Jeff Layton [Fri, 4 Mar 2011 19:54:18 +0000 (14:54 -0500)]
autoconf: bump release to 4.9
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Tue, 15 Feb 2011 18:30:47 +0000 (13:30 -0500)]
mount.cifs: fix handling of scopeid in resolve_host
We get a pointer to the end of the address string (ipaddr), but the call
snprintf and pass in tmpbuf which is a pointer to the beginning of the
address string. If someone passes in an address with a scopeid then we
end up overwriting the entire address string.
Reported-by: Björn JACKE <bj@sernet.de>
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Tue, 8 Feb 2011 20:33:09 +0000 (15:33 -0500)]
mount.cifs: reacquire CAP_DAC_READ_SEARCH before calling mount(2)
It's possible that the user is trying to mount onto a directory to which
he doesn't have execute perms. If that's the case then the mount will
currently fail. Fix this by reenabling CAP_DAC_READ_SEARCH before
calling mount(2). That will ensure that the kernel's permissions check
for this is bypassed.
Reported-by: Erik Logtenberg <erik@logtenberg.eu>
Signed-off-by: Jeff Layton <jlayton@samba.org>
Reviewed-by: Steve French <sfrench@us.ibm.com>
Jeff Layton [Tue, 1 Feb 2011 19:24:30 +0000 (14:24 -0500)]
mount.cifs: fix possible use of uninitialized variable
It's possible to "goto return_i" in this function at several points
before line_buf is set. At that point, the NULL pointer check won't
work correctly and we can end up with a SIGSEGV.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Mon, 31 Jan 2011 20:04:35 +0000 (15:04 -0500)]
mount.cifs: don't try to alter mtab if it's a symlink
Some distros replace /etc/mtab with a symlink to /proc/mounts. In that
situation, mount.cifs will hang for a while trying to lock the mtab.
/bin/mount checks to see if the mtab is a symlink. If it is or if a
stat() call on it fails, it doesn't try to to update the mtab. Have
mount.cifs do the same.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Mon, 31 Jan 2011 16:54:44 +0000 (11:54 -0500)]
autoconf: bump release to 4.8.2 for interim builds
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Thu, 20 Jan 2011 02:04:14 +0000 (21:04 -0500)]
autoconf: bump release to 4.8.1
The 4.8 release had mis-generated autoconf files (they didn't include
the libcap-ng autoconf goop). 4.8.1 will have that fixed.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Sun, 16 Jan 2011 01:24:58 +0000 (20:24 -0500)]
autoconf: bump release to 4.8
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Fri, 14 Jan 2011 20:37:34 +0000 (15:37 -0500)]
manpage: fix the SEE ALSO section
It references umount.cifs(8) which is no longer shipped as part of
cifs-utils. Replace it with a reference to cifs.upcall(8) instead.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Fri, 14 Jan 2011 20:37:14 +0000 (15:37 -0500)]
mount.cifs: add cruid= mount option
Allow admins to pass in a username for the cruid= mount option.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Reviewed-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
Jeff Layton [Fri, 14 Jan 2011 20:37:01 +0000 (15:37 -0500)]
mount.cifs: clean up handling of uid= and gid=
The handling of these options is quite convoluted. Change it so that
these options are stored as numbers and then appended to the option
strings.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Reviewed-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
Jeff Layton [Fri, 14 Jan 2011 20:32:07 +0000 (15:32 -0500)]
cifs.upcall: add keytab support for unattended mounts
Based on a patch from a few years ago by Igor Mammedov. This patch
adds the ability for cifs.upcall to establish a TGT using the
system-default keytab.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Acked-by: Igor Mammedov <niallain@gmail.com>
Jeff Layton [Fri, 14 Jan 2011 20:31:56 +0000 (15:31 -0500)]
cifs.upcall: debug logging for the key description parser
Signed-off-by: Jeff Layton <jlayton@samba.org>
Acked-by: Igor Mammedov <niallain@gmail.com>
Jeff Layton [Fri, 14 Jan 2011 20:31:50 +0000 (15:31 -0500)]
cifs.upcall: save off username field from key description
Signed-off-by: Jeff Layton <jlayton@samba.org>
Acked-by: Igor Mammedov <niallain@gmail.com>
Jeff Layton [Fri, 14 Jan 2011 20:31:44 +0000 (15:31 -0500)]
cifs.upcall: clean up key description decoding routine
...and switch the code to using strndup. Check for allocation errors as
well, and fix some off-by-one bugs in the ones that decode strings.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Acked-by: Igor Mammedov <niallain@gmail.com>
Jeff Layton [Fri, 7 Jan 2011 03:57:08 +0000 (22:57 -0500)]
cifs.upcall: consolidate find_krb5_cc calls
Signed-off-by: Jeff Layton <jlayton@samba.org>
Acked-by: Igor Mammedov <niallain@gmail.com>
Jeff Layton [Wed, 5 Jan 2011 15:52:19 +0000 (10:52 -0500)]
cifs.upcall: fix crash when trying to free uninitialized var
If cifs.upcall is passed an invalid argument then it will "goto out".
The decoded_args struct however is uninitialized at that point so it
will usually segfault when trying to free fields in it. Move the
initialization up in the function.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Wed, 5 Jan 2011 15:52:19 +0000 (10:52 -0500)]
cifs.upcall: add 'l' to getopt_long string
Reported-by: Stefan Walter <walteste@inf.ethz.ch>
Signed-off-by: Jeff Layton <jlayton@samba.org>
Reviewed-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
Pavel Shilovsky [Wed, 5 Jan 2011 12:23:37 +0000 (07:23 -0500)]
manpage: change port option description
Provide changes according to new ip/port connection logic in CIFS.
Signed-off-by: Pavel Shilovsky <piastryyy@gmail.com>
Stefan Metzmacher [Tue, 28 Dec 2010 19:21:34 +0000 (14:21 -0500)]
cifs.upcall: use krb5_auth_con_set_req_cksumtype() and pass a GSSAPI checksum (bug #7890)
Some closed source SMB servers doesn't support all checksum types,
so we should try to match windows clients.
This is almost the same logic which is used by Samba.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Tue, 28 Dec 2010 19:21:31 +0000 (14:21 -0500)]
cifs.upcall: use krb5_auth_con_init() to create an explicit auth_context
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Tue, 28 Dec 2010 19:21:26 +0000 (14:21 -0500)]
cifs.upcall: fix memory and call krb5_auth_con_free()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Jeff Layton [Tue, 14 Dec 2010 17:05:04 +0000 (12:05 -0500)]
cifs-utils: fixes for manpage pathname replacement scheme
Fix up some small problems with pathname replacement:
1) replace the bare 'sed' with $(SED)
2) '\@' is apparently not portable, so we need to use a different scheme
in case we end up using a non-typical sed binary.
3) do the sed conversion to a new file and then move it into place. If
sed falls down halfway through the conversion we could end up with
a half-baked manpage.
4) use the $@ construct for brevity and maintainability
5) add a comment so that the rationale behind this is explained
Many thanks to several folks inside Red Hat who pointed out these
issues.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Thu, 9 Dec 2010 14:37:52 +0000 (09:37 -0500)]
cifs-utils: rewrite hardcoded paths in manpages
Currently the manpages (particularly cifs.upcall.8) have hardcoded
paths in them that need to be manually adjusted. Replace those
paths with @sbindir@ and add a makefile target that will use sed
to replace those paths with the ones set by autoconf.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Suresh Jayaraman [Thu, 9 Dec 2010 14:37:52 +0000 (09:37 -0500)]
mount.cifs: manpage: add entry for "actimeo" option
Signed-off-by: Suresh Jayaraman <sjayaraman@suse.de>
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Thu, 9 Dec 2010 14:30:03 +0000 (09:30 -0500)]
cifs-utils: bump version number to 4.7.1 for interim builds
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Tue, 19 Oct 2010 18:59:49 +0000 (14:59 -0400)]
autoconf: bump release to 4.7
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Fri, 8 Oct 2010 19:11:58 +0000 (15:11 -0400)]
manpage: add mount.cifs manpage entry for "multiuser" option
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Fri, 8 Oct 2010 19:11:57 +0000 (15:11 -0400)]
mount.cifs: reinstate ip= as an override for address resolution
The manpage says:
ip=arg
sets the destination IP address. This option is set automatically
if the server name portion of the requested UNC name can be
resolved so rarely needs to be specified by the user.
...but recent changes have made it not work anymore as an override if
someone specifies an ip= option as part of the mount options. Reinstate
that behavior by copying the ip= option verbatim into the addrlist of
the parsed options struct and then skipping the name resolution. That
should allow the ip= option to pass unadulterated to the kernel.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Björn Jacke [Tue, 24 Aug 2010 17:30:05 +0000 (13:30 -0400)]
mount.cifs: use monotonic time for timeouts
this is especially important during the boot process, where the clock is often
being set initially and clock jumps are more common.
Björn Jacke [Tue, 24 Aug 2010 17:29:59 +0000 (13:29 -0400)]
autoconf: add checks for clock_gettime
Igor Druzhinin [Fri, 20 Aug 2010 18:53:38 +0000 (14:53 -0400)]
cifs-utils: infrastructure for stashing passwords in keyring
It is a userspace part of a new infrastructure for stashing passwords
in kernel keyring per user basis. The patch adds the "cifscreds"
utility for management keys with credentials. Assembling of the utility
from the distribution is possible with --enable-cifscreds=yes option of
configure script.
Signed-off-by: Igor Druzhinin <jaxbrigs@gmail.com>
Igor Druzhinin [Fri, 20 Aug 2010 18:53:05 +0000 (14:53 -0400)]
cifs-utils: moving resolve_host into separate file
The resolve_host routine from mount.cifs is carried out in
separate file and appropriate corrections are made.
Signed-off-by: Igor Druzhinin <jaxbrigs@gmail.com>
Suresh Jayaraman [Wed, 4 Aug 2010 11:55:54 +0000 (07:55 -0400)]
mount.cifs: remove redundant error assignment
Avoid setting error code twice by moving error handling out of add_mtab_exit
block. We already set error code and report error in other places.
Signed-off-by: Suresh Jayaraman <sjayaraman@suse.de>
Jeff Layton [Wed, 4 Aug 2010 10:35:24 +0000 (06:35 -0400)]
autoconf: bump version number to 4.6.1 for non-release builds
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Fri, 30 Jul 2010 12:17:01 +0000 (08:17 -0400)]
autoconf: bump version to 4.6
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Tue, 27 Jul 2010 19:24:04 +0000 (15:24 -0400)]
data_blob: change for loop indices to a unsigned int
To silence these warnings:
data_blob.c: In function ‘data_blob_hex_string_lower’:
data_blob.c:155:16: warning: comparison between signed and unsigned integer
expressions
data_blob.c: In function ‘data_blob_hex_string_upper’:
data_blob.c:172:16: warning: comparison between signed and unsigned integer
expressions
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Tue, 27 Jul 2010 19:20:44 +0000 (15:20 -0400)]
cifs.upcall: swap c99 initializers for memset calls
gcc says:
cifs.upcall.c: In function ‘cifs_krb5_get_req’:
cifs.upcall.c:261:2: warning: missing initializer
cifs.upcall.c:261:2: warning: (near initialization for ‘in_creds.client’)
cifs.upcall.c: In function ‘main’:
cifs.upcall.c:622:9: warning: missing initializer
cifs.upcall.c:622:9: warning: (near initialization for ‘arg.ver’)
...this is probably just gcc being balky, but we can silence the
warning. It may also be a micro optimization in an error condition
if we delay zeroing out the struct until it's needed.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Tue, 27 Jul 2010 19:09:27 +0000 (15:09 -0400)]
mtab: add __attribute__((unused)) to unused variables
...to silence -Wextra warnings.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Tue, 27 Jul 2010 19:09:23 +0000 (15:09 -0400)]
automake: add -Wextra to CFLAGS
...for extra warning goodness.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Suresh Jayaraman [Tue, 27 Jul 2010 17:35:59 +0000 (13:35 -0400)]
mount.cifs: document the 'fsc' mount option
Changes since last post:
- added the information about the kernel CONFIG option
- also added the information that caching is currently enabled for files opened as read-only
Document the newly added local caching feature using FS-Cache. This patch
could be queued and considered once the local caching patches gets merged
upstream.
Signed-off-by: Suresh Jayaraman <sjayaraman@suse.de>
Suresh Jayaraman [Tue, 27 Jul 2010 16:52:44 +0000 (12:52 -0400)]
mount.cifs: clarify 'fsc' mount option
Changes since last post:
- added the information about the kernel CONFIG option
- also added the information that caching is currently enabled for files opened as read-only
Document the newly added local caching feature using FS-Cache. This patch
could be queued and considered once the local caching patches gets merged
upstream.
Signed-off-by: Suresh Jayaraman <sjayaraman@suse.de>
Jeff Layton [Tue, 27 Jul 2010 16:33:33 +0000 (12:33 -0400)]
autoconf: bump version to 4.5.2
Signed-off-by: Jeff Layton <jlayton@samba.org>
Suresh Jayaraman [Tue, 27 Jul 2010 15:11:43 +0000 (11:11 -0400)]
mount.cifs: add 'fsc' mount option to the usage help text
Add 'fsc' mount option to the 'Less commonly used options' section of
mount.cifs usage help text. As with the previous patch, this one too could be
queued and considered once the local caching patches gets merged upstream.
Signed-off-by: Suresh Jayaraman <sjayaraman@suse.de>
Suresh Jayaraman [Tue, 27 Jul 2010 15:10:26 +0000 (11:10 -0400)]
manpages: document 'fsc' mount option
Document the newly added local caching feature using FS-Cache. This patch
could be queued and considered once the local caching patches gets merged
upstream.
Signed-off-by: Suresh Jayaraman <sjayaraman@suse.de>
Jeff Layton [Tue, 27 Jul 2010 11:37:05 +0000 (07:37 -0400)]
mount.cifs: handle the "mand" and "nomand" mount options (try #2)
These are filesystem-independent mount options that get passed to
mount.cifs too. Handle them appropriately by enabling and disabling
MS_MANDLOCK and not handing them off to the kernel.
Also, don't set MS_MANDLOCK by default. There's no reason to ask the
kernel to enforce mandatory locking by default. This also matches
up better with the way that "mand" is set in the mtab.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Tue, 27 Jul 2010 11:33:51 +0000 (07:33 -0400)]
mount.cifs: ignore the "_netdev" mount option
This mount options is used to clue in init scripts that the filesystem
shouldn't be mounted until networking is available. /bin/mount also passes
that option to the filesystem however, and cifs currently chokes on it.
mount.nfs ignores this option -- have mount.cifs do the same.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Mon, 26 Jul 2010 17:00:44 +0000 (13:00 -0400)]
cifs.upcall: require a uid= or creduid= parm
Even though all known kernels send the uid= parm to userspace,
cifs.upcall doesn't technically require it. It should though. If one
wasn't sent for some reason, then the setuid wouldn't occur. Error out
if there is no uid= or creduid= parm.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Fri, 23 Jul 2010 19:28:32 +0000 (15:28 -0400)]
cifs.upcall: use "creduid=" parm by default when available
When I did the original krb5 implementation, I goofed and ended up making
it so that when someone specifies the "uid=" mount option that also affects
the owner of the krb5 credential cache and not just the ownership of the
mount. I'm proposing a patch for the kernel to attempt to fix this by
making the kernel send a "creduid=" parameter in the upcall which is
intended to be the user that should own the credentials cache.
That's not necessarily the same user that has "ownership" of the mount.
Usually the creduid= will be set to the real uid of the user doing the
mounting. When multisession mounts are introduced they will usually set
this to the fsuid that walks into the mount.
To ease the transition, this patch also adds a command line switch that
makes cifs.upcall use the "legacy" uid= parameter instead. Use that if you
want it to behave like it used to.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Wed, 7 Jul 2010 14:48:39 +0000 (10:48 -0400)]
mount.cifs: switch to using _PATH_MNTTAB and paths.h
The code currently uses fstab.h and _PATH_FSTAB, but uClibc apparently
doesn't have that header. It does have paths.h and _PATH_MNTTAB however
and so does glibc, so use that instead.
Fixes samba bug #7539.
Reported-and-Tested-by: Armin Kuster <linux@kama-aina.net>
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Wed, 16 Jun 2010 14:50:54 +0000 (10:50 -0400)]
mount.cifs: use original device name as-is for mtab
We don't want to alter the device name in any way for the mtab as
/bin/umount depends on the string being identical for user mounts.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Scott Lovenberg [Sun, 6 Jun 2010 11:33:40 +0000 (07:33 -0400)]
mount.cifs: accept all supported values for dir_mode
The option parsing function now accepts all values for 'dir_mode' that
are supported by the kernel side code.
Signed-off-by: Scott Lovenberg <scott.lovenberg@gmail.com>
Jeff Layton [Sun, 6 Jun 2010 11:31:42 +0000 (07:31 -0400)]
cifs-utils: bump version number to 4.5.1
...to distinguish interim builds from official releases.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Sun, 30 May 2010 11:47:26 +0000 (07:47 -0400)]
mount.cifs: fix parsing of "cred=" option
When the mount option parsing was cleaned up recently, the detection of
the "cred=" option was dropped.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Fri, 21 May 2010 20:04:14 +0000 (16:04 -0400)]
cifs-utils: bump version number to 4.5
Signed-off-by: Jeff Layton <jlayton@samba.org>
Scott Lovenberg [Fri, 14 May 2010 23:34:26 +0000 (19:34 -0400)]
mount.cifs: cosmetic alignment patch
Align CRED_ macro values to keep style consistent with last patch.
Signed-off-by: Scott Lovenberg <scott.lovenberg@gmail.com>
Scott Lovenberg [Fri, 14 May 2010 23:32:05 +0000 (19:32 -0400)]
mount.cifs: clean up option parsing
Moved option string parsing to function parse_opt_token(char*). Main
loop in parse_options(const char*, struct parsed_mount_info*)
transplanted to a switch block.
The parsing function folds common options to a single macro:
1.) 'unc','target', and 'path' -> 'OPT_UNC'
2.) 'dom*' and 'workg*' -> 'OPT_DOM'
3.) 'nobrl' and 'nolock' -> 'OPT_NO_LOCK'
Kept 'fmask' and 'dmask' (OPT_FMASK, OPT_DMASK), which fall through to
'file_mode' and 'dir_mode' in the main loop.
Signed-off-by: Scott Lovenberg <scott.lovenberg@gmail.com>
Steve French [Fri, 14 May 2010 19:30:07 +0000 (15:30 -0400)]
mount.cifs: unitialized variable in cred parsing error path
Signed-off-by: Steve French <smfrench@gmail.com>
Signed-off-by: Jeff Layton <jlayton@samba.org>
Steve French [Tue, 11 May 2010 13:32:34 +0000 (09:32 -0400)]
mount.cifs: turn into a multicall binary for smb2
mount.smb2 has different help (many fewer mount options) and different
fsname, but otherwise can reuse all of the good work Jeff did on
mount.cifs. This patch allow mount.cifs to detect if run as mount.smb2
(to display different help and fsname).
Signed-off-by: Steve French <smfrench@gmail.com>
Scott Lovenberg [Tue, 11 May 2010 13:32:34 +0000 (09:32 -0400)]
mount.cifs: removed magic number for max username in parse_options
Replaced max username in parse_options with the sum of its potential
parts for "domain/user%password" formatted values. Note that forward
slashes still expand to a double back slash in the parse_username
function, though.
Signed-off-by: Scott Lovenberg <scott.lovenberg@gmail.com>
Jeff Layton [Sun, 2 May 2010 10:32:34 +0000 (06:32 -0400)]
mount.cifs: strip leading delimiter off of prefixpath option
...the kernel doesn't expect to see it and it causes a regression
when mounting some UNCs.
Reported-by: Ales Zelinka <azelinka@redhat.com>
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Sun, 2 May 2010 10:32:30 +0000 (06:32 -0400)]
cifs-utils: bump version number to 4.4.1 for interim builds
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Wed, 28 Apr 2010 11:19:24 +0000 (07:19 -0400)]
cifs-utils: bump version number to 4.4
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Wed, 28 Apr 2010 11:13:17 +0000 (07:13 -0400)]
mount.cifs: fix parsing of password in parse_username
Signed-off-by: Jeff Layton <jlayton@samba.org>
Scott Lovenberg [Sun, 25 Apr 2010 13:35:13 +0000 (09:35 -0400)]
mount.cifs: continued cleanup of open_cred_file and zero out buffer
The parsing for values has been moved to its own function and is a bit
cleaner. Temporary buffers are zeroed out before being freed to ensure
passwords/credentials aren't left in released memory.
Signed-off-by: Scott Lovenberg <scott.lovenberg@gmail.com>
Signed-off-by: Jeff Layton <jlayton@samba.org>
Scott Lovenberg [Fri, 23 Apr 2010 10:50:34 +0000 (06:50 -0400)]
mount.cifs: clean up credential file parsing
Remove magic numbers, redundant code and extra variables from open_cred_file().
Remove check for domain length since strlcpy is safe from buffer overflows.
Signed-off-by: Scott Lovenberg <scott.lovenberg@gmail.com>
Jeff Layton [Sat, 17 Apr 2010 10:21:02 +0000 (06:21 -0400)]
mount.cifs: remove unneeded newline in verbose output
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Wed, 14 Apr 2010 18:11:37 +0000 (14:11 -0400)]
mount.cifs: check for NULL pointer before calling strchr()
mount.cifs calls strchr on currentaddress, which may be a NULL pointer.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Tue, 13 Apr 2010 14:18:13 +0000 (10:18 -0400)]
automake: don't use @foo@ constructs in Makefile.am
...use $(foo) instead. That doesn't rely on an explicit AC_SUBST().
Reported-by: Lars Müller <lars@samba.org>
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Mon, 12 Apr 2010 10:55:24 +0000 (06:55 -0400)]
cifs: enable CAP_DAC_READ_SEARCH before chdir() and realpath() calls
It's possible that root won't have privileges to chdir or evaluate the
paths without that capability.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Fri, 9 Apr 2010 13:08:08 +0000 (09:08 -0400)]
cifs-utils: bump version number to 4.3
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Fri, 9 Apr 2010 12:47:11 +0000 (08:47 -0400)]
autoconf: remove explicit check for prctl
...it's already checked in AC_LIBCAP
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Tue, 6 Apr 2010 19:45:00 +0000 (15:45 -0400)]
autotools: add --with-libcap autoconf option
...it's rather confusing since we can compile against libcap or libcap-ng
but this is helpful for testing.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Jeff Layton [Tue, 6 Apr 2010 19:22:05 +0000 (15:22 -0400)]
mount.cifs: fix capability issues when libcap isn't present
...some #defines are missing in that case. This fixes the build for
all possible libcap/libcap-ng availability scenarios.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Scott Lovenberg [Tue, 6 Apr 2010 18:52:07 +0000 (14:52 -0400)]
mount.cifs: make credentials file parameters consistent with mount options
This patch makes the mount.cifs credentials file parameters consistent with
the command line parameters to remove ambiguity between the command line
parameter format and the credentials file format. That is, it parses for
both short and long form of the 'username', 'password', and 'domain'
parameters. This patch is against the current cifs-utils-4.2.
I'm also thinking of adding a second patch that allows for parsing a
"domain/user", "domain%user" and "domain/user%password" formats as allowed
from the command line.
Signed-off-by: Scott Lovenberg <scott.lovenberg@gmail.com>
Jeff Layton [Mon, 5 Apr 2010 15:23:37 +0000 (11:23 -0400)]
mount.cifs: restrict capabilities further
Only the parent process will ever need CAP_DAC_OVERRIDE. The child can
get by with CAP_DAC_READ_SEARCH.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Mon, 5 Apr 2010 15:23:32 +0000 (11:23 -0400)]
mount.cifs: properly prune the capabilities bounding set
...libcap-ng does this in a much easier fashion. If that's not
available, then we have to do it manually.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Sun, 4 Apr 2010 14:09:38 +0000 (10:09 -0400)]
mount.cifs: use libcap-ng to manage capabilities
...in preference to libcap if it's available.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Sun, 4 Apr 2010 13:51:31 +0000 (09:51 -0400)]
autotools: don't link mount.cifs against krb5 library
mount.cifs is being linked against the krb5 library. Fix it so that
that doesn't happen.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Jeff Layton [Sat, 3 Apr 2010 11:12:06 +0000 (07:12 -0400)]
mount.cifs: fix toggle_cap_dac_override
...it clears the capability set completely, which it shouldn't do. It
also doesn't call cap_set_proc to make the new capability set active.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Jeff Layton [Sat, 3 Apr 2010 10:49:43 +0000 (06:49 -0400)]
mount.cifs: only enable CAP_DAC_OVERRIDE when needed
When dropping capabilities, drop CAP_DAC_OVERRIDE from the effective set
but not the permitted. When we need to open credential or password
files, make it effective again and drop it after the open completes.
This reduces CAP_DAC_OVERRIDE exposure.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Jeff Layton [Fri, 2 Apr 2010 20:02:37 +0000 (16:02 -0400)]
mount.cifs: if real uid is 0, child must keep CAP_DAC_OVERRIDE
...otherwise, root may not be able to read credential files. The ideal
thing would be to remove it from the effective set, and only turn it
on when needed, but for now this should fix the immediate problem.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Fri, 2 Apr 2010 10:42:20 +0000 (06:42 -0400)]
cifs-utils: bump version to 4.2
- fix URL's and email addresses
- update copyright notices
Signed-off-by: Jeff Layton <jlayton@samba.org>
Jeff Layton [Fri, 2 Apr 2010 02:05:47 +0000 (22:05 -0400)]
cifs.upcall: run it through Lindent
...coding style cleanup.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Torsten Kurbad [Fri, 2 Apr 2010 01:47:25 +0000 (21:47 -0400)]
cifs-upcall: krb5.h inclusion quick fix
...eventually it might be better to make autoconf set -I/usr/include/krb5
or whatever and get rid of the #ifdef's here. It's a little tricky to
figure out the include dir however, so this will do for now.
Signed-off-by: Torsten Kurbad <torsten@tk-webart.de>
Torsten Kurbad [Fri, 2 Apr 2010 01:47:18 +0000 (21:47 -0400)]
cifs-upcall: heimdal fixes
Signed-off-by: Torsten Kurbad <torsten@tk-webart.de>
Jeff Layton [Thu, 1 Apr 2010 19:29:59 +0000 (15:29 -0400)]
mount.cifs: re-enable setuid usage
Now that mount.cifs is safe(r) we don't need to disable setuid
capability by default.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Jeff Layton [Thu, 1 Apr 2010 19:28:57 +0000 (15:28 -0400)]
mount.cifs: drop capabilities if libcap is available
Might as well be as safe as possible. Have child drop all capabilities,
and have the parent drop all but CAP_SYS_ADMIN (needed for mounting) and
CAP_DAC_OVERRIDE (needed in case mtab isn't writable by root). We might
even eventually consider being clever and dropping CAP_DAC_OVERRIDE when
root has access to the mtab.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Jeff Layton [Thu, 1 Apr 2010 19:28:54 +0000 (15:28 -0400)]
mount.cifs: guard against signals by unprivileged users
If mount.cifs is setuid root, then the unprivileged user who runs the
program can send the mount.cifs process a signal and kill it. This is
not a huge problem unless we happen to be updating the mtab at the
time, in which case the mtab lockfiles might not get cleaned up.
To remedy this, have the privileged mount.cifs process set its real
uid to the effective uid (usually, root). This prevents unprivileged
users from being able to signal the process.
While we're at it, also mask off signals while we're updating the
mtab. This leaves a SIGKILL by root as the only way to interrupt the
mtab update, but there's really nothing we can do about that.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Jeff Layton [Thu, 1 Apr 2010 19:19:17 +0000 (15:19 -0400)]
mount.cifs: introduce privilege separation
Much of the mount option parsing and other activities can be done by an
unprivileged process. Allocate the parsed_mount_info struct as an
anonymous mmap() segment and then fork to do the actual mount option
parsing. The child can then drop root privileges before populating the
parsed_mount_info struct. The parent waits for the child to exit and
then continues the mount process based on the child's exit status.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Jeff Layton [Thu, 1 Apr 2010 19:19:16 +0000 (15:19 -0400)]
mount.cifs: move nomtab, fakemnt, and verboseflag flags to parsed_mount_info
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Jeff Layton [Thu, 1 Apr 2010 19:19:16 +0000 (15:19 -0400)]
mount.cifs: move assembly of parsed_mount_info to separate function
...later, we'll want to introduce privilege separation so make this
a separate function to facilitate that.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Jeff Layton [Thu, 1 Apr 2010 19:19:16 +0000 (15:19 -0400)]
mount.cifs: run mount.cifs through Lindent
...code cleanup
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Jeff Layton [Thu, 1 Apr 2010 19:19:16 +0000 (15:19 -0400)]
mount.cifs: move mtab adding code to separate function
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Jeff Layton [Thu, 1 Apr 2010 19:19:16 +0000 (15:19 -0400)]
mount.cifs: clean up command-line options
The mount.cifs command apparently tries to take a ton of command-line
options. Many of these will never be passed to mount.cifs by /bin/mount.
Others are more appropriately specified as mount options.
In both cases, there are a lot of options in the switch statement that
are not listed in the optstring, and there are characters in the
optstring that are not dealt with by the switch statement. Other options
are poorly wired to the rest of the code and don't actually do anything.
Clean it up by removing all but the ones that are likely to ever be
used.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Jeff Layton [Thu, 1 Apr 2010 19:19:16 +0000 (15:19 -0400)]
mount.cifs: reassemble device name from pieces
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Jeff Layton [Thu, 1 Apr 2010 19:19:16 +0000 (15:19 -0400)]
mount.cifs: clean up setting of password field
Add a function to set and escape the password properly.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Jeff Layton [Thu, 1 Apr 2010 19:19:16 +0000 (15:19 -0400)]
mount.cifs: eliminate "legacy" setuid behavior
This behavior is demonstrably unsafe and not something we want to support
going forward.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Jeff Layton [Thu, 1 Apr 2010 19:19:16 +0000 (15:19 -0400)]
mount.cifs: eliminate some unneeded flags in parsed_mount_info
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Jeff Layton [Thu, 1 Apr 2010 19:19:16 +0000 (15:19 -0400)]
mount.cifs: parse unc into separate fields
The UNC is currently handled as a single string and mount.cifs will
just munge it whenever it needs to change the delimiter type or
uppercase it, etc. This is tricky to handle correctly and means that
we often need to keep track of what's already been changed. Instead
of doing this, just track the pieces of the UNC in separate fields
in the parsed_mount_info, and then use those pieces to build strings
as needed.
Signed-off-by: Jeff Layton <jlayton@redhat.com>