Pavel Shilovsky [Mon, 12 Apr 2021 23:34:48 +0000 (16:34 -0700)]
cifs-utils: bump version to 6.13
Signed-off-by: Pavel Shilovsky <pshilov@microsoft.com>
Alastair Houghton [Tue, 29 Dec 2020 14:02:39 +0000 (14:02 +0000)]
cifs.upcall: try to use container ipc/uts/net/pid/mnt/user namespaces
In certain scenarios (e.g. kerberos multimount), when a process does
syscalls, the kernel sometimes has to query information or trigger
some actions in userspace. To do so it calls the cifs.upcall binary
with information on the process that triggered the syscall in the
first place.
ls(pid=10) ====> open("foo") ====> kernel
that user doesn't have an SMB
session, lets create one using his
kerberos credential cache
call cifs.upcall and ask for krb info
for whoever owns pid=10
|
cifs.upcall --pid 10 <=================+
...gather info...
return binary blob used
when establishing SMB session
===================> kernel
open SMB session, handle
open() syscall
ls <=================================== return open() result to ls
On a system using containers, the kernel is still calling the host
cifs.upcall and using the host configuration (for network, pid, etc).
This patch changes the behaviour of cifs.upcall so that it uses the
calling process namespaces (ls in the example) when doing its
job.
Note that the kernel still calls the binary in the host, but the
binary will place itself the contexts of the calling process
namespaces.
This code makes use of (but shouldn't require) the following kernel
config options and syscall flags:
approx. year |
introduced | config/flags
---------------+----------------
2008 | CONFIG_NAMESPACES=y
2007 | CONFIG_UTS_NS=y
2020 | CONFIG_TIME_NS=y
2006 | CONFIG_IPC_NS=y
2007 | CONFIG_USER_NS
2008 | CONFIG_PID_NS=y
2007 | CONFIG_NET_NS=y
2007 | CONFIG_CGROUPS
2016 | CLONE_NEWCGROUP setns() flag
Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Signed-off-by: Alastair Houghton <alastair@alastairs-place.net>
Pavel Shilovsky [Thu, 31 Dec 2020 18:26:10 +0000 (10:26 -0800)]
cifs-utils: bump version to 6.12
Signed-off-by: Pavel Shilovsky <pshilov@microsoft.com>
Pavel Shilovsky [Tue, 29 Dec 2020 20:00:33 +0000 (12:00 -0800)]
smbinfo: fix fsctl-getobjid output
Signed-off-by: Pavel Shilovsky <pshilov@microsoft.com>
Pavel Shilovsky [Tue, 29 Dec 2020 19:43:26 +0000 (11:43 -0800)]
smbinfo: fix list-snapshots output and installation
Signed-off-by: Pavel Shilovsky <pshilov@microsoft.com>
Alexander Koch [Wed, 16 Dec 2020 21:44:56 +0000 (22:44 +0100)]
cifs.upcall: drop bounding capabilities only if CAP_SETPCAP is given
Make drop_call_capabilities() in cifs.upcall update the bounding capabilities
only if CAP_SETCAP is present.
This is an addendum to the patch recently provided in [1]. Without this
additional change, cifs.upcall can still fail while trying to mount a CIFS
network share with krb5:
kernel: CIFS: Attempting to mount //server.domain.lan/myshare
cifs.upcall[39484]: key description: cifs.spnego;0;0;
39010000;ver=0x2;host=server.domain.lan>
cifs.upcall[39484]: ver=2
cifs.upcall[39484]: host=server.domain.lan
cifs.upcall[39484]: ip=172.22.3.14
cifs.upcall[39484]: sec=1
cifs.upcall[39484]: uid=1000
cifs.upcall[39484]: creduid=1000
cifs.upcall[39484]: user=username
cifs.upcall[39484]: pid=39481
cifs.upcall[39484]: get_cachename_from_process_env: pathname=/proc/39481/environ
cifs.upcall[39484]: get_cachename_from_process_env: cachename = FILE:/tmp/.krb5cc_1000
cifs.upcall[39484]: drop_all_capabilities: Unable to apply capability set: Success
cifs.upcall[39484]: Exit status 1
[1] https://marc.info/?l=linux-cifs&m=
160595758021261
Signed-off-by: Alexander Koch <mail@alexanderkoch.net>
Signed-off-by: Jonas Witschel <diabonas@archlinux.org>
Shyam Prasad N [Wed, 16 Sep 2020 07:18:44 +0000 (00:18 -0700)]
mount.cifs: use SUDO_UID env variable for cruid
In the current mount.cifs logic, when sudo is used for mount,
uid=0, so the mount command searches for cruid=0 unless explicitly
specified by the user. The user may already have cred cache populated
but mount.cifs would end up searching cred cache for uid=0.
mount.cifs can avoid this confusion by reading the cruid from SUDO_UID
environment variable. If it is set to non-zero, we can make cruid=$SUDO_UID.
However, to maintain backward compatibility, keeping this as a fallback option.
If mount fails with ENOKEY, then retry with this option.
To enable this fallback, I had to make a few minor changes in the flow.
Signed-off-by: Shyam Prasad N <sprasad@microsoft.com>
Reviewed-by: Aurelien Aptel <aaptel@suse.com>
Pavel Shilovsky [Wed, 9 Dec 2020 19:29:40 +0000 (11:29 -0800)]
mount.cifs: fix max buffer size when parsing snapshot option
Signed-off-by: Pavel Shilovsky <pshilov@microsoft.com>
Simon Arlott [Thu, 26 Nov 2020 00:28:08 +0000 (00:28 +0000)]
Add missing position handling to mount parameters gid/backup_gid/snapshot
The code tries to optimise for the last parameter not needing to update
the position which means that every time a new one is added to the end
by copying and pasting, the string position is not updated.
That makes it impossible to use backup_uid=/backup_gid=/snapshot= after
gid= or snapshot= after backup_gid= because part of the string is
overwritten and contains invalid keys like "gbackup_uid".
Prepare for the next parameter to be added on the end by updating the
position for snapshot= even though it will be unused.
Jonas Witschel [Sat, 21 Nov 2020 11:11:45 +0000 (12:11 +0100)]
cifs.upcall: update the cap bounding set only when CAP_SETPCAP is given
libcap-ng 0.8.1 tightened the error checking on capng_apply, returning an error
of -4 when trying to update the capability bounding set without having the
CAP_SETPCAP capability to be able to do so. Previous versions of libcap-ng
silently skipped updating the bounding set and only updated the normal
CAPNG_SELECT_CAPS capabilities instead.
Check beforehand whether we have CAP_SETPCAP, in which case we can use
CAPNG_SELECT_BOTH to update both the normal capabilities and the bounding set.
Otherwise, we can at least update the normal capabilities, but refrain from
trying to update the bounding set to avoid getting an error.
Signed-off-by: Jonas Witschel <diabonas@archlinux.org>
Jonas Witschel [Sat, 21 Nov 2020 11:11:44 +0000 (12:11 +0100)]
mount.cifs: update the cap bounding set only when CAP_SETPCAP is given
libcap-ng 0.8.1 tightened the error checking on capng_apply, returning an error
of -4 when trying to update the capability bounding set without having the
CAP_SETPCAP capability to be able to do so. Previous versions of libcap-ng
silently skipped updating the bounding set and only updated the normal
CAPNG_SELECT_CAPS capabilities instead.
Check beforehand whether we have CAP_SETPCAP, in which case we can use
CAPNG_SELECT_BOTH to update both the normal capabilities and the bounding set.
Otherwise, we can at least update the normal capabilities, but refrain from
trying to update the bounding set to avoid getting an error.
Signed-off-by: Jonas Witschel <diabonas@archlinux.org>
Boris Protopopov [Thu, 19 Nov 2020 21:40:42 +0000 (21:40 +0000)]
Extend cifs acl utilities to handle SACLs
Extend getcifsacl/setcifsacl utilities to handle System ACLs (SACLs)
in addition to Discretionary ACLs (DACLs). The SACL extensions depend
on CIFS client support for system.cifs_ntsd_full extended attribute.
Signed-off-by: Boris Protopopov <pboris@amazon.com>
Pavel Shilovsky [Mon, 9 Nov 2020 23:27:51 +0000 (15:27 -0800)]
getcifsacl: return error if input path doesn't exist
Signed-off-by: Pavel Shilovsky <pshilov@microsoft.com>
Rohith Surabattula [Fri, 6 Nov 2020 10:19:59 +0000 (10:19 +0000)]
Fix mount error when mount point has an extra trailing slash.
Martin Schwenke [Fri, 25 Sep 2020 01:16:39 +0000 (11:16 +1000)]
mount.cifs: ignore comment mount option
mount.cifs currently complains about the "comment" option:
CIFS: Unknown mount option "comment=foo"
mount(8) on Linux says:
The command mount does not pass the mount options unbindable,
runbindable, private, rprivate, slave, rslave, shared, rshared,
auto, noauto, comment, x-*, loop, offset and sizelimit to the
mount.<suffix> helpers.
So if mount.cifs decides to re-read /etc/fstab it should ignore the
comment option.
A lot of online posts say to use comment=x-gvfs-show as an option to
have a Linux file manager display a mountpoint for a user mountable
filesystem. While the "comment=" part is superfluous when combined
with an x-* option, the problem is still difficult to debug.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Aurelien Aptel <aaptel@suse.com>
Bjoern Jacke [Mon, 1 Jun 2020 17:23:51 +0000 (19:23 +0200)]
setcifsacl: fix quoting of backslash in man page
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Sergio Durigan Junior [Tue, 9 Jun 2020 18:00:44 +0000 (14:00 -0400)]
Separate binary names using comma in mount.cifs.rst
According to lexgrog(1), when a manpage refers to multiple programs
their names should be separated using a comma and a whitespace. This
helps silence a lintian warning when building cifs-utils on Debian.
Signed-off-by: Sergio Durigan Junior <sergio.durigan@canonical.com>
lizhe [Tue, 26 May 2020 03:54:11 +0000 (11:54 +0800)]
cifs-utils: fix probabilistic compiling error
When we compile cifs-utils, we may probabilistic
encounter install error like:
cd ***/sbin && ln -sf mount.cifs mount.smb3
***/sbin: No such file or directory
The reason of this problem is that if we compile
cifs-utils using multithreading, target
'install-sbinPROGRAMS' may be built after
target 'install-exec-hook' of the main Makefile.
Target 'install-sbinPROGRAMS' will copy the
executable file 'mount.cifs' to the $(ROOTSBINDIR),
which target 'install-exec-hook' will do the
'ln' command on.
This patch add the dependency of target
'install-exec-hook' to ensure the correct order
of the compiling.
Signed-off-by: lizhe <lizhe67@huawei.com>
Mikhail Novosyolov [Fri, 24 Jan 2020 22:12:31 +0000 (01:12 +0300)]
cifs-utils: Don't create symlinks for mans if mans are disabled
Mikhail Novosyolov [Fri, 24 Jan 2020 22:11:12 +0000 (01:11 +0300)]
cifs-utils: Respect DESTDIR when installing smb3 stuff
When make install is run during package building, DESTDIR parameter is passed, e.g.:
$ rpm --eval %makeinstall_std
make DESTDIR=/root/rpmbuild/BUILDROOT/%{name}-%{version}-%{release}-rosa2016.1.x86_64-buildroot install
Without DESTDIR build scripts tried to create symlinks outside of the build root:
make[3]: Entering directory '/tmp/abf/rpmbuild/BUILD/cifs-utils-6.10'
(cd /sbin && ln -sf mount.cifs mount.smb3)
ln: failed to create symbolic link 'mount.smb3': Permission denied
The same fix was introduced in Arch Linux package when updating from 6.9 to 6.10:
https://git.archlinux.org/svntogit/packages.git/commit/trunk/PKGBUILD?h=packages/cifs-utils&id=
c75b246a762ea9b90db404dfebc6d35d5b16972f
Pavel Shilovsky [Tue, 25 Feb 2020 19:15:06 +0000 (11:15 -0800)]
mount.cifs.rst: add nolease mount option
Signed-off-by: Pavel Shilovsky <pshilov@microsoft.com>
Boris Protopopov [Mon, 6 Jan 2020 16:31:19 +0000 (16:31 +0000)]
Add support for setting owner and group in ntsd
Extend setcifsacl utility to allow setting owner and group SIDs
in the security descriptor in addition to setting ACLs. This is
a user-friendly intefrace for setting owner and group SIDs that
takes advantage of the recent extensions in the CIFS kernel
client, and it complements setting raw values via setfattr.
Signed-off-by: Boris Protopopov <boris.v.protopopov@gmail.com>
Boris Protopopov [Mon, 6 Jan 2020 16:31:18 +0000 (16:31 +0000)]
Convert owner and group SID offsets to LE format
Convert owner and group SID offsets to LE format
when writing to ntsd
Signed-off-by: Boris Protopopov <boris.v.protopopov@gmail.com>
Ronnie Sahlberg [Fri, 20 Dec 2019 00:58:48 +0000 (10:58 +1000)]
smbinfo: remove invalid arguments to ioctl method
Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com>
Aurelien Aptel [Mon, 14 Oct 2019 17:07:38 +0000 (19:07 +0200)]
smbinfo: rewrite in python
Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Pavel Shilovsky [Thu, 3 Sep 2020 16:58:46 +0000 (09:58 -0700)]
cifs-utils: bump version to 6.11
Signed-off-by: Pavel Shilovsky <pshilov@microsoft.com>
Aurelien Aptel [Mon, 27 Jul 2020 08:34:44 +0000 (10:34 +0200)]
CVE-2020-14342: mount.cifs: fix shell command injection
A bug has been reported recently for the mount.cifs utility which is
part of the cifs-utils package. The tool has a shell injection issue
where one can embed shell commands via the username mount option. Those
commands will be run via popen() in the context of the user calling
mount.
The bug requires cifs-utils to be built with --with-systemd (enabled
by default if supported).
A quick test to check if the mount.cifs binary is vulnerable is to look
for popen() calls like so:
$ nm mount.cifs | grep popen
U popen@@GLIBC_2.2.5
If the user is allowed to run mount.cifs via sudo, he can obtain a root
shell.
sudo mount.cifs -o username='`sh`' //1 /mnt
If mount.cifs has the setuid bit, the command will still be run as the
calling user (no privilege escalation).
The bug was introduced in June 2012 with commit
4e264031d0da7d3f2
("mount.cifs: Use systemd's mechanism for getting password, if
present.").
Affected versions:
cifs-utils-5.6
cifs-utils-5.7
cifs-utils-5.8
cifs-utils-5.9
cifs-utils-6.0
cifs-utils-6.1
cifs-utils-6.2
cifs-utils-6.3
cifs-utils-6.4
cifs-utils-6.5
cifs-utils-6.6
cifs-utils-6.7
cifs-utils-6.8
cifs-utils-6.9
cifs-utils-6.10
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14442
Reported-by: Vadim Lebedev <vadim@mbdsys.com>
Signed-off-by: Paulo Alcantara (SUSE) <pc@cjr.nz>
Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Pavel Shilovsky [Mon, 16 Dec 2019 23:34:56 +0000 (15:34 -0800)]
cifs-utils: bump version to 6.10
Signed-off-by: Pavel Shilovsky <pshilov@microsoft.com>
Pavel Shilovsky [Mon, 16 Dec 2019 23:20:28 +0000 (15:20 -0800)]
Rename secdesc-ui.py to smb2-secdesc
Pavel Shilovsky [Sat, 14 Dec 2019 00:52:53 +0000 (16:52 -0800)]
Properly install mount.smb3 helper files
Signed-off-by: Kenneth D'souza <kdsouza@redhat.com>
Signed-off-by: Pavel Shilovsky <pshilov@microsoft.com>
Ronnie Sahlberg [Fri, 13 Dec 2019 00:30:00 +0000 (10:30 +1000)]
Install smb2-quota and its manpage
Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com>
Kenneth D'souza [Thu, 21 Nov 2019 15:10:56 +0000 (20:40 +0530)]
smb2-quota: Simplify code logic for quota entries.
This patch changes the program name from smb2quota to
smb2-quota and uses a simple code logic for quota entries.
Signed-off-by: Kenneth D'souza <kdsouza@redhat.com>
Signed-off-by: Ronnie Sahlberg <lsahlberg@redhat.com>
Kenneth D'souza [Thu, 14 Nov 2019 17:55:51 +0000 (23:25 +0530)]
Add program name to error output instead of static mount.cifs
As we are supporting mount.smb3 to be invoked, the error output
should contain the called program and not mount.cifs
Signed-off-by: Kenneth D'souza <kdsouza@redhat.com>
Kenneth D'souza [Wed, 13 Nov 2019 17:01:26 +0000 (22:31 +0530)]
Add support for smb3 alias/fstype in mount.cifs.c
As we will slowly move towards smb3 filesystem,
supporting through "mount -t smb3" is important.
Signed-off-by: Kenneth D'souza <kdsouza@redhat.com>
Aurelien Aptel [Mon, 14 Oct 2019 17:06:25 +0000 (19:06 +0200)]
smbinfo.rst: document new `keys` command
Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Kenneth D'souza [Wed, 9 Oct 2019 06:01:51 +0000 (11:31 +0530)]
mount.cifs.rst: remove prefixpath mount option.
This option is deprecated and currently ignored since
kernel v3.10
Signed-off-by: Kenneth D'souza <kdsouza@redhat.com>
Reviewed-by: Aurelien Aptel <aaptel@suse.com>
Kenneth D'souza [Tue, 24 Sep 2019 05:01:39 +0000 (10:31 +0530)]
smb2quota.rst: Add man page for smb2quota.py
Signed-off-by: Kenneth D'souza <kdsouza@redhat.com>
Kenneth D'souza [Tue, 24 Sep 2019 04:56:11 +0000 (10:26 +0530)]
smb2quota.py: Userspace helper to display quota information
Signed-off-by: Kenneth D'souza <kdsouza@redhat.com>
Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com>
Signed-off-by: Pavel Shilovsky <pshilov@microsoft.com>
Pavel Shilovsky [Fri, 4 Oct 2019 00:29:00 +0000 (17:29 -0700)]
smbinfo: add bash completion support for setcompression
Signed-off-by: Pavel Shilovsky <pshilov@microsoft.com>
Ronnie Sahlberg [Thu, 3 Oct 2019 23:29:02 +0000 (09:29 +1000)]
smbinfo: Add SETCOMPRESSION support
Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com>
Steve French [Thu, 19 Sep 2019 09:21:16 +0000 (04:21 -0500)]
smbinfo: print the security information needed to decrypt wireshark trace
CCM encryption
Session Id: e2 3e ea ae 00 00 00 00
Session Key: 65 7e 0e d5 3c 06 5a 06 50 a3 ef 96 c1 64 3d 1f
Server Encryption Key: 5e 42 a7 b5 57 75 d6 56 4a 5d 33 97 e6 45 07 76
Server Decryption Key: 1f 64 db a3 0f 24 e3 4d b6 31 00 ab 9a af 22 47
Signed-off-by: Steve French <stfrench@microsoft.com>
Paulo Alcantara (SUSE) [Thu, 19 Sep 2019 12:12:26 +0000 (09:12 -0300)]
mount.cifs: Fix invalid free
When attemping to chdir into non-existing directories, mount.cifs
crashes.
This patch fixes the following ASAN report:
$ ./mount.cifs //localhost/foo /mnt/invalid-dir -o ...
/mnt/bar -o username=foo,password=foo,vers=1.0
Couldn't chdir to /mnt/bar: No such file or directory
=================================================================
==11846==ERROR: AddressSanitizer: attempting free on address which was
not malloc()-ed: 0x7ffd86332e97 in thread T0
#0 0x7f0860ca01e7 in
__interceptor_free (/usr/lib64/libasan.so.5+0x10a1e7)
#1 0x557edece9ccb in
acquire_mountpoint (/home/paulo/src/cifs-utils/mount.cifs+0xeccb)
#2 0x557edecea63d in
main (/home/paulo/src/cifs-utils/mount.cifs+0xf63d)
#3 0x7f08609f0bca in __libc_start_main (/lib64/libc.so.6+0x26bca)
#4 0x557edece27d9 in
_start (/home/paulo/src/cifs-utils/mount.cifs+0x77d9)
Address 0x7ffd86332e97 is located in stack of thread T0 at offset 8951
in frame
#0 0x557edece9ce0 in
main (/home/paulo/src/cifs-utils/mount.cifs+0xece0)
This frame has 2 object(s):
[48, 52) 'rc' (line 1959)
[64, 72) 'mountpoint' (line 1955) <== Memory access at offset 8951
overflows this variable
HINT: this may be a false positive if your program uses some custom
stack unwind mechanism, swapcontext or vfork
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: bad-free (/usr/lib64/libasan.so.5+0x10a1e7)
in __interceptor_free
==11846==ABORTING
Fixes: bf7f48f4c7dc ("mount.cifs.c: fix memory leaks in main func")
Signed-off-by: Paulo Alcantara (SUSE) <pc@cjr.nz>
Reviewed-by: David Mulder <dmulder@suse.com>
Paulo Alcantara (SUSE) [Thu, 5 Sep 2019 18:49:35 +0000 (15:49 -0300)]
mount.cifs: Fix double-free issue when mounting with setuid root
It can be easily reproduced with the following:
# chmod +s `which mount.cifs`
# echo "//localhost/share /mnt cifs \
users,username=foo,password=XXXX" >> /etc/fstab
# su - foo
$ mount /mnt
free(): double free detected in tcache 2
Child process terminated abnormally.
The problem was that check_fstab() already freed orgoptions pointer
and then we freed it again in main() function.
Fixes: bf7f48f4c7dc ("mount.cifs.c: fix memory leaks in main func")
Signed-off-by: Paulo Alcantara (SUSE) <paulo@paulo.ac>
Reviewed-by: Aurelien Aptel <aaptel@suse.com>
misku [Wed, 31 Jul 2019 11:12:24 +0000 (13:12 +0200)]
Zero fill the allocated memory for new `struct cifs_ntsd`
Fixes a bug where `sacloffset` may not be set at all later on and therefore it
can contain the original memory contents == trash.
misku [Wed, 31 Jul 2019 11:11:18 +0000 (13:11 +0200)]
Zero fill the allocated memory for a new ACE
Fixes a bug inside a call to `verify_ace_flag`. When a flag string (char*)
passed as a first parameter is "0x0", the final flag value (the second
parameter - the value of a pointer to uint8_t) is not modified at all
and contains the original memory contents == trash.
Jiawen Liu [Tue, 6 Aug 2019 02:35:29 +0000 (10:35 +0800)]
mount.cifs.c: fix memory leaks in main func
In mount.cifs module, orgoptions and mountpoint in the main func
point to the memory allocated by func realpath and strndup respectively.
However, they are not freed before the main func returns so that the
memory leaks occurred.
The memory leak problem is reported by LeakSanitizer tool.
LeakSanitizer url: "https://github.com/google/sanitizers"
Here I free the pointers orgoptions and mountpoint before main
func returns.
Fixes:
7549ad5e7126 ("memory leaks: caused by func realpath and strndup")
Signed-off-by: Jiawen Liu <liujiawen10@huawei.com>
Reported-by: Jin Du <dujin1@huawei.com>
Reviewed-by: Saisai Zhang <zhangsaisai@huawei.com>
Reviewed-by: Aurélien Aptel <aaptel@suse.com>
Pavel Shilovsky [Tue, 7 May 2019 22:52:30 +0000 (15:52 -0700)]
smbinfo: add bash completion support for getcompression
Signed-off-by: Pavel Shilovsky <pshilov@microsoft.com>
Kenneth D'souza [Mon, 22 Apr 2019 05:53:41 +0000 (11:23 +0530)]
getcifsacl: Add support for -R(recursive) option.
Add support for -R option so we can list the ACLs of all files and
directories recursively.
Signed-off-by: Kenneth D'souza <kdsouza@redhat.com>
Ronnie Sahlberg [Thu, 11 Apr 2019 02:23:06 +0000 (12:23 +1000)]
smbinfo: add GETCOMPRESSION support
Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com>
Pavel Shilovsky [Thu, 18 Apr 2019 19:32:02 +0000 (12:32 -0700)]
getcifsacl: Fix usage message to include multiple files
Signed-off-by: Pavel Shilovsky <pshilov@microsoft.com>
Kenneth D'souza [Wed, 17 Apr 2019 11:27:05 +0000 (16:57 +0530)]
smbinfo: Add bash completion support for smbinfo.
This help us better populate options using <tab> <tab>.
Signed-off-by: Kenneth D'souza <kdsouza@redhat.com>
Signed-off-by: Pavel Shilovsky <pshilov@microsoft.com>
Kenneth D'souza [Wed, 17 Apr 2019 17:19:09 +0000 (22:49 +0530)]
getcifsacl: Add support to accept more paths
Accept more than one path on the getcifsacl command line.
Signed-off-by: Kenneth D'souza <kdsouza@redhat.com>
Kenneth D'souza [Wed, 17 Apr 2019 10:06:46 +0000 (15:36 +0530)]
smbinfo: Improve help usage and add -h option.
Call usage only for -h case. This avoids cluttering the screen with long
help output.
As we are adding more options to the utility, the end error is just hidden.
Call short_usage wherever necessary.
Signed-off-by: Kenneth D'souza <kdsouza@redhat.com>
Ronnie Sahlberg [Tue, 9 Apr 2019 02:39:29 +0000 (12:39 +1000)]
secdesc-ui.py: a UI to view the security descriptors on SMB2+ shares
Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com>
Pavel Shilovsky [Tue, 9 Apr 2019 00:21:17 +0000 (17:21 -0700)]
Update authors list
Signed-off-by: Pavel Shilovsky <pshilov@microsoft.com>
Pavel Shilovsky [Fri, 5 Apr 2019 17:03:41 +0000 (10:03 -0700)]
cifs-utils: bump version to 6.9
Signed-off-by: Pavel Shilovsky <pshilov@microsoft.com>
Pavel Shilovsky [Fri, 5 Apr 2019 17:01:48 +0000 (10:01 -0700)]
smbinfo: use constant for input buffer length
Signed-off-by: Pavel Shilovsky <pshilov@microsoft.com>
Pavel Shilovsky [Fri, 5 Apr 2019 16:40:29 +0000 (09:40 -0700)]
Fix authors and maintainers
Signed-off-by: Pavel Shilovsky <pshilov@microsoft.com>
Pavel Shilovsky [Thu, 4 Apr 2019 16:25:30 +0000 (16:25 +0000)]
mount.cifs.rst: mention kernel version for snapshots
Signed-off-by: Pavel Shilovsky <pshilov@microsoft.com>
Reviewed-by: Paulo Alcantara <palcantara@suse.de>
Steve French [Thu, 4 Apr 2019 04:46:34 +0000 (23:46 -0500)]
Update man page for mount.cifs to add new options
Add description of "snapshot" and "handletimeout" mount
options and a security section noting that the use of
cifs is discouraged, and various minor updates.
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Pavel Shilovsky <pshilov@microsoft.com>
Reviewed-by: Paulo Alcantara <palcantara@suse.de>
Pavel Shilovsky [Wed, 3 Apr 2019 22:42:10 +0000 (22:42 +0000)]
mount.cifs: detect GMT format of snapshot version
In order to provide an easy way to access snapshots a GMT
token string should be allowed as a "snapshot" mount option
argument, not SMB 100-nanoseconds time only. Detect if the
argument is in GMT format and convert it to SMB 100-nanoseconds
time before passing to the kernel.
Signed-off-by: Pavel Shilovsky <pshilov@microsoft.com>
Reviewed-by: Paulo Alcantara <palcantara@suse.de>
Pavel Shilovsky [Wed, 3 Apr 2019 19:24:33 +0000 (12:24 -0700)]
mount.cifs: add more options to help message
Signed-off-by: Pavel Shilovsky <pshilov@microsoft.com>
Reviewed-by: Paulo Alcantara <palcantara@suse.de>
Steve French [Wed, 3 Apr 2019 02:18:27 +0000 (21:18 -0500)]
mount.cifs Add various missing parms from the help text
When you type mount.cifs --help there were more than 40 mount parms
missing. Add 12 of the more common ones to what is displayed by help.
Signed-off-by: Steve French <stfrench@microsoft.com>
Reviewed-by: Paulo Alcantara <palcantara@suse.de>
Pavel Shilovsky [Tue, 2 Apr 2019 18:40:40 +0000 (11:40 -0700)]
smbinfo: make argument order consistent
Signed-off-by: Pavel Shilovsky <pshilov@microsoft.com>
Reviewed-by: Paulo Alcantara <palcantara@suse.de>
Steve French [Fri, 29 Mar 2019 08:05:55 +0000 (03:05 -0500)]
smbinfo: Add ability to query snapshots (previous versions)
"smbinfo list-snapshots"
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Pavel Shilovsky <pshilov@microsoft.com>
Reviewed-by: Paulo Alcantara <palcantara@suse.de>
Steve French [Sat, 16 Mar 2019 20:42:40 +0000 (15:42 -0500)]
smbinfo: missing help for fsctl-getobjid
Add usage description for new option fsctl-getobjid
See section 2.1.3.1 of MS-FSCC
Signed-off-by: Steve French <stfrench@microsoft.com>
Pavel Shilovsky [Sat, 16 Mar 2019 19:34:13 +0000 (12:34 -0700)]
cifs.upcall: fix a compiler warning
Signed-off-by: Pavel Shilovsky <pshilov@microsoft.com>
Ronnie Sahlberg [Fri, 15 Mar 2019 06:22:15 +0000 (16:22 +1000)]
smbinfo: add fsctl-getobjid support
This will print the ObjectID buffer for the object.
This is an example on how to fetch FSCTL data for an object using
the passthrough API.
Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com>
Pavel Shilovsky [Sat, 9 Mar 2019 00:28:45 +0000 (16:28 -0800)]
smbinfo: fix code style
Signed-off-by: Pavel Shilovsky <pshilov@microsoft.com>
Steve French [Sat, 2 Mar 2019 05:11:25 +0000 (23:11 -0600)]
setcifsacl: fix adding ACE when owner sid in unexpected location
If owner information is after the ACEs instead of before (e.g. Azure servers) in the ACL query
then we would get "invalid argument" returned on setcifsacl -a (adding an ACE).
This fixes that.
Signed-off-by: Steve French <stfrench@microsoft.com>
Ronnie Sahlberg [Fri, 1 Mar 2019 02:05:58 +0000 (12:05 +1000)]
smbinfo: decode the ACEs
Decode the most common ACE types and provide a [-V]erbose option
to show the individual mask bits by name.
Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com>
Kenneth D'souza [Thu, 21 Feb 2019 05:09:25 +0000 (10:39 +0530)]
getcifsacl: Improve help usage and add -h option.
Call getcifsacl_usage only for -h and default case.
For others error out with appropriate message.
Signed-off-by: Kenneth D'souza <kdsouza@redhat.com>
Kenneth D'souza [Tue, 19 Feb 2019 01:43:43 +0000 (07:13 +0530)]
getcifsacl: Do not go to parse_sec_desc if getxattr fails.
Add more to the error message by printing the filename and error.
Signed-off-by: Kenneth D'souza <kdsouza@redhat.com>
Reviewed-by: Steve French <stfrench@microsoft.com>
Pavel Shilovsky [Fri, 15 Feb 2019 20:03:44 +0000 (12:03 -0800)]
mount.cifs.rst: update vers=3.1.1 option description
Signed-off-by: Pavel Shilovsky <pshilov@microsoft.com>
Kenneth D'souza [Fri, 15 Feb 2019 02:22:48 +0000 (07:52 +0530)]
Update mount.cifs with vers=default mount option and SMBv3.0.2
Add vers=3.0.2 as a valid option for SMBv3.0.2 and explain behavior
of vers=default.
Signed-off-by: Kenneth D'souza <kdsouza@redhat.com>
Hank Leininger [Tue, 12 Feb 2019 01:42:51 +0000 (18:42 -0700)]
Added rst2man.py to the search list.
Gentoo Linux and (historically?) OSX install with the .py suffix.
Signed-off-by: Hank Leininger <hlein@korelogic.com>
Aurelien Aptel [Thu, 14 Feb 2019 11:15:44 +0000 (12:15 +0100)]
mount.cifs: be more verbose and helpful regarding mount errors
Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Paulo Alcantara [Wed, 13 Feb 2019 18:09:41 +0000 (16:09 -0200)]
cifs: Allow DNS resolver key to expire
This patch introduces a new '--expire' option that allows the user to
set a timeout value for the dns resolver key -- which is typically
useful for hostnames that may get their ip addresses changed under
long running mounts.
The default timeout value is set to 10 minutes.
Signed-off-by: Paulo Alcantara <palcantara@suse.de>
Ronnie Sahlberg [Wed, 13 Feb 2019 05:47:37 +0000 (15:47 +1000)]
smbinfo: add FileFsFullSizeInformation
Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com>
Ronnie Sahlberg [Wed, 13 Feb 2019 05:47:36 +0000 (15:47 +1000)]
smbinfo: Update the usage text with the new infolevels
Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com>
Steve French [Tue, 29 Jan 2019 13:03:01 +0000 (07:03 -0600)]
smbinfo: update help text
Add description for fileallinfo query option.
Note that there are eight other recently added query options, but they
are mostly a subset a "fileallinfo" so could be of little value
(and may even be very confusing if we documented all nine in the
help text in smbinfo, instead of just this one). The man page
has a full description of them.
Signed-off-by: Steve French <stfrench@microsoft.com>
Ronnie Sahlberg [Tue, 29 Jan 2019 06:53:57 +0000 (16:53 +1000)]
smbinfo: Add more File*Information classes
Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com>
Aurelien Aptel [Thu, 24 Jan 2019 17:13:56 +0000 (18:13 +0100)]
smbinfo.rst: document kernel version
Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Ronnie Sahlberg [Wed, 3 Oct 2018 00:42:03 +0000 (10:42 +1000)]
smbinfo: add a utility to display smb specific information about objects
For example
smbinfo secdesc <file> will print the security descriptor
smbinfo quota <file> will print the quotas for the volume
Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com>
Pavel Shilovsky [Fri, 17 Aug 2018 18:13:45 +0000 (11:13 -0700)]
mount.cifs.rst: document vers=3.02 mount option
Signed-off-by: Pavel Shilovsky <pshilov@microsoft.com>
Pavel Shilovsky [Fri, 17 Aug 2018 18:08:58 +0000 (11:08 -0700)]
mount.cifs.rst: document vers=3 mount option
Signed-off-by: Pavel Shilovsky <pshilov@microsoft.com>
Aurelien Aptel [Wed, 8 Aug 2018 09:38:16 +0000 (11:38 +0200)]
mount.cifs.rst: more cleanups
* remove duplicates (netbiosname, rdma)
* remove snapshot
* document nostrictsync, domain, domainauto better
* point to vers= when talking about version requirements
* typos
Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Aurelien Aptel [Wed, 8 Aug 2018 09:38:15 +0000 (11:38 +0200)]
checkopts: report duplicated options in man page
Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Alexander Bokovoy [Tue, 17 Jul 2018 10:12:44 +0000 (13:12 +0300)]
cifs-utils: support rst2man-3
Python3 version of rst2man is called rst2man-3
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Aurelien Aptel <aaptel@suse.com>
Aurélien Aptel [Tue, 10 Jul 2018 15:50:43 +0000 (17:50 +0200)]
mount.cifs.rst: document missing options, correct wrong ones
Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Aurélien Aptel [Tue, 10 Jul 2018 15:50:42 +0000 (17:50 +0200)]
checkopts: add python script to cross check mount options
Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Kenneth Dsouza [Fri, 13 Jul 2018 18:19:59 +0000 (23:49 +0530)]
manpage: update mount.cifs manpage with info about rdma option
Signed-off-by: Kenneth Dsouza <kdsouza@redhat.com>
Aurelien Aptel [Tue, 15 May 2018 08:40:48 +0000 (10:40 +0200)]
mount.cifs.rst: document new (no)handlecache mount option
Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Reviewed-by: Steve French <smfrench@gmail.com>
Reviewed-by: Pavel Shilovsky <piastryyy@gmail.com>
Aurelien Aptel [Tue, 15 May 2018 08:12:32 +0000 (10:12 +0200)]
docs: cleanup rst formating
Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Reviewed-by: Steve French <smfrench@gmail.com>
Reviewed-by: Pavel Shilovsky <piastryyy@gmail.com>
Pavel Shilovsky [Fri, 9 Mar 2018 18:56:57 +0000 (10:56 -0800)]
cifs-utils: bump version to 6.8
Signed-off-by: Pavel Shilovsky <pshilov@microsoft.com>
Kenneth Dsouza [Mon, 29 Jan 2018 16:46:08 +0000 (22:16 +0530)]
update mount.cifs manpage with info about echo_interval option.
Adds information regarding reconnection time.
Acked-by: Sachin Prabhu <sprabhu@redhat.com>
Signed-off-by: Kenneth D'souza <kdsouza@redhat.com>
Ronnie Sahlberg [Tue, 23 Jan 2018 00:48:01 +0000 (11:48 +1100)]
cifscreds: check optind before accessing argv[optind]
Redhat bugzilla:
1278543
This fixes a segfault for some incorrect usage, for example
cifscreds -u test
Reviewed-by: Steve French <smfrench@gmail.com>
Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com>
Zhang Xianwei [Fri, 8 Dec 2017 07:11:45 +0000 (15:11 +0800)]
manpage: update mount.cifs manpage with info about incomplete options
This commit
a1f3acd40b265f134a97a739a6898b3958d206b9 modified mount
parameters, but not updated mount.cifs manpage. Fix it.
Signed-off-by: Zhang Xianwei <zhang.xianwei8@zte.com.cn>
Jeff Layton [Sun, 29 Oct 2017 10:51:50 +0000 (06:51 -0400)]
manpage: update mount.cifs manpage with info about default version being mounted
Reviewed-by: Pavel Shilovsky <pshilov@microsoft.com>
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Mon, 23 Oct 2017 17:46:33 +0000 (13:46 -0400)]
doc: convert pod files to rst
Aurelien did a big conversion of raw troff files into .pod docs in a
recent patch. That worked out pretty well, but I have some reservations
about using POD as a canonical format.
While it does make it pretty simple to write manpages, it's sort of an
obscure format, and is heavily associated with perl. Meanwhile, the
kernel is slowly moving to using ReStructured Text as its documentation
format. Given the simplicity of the cifs-utils manpages, I think we're
better suited to using rst as a canonical format, rather than pod.
This patch converts all of the .pod files in the code to .rst files,
and fixes the Makefile and autoconf to use the correct tools to turn
those into manpages.
The conversion was done with the pod2rst script, with some by-hand
modifications at the end to clean up the formatting and add the manual
section numbers. It's not perfect and could probably use a second pass
to clean up the warts in the formatting, but the content is all intact
and it should be readable.
Finally, convert the makefile rules to use standard SUFFIX rules
instead of the non-portable GNU make % style extension rules. We don't
really expect anyone to use anything other than GNU make here, but
this silences an automake warning.
Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Signed-off-by: Jeff Layton <jlayton@samba.org>