

Signed-off-by: Jeff Layton <jlayton@samba.org>

getcifsacl: free strings returned by wbcLookupSid

Signed-off-by: Jeff Layton <jlayton@samba.org>

getcifsacl: use "size" instead of reconverting original field to host endian

Signed-off-by: Jeff Layton <jlayton@samba.org>

autotools: remove unnecessary files from distro

Having them in the distro prevents autoreconf -i from installing the latest
copies.

Signed-off-by: Jeff Layton <jlayton@samba.org>

mount.cifs: don't pass "flag" options to the kernel

When certain options are passed to the mount helper, we want to turn
them into mountflags for the mount() syscall. There's no need to copy
them to the options string in that case though.

Signed-off-by: Jeff Layton <jlayton@samba.org>

mount.cifs: treat uid=,gid=,cruid= options as name before assuming they're a number

Sergio Conrad reported a problem trying to set up an autofs map to do
a krb5 mount. In his environment, many users have usernames that are
comprised entirely of numbers. While that's a bit odd, POSIX apparently
allows for it.

The current code assumes that when a numeric argument is passed to one
of the above options, that it's a uid or gid. Instead, try to treat the
argument as a user or group name first, and only try to treat it as a
number if that fails.

Signed-off-by: Jeff Layton <jlayton@samba.org>

autoconf: set version to 5.8.1 for interim builds

Signed-off-by: Jeff Layton <jlayton@samba.org>

autoconf: set version to 5.8

Signed-off-by: Jeff Layton <jlayton@samba.org>

setcifsacl: fix format specifier in error message

setcifsacl.c:833: warning: format '%ld' expects type 'long int', but
argument 3 has type 'ssize_t'

Signed-off-by: Jeff Layton <jlayton@samba.org>

setcifsacl: don't freely cast between wbcDomainSid and cifs_sid

Since they are not necessarily aligned the same and potentially store
their fields with different endianness. Copy from the wbcDomainSid
to the cifs_sid as appropriate.

Also rename the same function in cifs.idmap.c for consistency.

Signed-off-by: Jeff Layton <jlayton@samba.org>

getcifsacl: don't freely cast between wbcDomainSid and cifs_sid

While they are very similar, the cifs_sid is "packed" and the
wbcDomainSid isn't. There are also aliasing problems with gcc in
some cases. Instead of trying to cast and fix endianness in place,
make a separate copy instead.

Signed-off-by: Jeff Layton <jlayton@samba.org>

mount.cifs: fix argument count check

The argv < 3 check could return true if you pass in some option flags.
If you don't provide any further arguments then you might just walk
off the end of the argv array. The values past the end aren't
guaranteed to be NULL in that case.

Fix the check to just look at whether there are 2 more arguments after
the getopt processing is done.

Signed-off-by: Jeff Layton <jlayton@samba.org>

getcifsacl: fix up printing of REVISION: and CONTROL: fields

They need endianness conversion too...

Signed-off-by: Jeff Layton <jlayton@samba.org>

cifs.idmap: fix up some compile-time warnings

Get rid of some unused variables, and fix a strict-aliasing problem by
copying the SID data to a new place instead of converting the
endianness in-place.

Signed-off-by: Jeff Layton <jlayton@samba.org>

setcifsacl: fix some build warnings

Signed-off-by: Jeff Layton <jlayton@samba.org>

setcifsacl: fix endianness of ->size in build_cmdline_aces

The size must also be kept in little-endian.

Signed-off-by: Jeff Layton <jlayton@samba.org>

setcifsacl: fix up ACE mask handling

Change verify_ace_mask to just attempt to convert the argument to an
unsigned long first. If that fails, then try to treat it as a symbolic
mask string.

Also, clean up ace_mask_value. There's no need to walk the string
twice. Walk it once and turn the single-char mask checks into a switch
statement instead of if/else clauses.

Finally, fix the endianness of the resulting value. It must be in LE.

Signed-off-by: Jeff Layton <jlayton@samba.org>

getcifsacl: fix endianness bug in getcifsacl and add better bounds checks

getcifsacl must convert the access_req field from little endian. Also,
we should ensure that the "size" field in the ACE is reachable before
trying to access it.

Signed-off-by: Jeff Layton <jlayton@samba.org>

setcifsacl: fix some bugs in build_cmdline_aces

Pavel Raiskup found the following defect in setcifsacl with Coverity:

"segfault may occur also in cifs-utils-4.8.1/setcifsacl.c|644| because
of casesptr dereferencing. When you look e.g. at the line 605, in this
time any part of 'caseptr' may be yet uninitialized and program is going
through 'goto' to freeing -> and there you are freeing the 'caseptr[i]'
address."

The analysis there seems a little off, but is basically correct. The
freeing loop counts down from the current value of i to free the
secondary allocations here.

There is one situation though where this could go badly. If the strtok
parsing near the beginning of the loop fails, then we could end up
trying to free an uninitialized pointer.

Fix this by changing the cacesptr allocation to use calloc(), and stop
trying to be clever with the freeing loop. Just have it walk the
entire array and attempt to free each slot.

Reported-by: Pavel Raiskup <praiskup@redhat.com>
Signed-off-by: Jeff Layton <jlayton@samba.org>

setcifsacl: fix some bugs in build_fetched_aces

Pavel Raiskup reported the following defects that he found with Coverity:

"If the variable 'facesptr' on line cifs-utils-4.8.1/setcifsacl.c|365|
has not enough memory to be allocated, program 'setcifsacl' will fail
with segfault on line 365 (dereferencing facesptr)."

"you may return freed pointer here. There is some kind of return code
('rc') which should be transferred to >NULL< when is rc nonzero (and
returned)"

There are also a couple of other bugs here:

malloc doesn't necessarily set errno to anything when an allocation
fails, so having the error handling rely on that is wrong.

Fix all of these bugs by reorganzing this function to fix up the error
handling.

Reported-by: Pavel Raiskup <praiskup@redhat.com>
Signed-off-by: Jeff Layton <jlayton@samba.org>

setcifsacl: consolidate SID copying routines

...instead of open-coding it thrice.

Signed-off-by: Jeff Layton <jlayton@samba.org>

getcifsacl: fix raw SID printing routine

The current routine prints multiple authority values as different
numbers instead of combining them, which is wrong.

Print the SID according to the rules in MS-DTYP.

Signed-off-by: Jeff Layton <jlayton@samba.org>

getcifsacl: don't use wbcDomainSid internally

Use our own cifs_sid instead and cast it to a wbcDomainSid before
handing it off to winbind.

Signed-off-by: Jeff Layton <jlayton@samba.org>

getcifsacl: fix endianness before handing off SID to winbind

winbind expects SIDs to be expressed in host-endian. Convert them
from little-endian before asking winbind to convert them to names.

Also use the WBC_ERROR_IS_OK() macro to check the return code.

Signed-off-by: Jeff Layton <jlayton@samba.org>

getcifsacl: clarify magic number if print_ace

Signed-off-by: Jeff Layton <jlayton@samba.org>

setcifsacl: fix verify_ace_sid

The current method of trying to convert a name to a password struct and
then back to a SID is just weird. It also doesn't seem to work correctly.

Instead, look for a '\\' in the string. If there isn't one then try to
convert it directly to a SID.

If there is a '\\' or the direct-to-SID conversion didn't work, then
use wbcLookupName to do the conversion directly to a SID instead.

Also, fix the error handling. These routines return a wbcErr, so we
should use their macros to check whether it worked or not.

Signed-off-by: Jeff Layton <jlayton@samba.org>

setcifsacl: clean up parse_cmdline_aces

One of the reasons to use "goto" in an error condition is to eliminate
unnecessary indentation. Fix that here by revering some error checks
end getting rid of some unneeded "else" cases.

After using strstr() to find "ACL:", there's no need to then use
strchr() to find ':'. We know where it is -- it's 3 bytes past the
current position.

Finally, there's no need to copy these strings into new buffers,
just set the pointers in the array to their original values.

Signed-off-by: Jeff Layton <jlayton@samba.org>

setcifsacl: clean up get_numcaces

No need to walk the string twice or to hand-roll our own version of
strchr(). Also, move the check for no argument out into main().

Signed-off-by: Jeff Layton <jlayton@samba.org>

setcifsacl: fix up endianness conversions

Don't use htole32 when you really want le32toh. Also, when copying or
comparing ACEs, it's incorrect to convert the endianness of these
fields. Let's just keep things simple and declare that multibyte fields
in all of these structs are always kept in little-endian.

Signed-off-by: Jeff Layton <jlayton@samba.org>

cifs.idmap: fix endianness on SIDs before sending to kernel

Winbind keeps wbcDomainSids in host-endian format. They must be
converted to little-endian before we can ship them off to the
kernel.

Signed-off-by: Jeff Layton <jlayton@samba.org>

setcifsacl: fix endianness on SIDs provided by winbind routines

Winbind keeps SID fields in host-endian format, but setcifsacl doesn't
currently account for that. Make sure that when we get a valid SID
from wbc that we convert the subauth fields to little-endian, which
the server will expect. The other fields are single bytes and don't
need conversion.

Signed-off-by: Jeff Layton <jlayton@samba.org>

cifsacl: header file cleanup

Remove the unused ace_action enum, and express mask values by or'ing
what they represent. Add a comment about the endianness of these values
in the packed structs too.

Signed-off-by: Jeff Layton <jlayton@samba.org>

setcifsacl: fix up getopt() usage

'?' has a special meaning in getopt(). It means that the option
character was not recognized. You can override that behavior by making
':' the first character of the optstring, but that wasn't done here. I'm
not sure what the effect of having '?' in the actual optstring is in
this case, but it's probably best not to put it in there.

Remove '?' from the optstring and replace it 'h'. Also add '-h' as a
valid option to the manpage.

'-v' doesn't require an argument, so fix the optstring to reflect that.

Finally declare a new variable to hold optarg. Currently we only call
getopt() once, which is a little odd. Eventually we may want to make it
call it more than once, in which case we'll need some way to store the
optarg on each pass.

Signed-off-by: Jeff Layton <jlayton@samba.org>

setcifsacl: declare an enum for the action values

...instead of relying on magic values of an int.

Signed-off-by: Jeff Layton <jlayton@samba.org>

get/setcifsacl: set "prog" via basename(argv[0])

This saves a tiny bit of memory, and doesn't make the program assume
that the binary is named something in particular.

Signed-off-by: Jeff Layton <jlayton@samba.org>

setcifsacl: clean up get_numfaces

pntsd is never NULL here, and get rid of extra "else" that adds some
unneeded indentation.

Signed-off-by: Jeff Layton <jlayton@samba.org>

setcifsacl: fix overrun of subauths array when copying SIDs

copy_sec_desc() copies the owner and group SIDs from one security
descriptor to another. Unfortunately, it doesn't take into account the
fact that these are variable length and routinely overruns the SID
structure when doing this copy and scribbles over the destination ACL.

This wasn't noticed before the change in the maximum number of subauths
because the code either overwrote the damage afterward, or the overrun
part was the same between source and destination anyway. Now that the
max number of subauths is 15, it's more noticable.

Fix it to only copy the number of subauths that claimed in the buffer
instead.

Signed-off-by: Jeff Layton <jlayton@samba.org>

setcifsacl: clean up sizing of cifs_sid

The max number of subauthorities on windows and in winbind is generally
15, not 5. If winbind sends more than 5, then this code may end up
overrunning the buffer. Also, define some preprocessor constants and
use those instead of hardcoding '5' and '6' all over the place.

Signed-off-by: Jeff Layton <jlayton@samba.org>

cifs.idmap: add a --help option for cifs.idmap

To make it print the usage message and exit.

Reviewed-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
Signed-off-by: Jeff Layton <jlayton@samba.org>

cifs.idmap: set a timeout on keys that it instantiates

...and add a command-line option to allow the admin to tune that value.
I think this is a better way to handle this instead of trying to set the
timeouts in kernel space.

Reviewed-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
Signed-off-by: Jeff Layton <jlayton@samba.org>

cifs.idmap: don't use atoi to convert unsigned int to number

atoi() is for signed integers, and is deprecated in any case. Use
strtoul() instead and check the result carefully before using it.

Also add a log message when the string(s) can't be converted and
fix the signedness of the types in other log messages.

Reviewed-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
Signed-off-by: Jeff Layton <jlayton@samba.org>

cifs.idmap: clean up strget and avoid memory allocation

Don't do a strlen() call if strstr() isn't going to match anyway.

There's no need to duplicate the string here. None of the callers modify
it, so just return a pointer into the original string.

Reviewed-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
Signed-off-by: Jeff Layton <jlayton@samba.org>

cifs.idmap: add an options struct to handle long options

...since the manpage advertises them.

Reviewed-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
Signed-off-by: Jeff Layton <jlayton@samba.org>

cifs.idmap: get rid of useless strcmp prior to idmapping

The code copies off the key description and then ensures that it's
prefixed with "cifs.idmap". What's the point of that?

Presumably request-key would never have called this otherwise. There's
little harm in going ahead and doing the idmapping if this is called
with the wrong string.

Also, the error handling here is wrong. If the prefix doesn't match
the code will exit 0 without doing any mapping. Just remove it.

Reviewed-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
Signed-off-by: Jeff Layton <jlayton@samba.org>

cifs.idmap: make sure cifsacl structs are packed

The kernel equivalent definitions are defined with
__attribute__((packed)), and the code seems to assume the userspace and
kernel ones will be properly aligned. Fix the userspace definitions in a
similar fashion.

Given the way these structs are, there is probably not any padding
between fields on most arches, but it's best to be safe here.

Reviewed-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
Signed-off-by: Jeff Layton <jlayton@samba.org>

mount.cifs: add warning that NFS syntax is deprecated and will be
removed in cifs-utils-6.0.

[jlayton: Added newline to end of warning]
Signed-off-by: Scott Lovenberg <scott.lovenberg@gmail.com>

autoconf: set release to 5.7.1 for interim builds

Signed-off-by: Jeff Layton <jlayton@samba.org>

autoconf: set version to 5.7

Signed-off-by: Jeff Layton <jlayton@samba.org>

mount.cifs: implement the "nofail" option

The mount(8) manpage lists this as a fs-independent option:

nofail: Do not report errors for this device if it does not exist.

Implement that in mount.cifs by not returning an error if we were unable
to find a suitable address for the mount attempt.

Reported-by: Peter Trenholme <PTrenholme@gmail.com>
Signed-off-by: Jeff Layton <jlayton@samba.org>

manpage: clarify usage of the username= option

Specifying the username as "user=" can confuse some versions of /bin/mount,
and cause it to append noexec to the mount string. Also, remove the blurb
about how cifs.ko will accept abbreviations -- it's just bad practice since
it leads to these sorts of conflicts.

A wonderful example of this confusion was reported by Stefan here:

https://bugzilla.redhat.com/show_bug.cgi?id=860154

Reported-by: Stefan Walter <walteste@inf.ethz.ch>
Signed-off-by: Jeff Layton <jlayton@samba.org>

mount.cifs: running out of addresses is not a system error

This patch fixes a minor regression. It used to be that when the mount
helper would run out of addresses that it would return EX_FAIL to
userspace. It now returns EX_SYSERR which is incorrect. Reinstate
the correct error code.

Reported-by: Ales Zelinka <azelinka@redhat.com>
Signed-off-by: Jeff Layton <jlayton@samba.org>

mount.cifs: silence compiler warnings about ignoring return code

In this case we explicitly don't care what these functions return, so
declare a couple of unused variables to catch the results.

Signed-off-by: Jeff Layton <jlayton@samba.org>

cifs.upcall: use strncmp in scandir filter function

We want to require that the filename begins with the correct string,
not just that it contains it somewhere.

Signed-off-by: Jeff Layton <jlayton@samba.org>

cifs.upcall: scan /run/user/${UID} for ccaches, too

When scanning for credential caches, check the user's directory under
/run/user first, then fall back to /tmp as we have previously. Because
we now call find_krb5_cc() twice (once for each directory), we move its
state to be outside of the function. We also add a substitution
mechanism to make the process of resolving the location of the user's
home directory before searching it a bit more explicable.

cifs.upcall: also consider DIR:-type ccaches

If we encounter a subdirectory while scanning a directory for a user's
ccache, check if it's a "DIR" ccache. Otherwise, continue as before,
checking if it's a "FILE" ccache if it looks like a regular file.

cifs-utils: fix up references to getcifsacl and setcifsacl files

When I moved the manpages for this to section 1, I missed some references
to them. Also, get rid of the unneeded clean-local-aclprogs makefile target.

Signed-off-by: Jeff Layton <jlayton@samba.org>

mount.cifs: handle username= differently depending on sec= option

This patch is intended as a temporary workaround for krb5 users that need
to specify usernames with '/' in them. I intend to remove this hack from
mount.cifs once the legacy username handling code is removed.

The idea here is to save off the raw username string while we're parsing
options. If the mount options specify "sec=krb5" or "sec=krb5i" then
we'll not do the legacy username parsing and will instead just pass in
the username string as-is.

Obviously, this is a nasty hack and we don't really want to carry this
in perpetuity, so this can go away once the "legacy" username parsing
has gone away.

Signed-off-by: Jeff Layton <jlayton@samba.org>

mount.cifs: deprecate the DOMAIN/username%password username syntax

mount.cifs has in the past allowed users to specify a username using
the above syntax, which would populate the domain and password fields
with the different pieces.

Unfortunately, there are cases where it is legit to have a '/' in a
username. krb5 SPNs generally contain a '/' and we have no clear way
to distinguish between the two.

I don't see any real value in keeping that syntax allowed. It's no
easier than specifying "pass=" and "domain=" on the command line. Ditto
for credential files.

Begin the transition away from that syntax by adding a warning message
that support for it will be removed in 5.9.

Signed-off-by: Jeff Layton <jlayton@samba.org>

autoconf: set version to 5.6.1 for interim builds

Signed-off-by: Jeff Layton <jlayton@samba.org>

autoconf: set version to 5.6

Signed-off-by: Jeff Layton <jlayton@samba.org>

cifscreds: add a check and warnings for session keyring problems

Many distros do not call into pam_keyinit to set up the session keyring
properly at login time. When cifscreds add is used in such a session,
the kernel will spawn a new session keyring in which to install the
credentials. That keyring will then go away once the cifscreds process
exits.

Check for this situation by looking to see if the session and
user-session keyrings are the same. Throw a warning if so, and add some
verbiage to the cifscreds manpage that explains the issue. Also, if
the session keyring can't be queried for any reason, then cause the
program to error out.

Acked-by: David Howells <dhowells@redhat.com>
Reported-by: Milan Knížek <knizek.confy@gmail.com>
Signed-off-by: Jeff Layton <jlayton@samba.org>

mount.cifs: Use errno instead of having unknown error

When access() fails, use errno for a sensible error message.

Signed-off-by: Luk Claes <luk@debian.org>

mount.cifs: Use systemd's mechanism for getting password, if present.

If systemd is running and /bin/systemd-ask-password if available,
then use that else fallback on getpass(..).

And add a --enable-systemd configure option, which defaults to yes.

Signed-off-by: Ankit Jain <jankit@suse.com>

autoconf: Fix building with autoconf version older than 2.60.

AC_PROG_SED is only avaliable in recent autoconf versions.
Use AC_CHECK_PROG instead if AC_PROG_SED is not present.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>

autoconf: add --enable-pie and --enable-relro

-pie and -fpie enable the building of position-independent executables,
and -Wl,-z,relro turns on read-only relocation support in gcc. These
options are important for security purposes to guard against possible
buffer overflows that lead to exploits.

Follow the example of samba here and enable these by default, but add
configure options that allow people to turn them off at build-time if
necessary.

We may also want to eventually add checks to ensure that the compiler
and linker understand these options, but I'll wait until we have some
evidence that it's needed before I expend the effort.

Reported-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Jeff Layton <jlayton@samba.org>

replace: remove bzero() redefinition from replace.h

I borrowed replace.h from samba when I split off the package, and we
have a ton of definitions in there that we don't really need. This is
one of them and it causes a warning when we build on RHEL5.

Reported-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Jeff Layton <jlayton@samba.org>

cifs.upcall: more debug logging for krb5 upcalls

While helping to track down a configuration problem, I found this
little bit of extra debug logging to be helpful. Might as well
make it part of the stock binary.

Signed-off-by: Jeff Layton <jlayton@samba.org>

mount.cifs: set rc to 0 in libcap toggle_dac_capability

Thus spake Jochen:

The mount.cifs program from the cifs-utils package 5.5 did not work on
my Linux system. It just exited without an error message and did not
mount anything.

[...]

I think, when this variable rc is now used in this function, it has also
to be properly initialized there.

Reported-by: Jochen Roderburg <roderburg@uni-koeln.de>
Signed-off-by: Jeff Layton <jlayton@samba.org>

automake: revert -Werror by default

I think in hindsight, that adding -Werror by default was a mistake.
cifs-utils is built in a wide range of environments and tools, and it's
very difficult to eliminate all of the possible warnings.

Let's go ahead and remove it and reduce the steady trickle of patches
that are simply to silence obscure warnings.

Cc: Suresh Jayaraman <sjayaraman@suse.com>
Signed-off-by: Jeff Layton <jlayton@samba.org>

autoconf: set version to 5.5.1 for interim builds

Signed-off-by: Jeff Layton <jlayton@samba.org>

autoconf: set version to 5.5

Signed-off-by: Jeff Layton <jlayton@samba.org>

manpage: document the cache= option and mark strictcache and directio as
being deprecated

...also add a CACHE COHERENCY section so that we can explain cifs' behavior
in detail.

Signed-off-by: Jeff Layton <jlayton@samba.org>

mount.cifs: unused variables

doc: remove old XML sources for mount.cifs.8 and cifs.upcall.8

These files were added when I originally split these tools off from the
samba sources, but we haven't ever used them to build the actual
manpages and they haven't been maintained. Remove them.

Signed-off-by: Jeff Layton <jlayton@samba.org>

mount.cifs: remove smb2 multicall binary code

This was added when it was thought that smb2 would be a different fstype
altogether. Now that we are not adding a separate fstype, this code is
no longer needed since nothing will ever call /sbin/mount.smb2.

Cc: Steve French <smfrench@gmail.com>
Signed-off-by: Jeff Layton <jlayton@samba.org>

mount.cifs: don't send a mandatory ver= option to the kernel

Traditionally, this ver= option was used to specify the "options
version" that we're passing in. It has always been set to '1' though
and we have never changed that.

Eventually we want to have a ver= (or vers=) option that allows users
to specify the SMB version that they want to use to talk to the server.

At that point, this option will just get in the way. Let's go ahead
and remove it now in preparation for that day.

Signed-off-by: Jeff Layton <jlayton@samba.org>

doc: update mailing list

Signed-off-by: Luk Claes <luk@debian.org>

mount.cifs: don't pass credentials= option to the kernel

We handle this option in userspace, so there's little value in also
passing it to the kernel.

Also fix minor double-comma nit in the options string.

Reported-by: Ronald <ronald645@gmail.com>
Signed-off-by: Jeff Layton <jlayton@samba.org>

mount.cifs: remove unnecessary getuid() check in libcap version of toggle_dac_capability

I'm not sure what I was thinking when I added that check in, but it's
been there since the inception. We shouldn't care at all what the
real uid is when we call toggle_dac_capability and indeed we don't
care with the libcap-ng version. Remove that check.

Signed-off-by: Jeff Layton <jlayton@samba.org>

mount.cifs: toggle_dac_capability() stores return code

the build process of the cifs-utils for Mandriva 2011 made me notice of
the unused variable rc in toggle_dac_capability() of mount.cifs.c.

A bit up in the code we store the return value and do not make use of it
while calling return.

The attached patch intends to fix this.

The failing build result is still visible at
https://build.opensuse.org/package/live_build_log?arch=x86_64&package=cifs-utils&project=network%3Asamba%3ASTABLE&repository=Mandriva_2011

Acked-by: Suresh Jayaraman <sjayaraman@suse.com>
Signed-off-by: Lars Mueller <lmuelle@suse.com>

cifs.upcall: missing prototype for krb5_auth_con_set_req_cksumtype in MIT
krb5 < 1.7

products coming with MIT krb5 < 1.7 (like SUSE Linux Enterprise 11 SP 1
or SP 2) suffer from the same issue as described by
https://bugzilla.samba.org/show_bug.cgi?id=6918

The declaration of krb5_auth_con_set_req_cksumtype is missing.

Inspiration: https://bugzilla.samba.org/show_bug.cgi?id=6918

Acked-by: Suresh Jayaraman <sjayaraman@suse.com>
Signed-off-by: Lars Mueller <lmuelle@suse.com>

mount.cifs: uninitialized variables in mount.cifs

older gcc versions (4.3 in the case of SUSE Linux Enterprise 11 SP 1 and
SP 2) complain about uninitialized variables in the recent 5.4 release.

The attached patch makes the build process a bit quieter.

Acked-by: Suresh Jayaraman <sjayaraman@suse.com>
Signed-off-by: Lars Mueller <lmuelle@suse.com>

mount.cifs: fix up some -D_FORTIFY_SOURCE=2 warnings

...and add -D_FORTIFY_SOURCE=2 to the default $CFLAGS.

Acked-by: Acked-by: Suresh Jayaraman <sjayaraman@suse.com>
Signed-off-by: Jeff Layton <jlayton@samba.org>

autoconf: set version to 5.4.1 for interim builds

Signed-off-by: Jeff Layton <jlayton@samba.org>

autoconf: set version to 5.4

Signed-off-by: Jeff Layton <jlayton@samba.org>

docs: update to project resources in README

...and add Igor Druzhinin and Pavel Shilovsky to AUTHORS.

Signed-off-by: Jeff Layton <jlayton@samba.org>

automake: add -Werror to CFLAGS

With the recent patch to fix the warnings in asn1.c, cifs-utils now
builds without any warnings. Ban them henceforth by adding -Werror for
builds.

Signed-off-by: Jeff Layton <jlayton@samba.org>

asn1: fix up some compiler warnings in asn1.c

These have been around for quite some time.

gcc -DHAVE_CONFIG_H -I. -Wall -Wextra -g -O2 -MT asn1.o -MD -MP -MF
.deps/asn1.Tpo -c -o asn1.o asn1.c
asn1.c: In function ‘asn1_write’:
asn1.c:45:19: warning: comparison between signed and unsigned integer
expressions [-Wsign-compare]
asn1.c: In function ‘asn1_peek’:
asn1.c:411:22: warning: comparison between signed and unsigned integer
expressions [-Wsign-compare]
asn1.c: In function ‘asn1_tag_remaining’:
asn1.c:541:16: warning: comparison between signed and unsigned integer
expressions [-Wsign-compare]
asn1.c: In function ‘_ber_read_OID_String_impl’:
asn1.c:570:22: warning: comparison between signed and unsigned integer
expressions [-Wsign-compare]

Almost all of these are due to the fact that asn1_data->ofs is a
signed value, and ->length is unsigned.

This should clear the way to add -Werror to the cflags in the near
future.

Signed-off-by: Jeff Layton <jlayton@samba.org>

autoconf: fix tests for wbclient to use pkgconfig

Use the pkgconfig file that's included with wbclient to perform the test
for wbclient usability, and to set the correct CFLAGS and LDADD.

This is particularly necessary on recent Fedora with samba4 since it
puts the wbclient.h file in a different directory than before.

Also, remove a redundant test for wbclient.h from configure.ac.

Signed-off-by: Jeff Layton <jlayton@samba.org>

mount.cifs: don't allow unprivileged users to mount onto dirs to which they
can't chdir

If mount.cifs is installed as a setuid root program, then a user can
use it to gather information about files and directories to which he
does not have access.

One of the first things that mount.cifs does is to chdir() into the
mountpoint and then proceeds to perform the mount onto ".". A malicious
user could exploit this fact to determine information about directories
to which he does not have access. Specifically, whether the dentry in
question is a file or directory and whether it exists at all.

This patch fixes this by making the program switch the fsuid to the
real uid for unprivileged users when mounting.

Note that this is a behavior change. mount.cifs has in the past allowed
users to mount onto any directory as long as it's listed in /etc/fstab
as a user mount. With this change, the user must also be able to chdir
into the mountpoint without needing special privileges. Hopefully not
many people have such a pathological configuration.

This patch should fix CVE-2012-1586.

Reported-by: Jesus Olmos <jesus.olmos@blueliv.com>
Signed-off-by: Jeff Layton <jlayton@samba.org>

cifs.upcall: use krb5_sname_to_principal to construct principal name

Currently, we build the string by hand then then construct the
principal name with krb5_parse_name. That bypasses the domain_realm
section in krb5.conf however.

Switch the code to use krb5_sname_to_principal instead which is more
suited to this task. In order for that to work, we change a couple of
calling functions to pass down a hostname instead of a principal
name, and then pass in "cifs" as the service name.

Reported-and-Tested-by: Nirupama Karandikar <nkarandi@redhat.com>
Signed-off-by: Jeff Layton <jlayton@samba.org>

mount.cifs: add support for -s option

autofs generally calls mount helpers with '-s'. Handle that the same
way we do for NFS -- append ",sloppy" option to the mount options.

The kernel can look for that option to decide whether to ignore
unknown mount options, warn, or error out.

Signed-off-by: Jeff Layton <jlayton@samba.org>