| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Add a contrib directory, a set of sample /etc/request-key.d files and
a README that explains what they're for. This version sets the path
to the upcall programs based on the configure options.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Reported-by: Sumit Bose <sbose@redhat.com>
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Resolve the unqualified hostname and set AI_CANONNAME to make sure that
field is populated. Scan forward to the first '.' in ai_canonname, and
append that value onto the unqualified hostname to get a FQDN. Then
prepend that value with "cifs/" and try to get a service ticket for
that principal.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Andrew Bartlett suggests the heuristic supplied in the comments.
For now, we don't try to guess the domainname when the hostname is not
qualified, but add a comment with what needs to be done in order to
support that.
Also, with this change we no longer need util.o to be linked in.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Most KDCs are case-sensitive (the notable exception being AD), but DNS
is case-insensitive. To prevent admins from having to put in all
possible case combinations of a principal, lowercase the hostname prior
to trying to get a principal.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
...and check to see if provided hostname will exceed it.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
...don't use "ipaddr" here since it's a const pointer.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Reviewed-by: Steve French <sfrench@us.ibm.com>
|
|
cifs.upcall.c: In function ‘cifs_krb5_principal_get_realm’:
cifs.upcall.c:80:57: warning: unused parameter ‘context’ [-Wunused-parameter]
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
With the addition of async readpages in 3.2 kernels, the behavior of
the rsize= option has changed.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Add functions to map a uid and gid to a SID. These functions are
similar to SID to uid and gid mapping functions. A SID is what is
returned to the cifs module.
Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
|
|
Minor cleanups and consistency fixes...
Cc: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Add mount options backupuid and backugid and their manpage contents.
Check for either a valid uid/gid or valid user/group name.
Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
|
|
Cc: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
Signed-off-by: Suresh Jayaraman <sjayaraman@suse.de>
|
|
Reviewed-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
Signed-off-by: Suresh Jayaraman <sjayaraman@suse.de>
|
|
Reviewed-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
Signed-off-by: Suresh Jayaraman <sjayaraman@suse.de>
|
|
The convention is to have that close to the bottom of the manpage. In
this case, we want it after the EXAMPLES section.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Move the manpages to section 1 since getcifsacl and setcifsacl are user,
not sysadmin tools. Get rid of the useless sed calls on the manpages.
They don't have any explicit paths in them that need replacing.
Also get rid of the "4.0" in the footers of all the manpages.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
...and eliminate this build warning:
setcifsacl.c: In function ‘build_cmdline_aces’:
setcifsacl.c:582:9: warning: variable ‘rc’ set but not used [-Wunused-but-set-variable]
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Acked-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Both these options are started with "rw" - that's why the first one
isn't switched on even if it is specified. Fix this by adding a length
check for "rw" option check.
Signed-off-by: Pavel Shilovsky <piastry@etersoft.ru>
|
|
Some versions of wbclient.h have function declarations with bool type
args, but they don't include stdbool.h themselves. Make sure that
we can deal with that by telling the autoconf test to include stdbool.h
explicitly. In order to do that properly we need to move some of the
standard header and type tests up in the file.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Add Makefile directives for setcifsacl.
Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
|
|
Add configure directives for option cifsacl. The default action is
to enable cifsacl option.
cifsacl option is enabled or disabled in a similar way to cifs.idmap
in the same function. In addition, for cifsacl, check for sys/xattr.h
is done in the smae .m4 file.
Add directives to build getcifsacl in Makefile.
Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
|
|
State getcifsacl and setcifsacl utilities to manipulate get/set xattr blob
respectively.
Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
|
|
Man pages for utility setcifsacl.
Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
|
|
Man pages for utility getcifsacl.
Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
|
|
Parse the blob that contains a security descriptor obtained by
calling getxattr API using attribute system.cifs_acl .
Start parsing and printing security descriptor including
the a DACL within the security descriptor, printing each ACE of
the DACL by printing SID, type, flags, and mask.
Winbind apis are used to translate raw SID to a name.
Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
|
|
Parse the blob that contains a security descriptor obtained by
calling getxattr API using attribute system.cifs_acl .
Start parsing and printing security descriptor including
the a DACL within the security descriptor, printing each ACE of
the DACL by printing SID, type, flags, and mask.
Winbind apis are used to translate raw SID to a name.
Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
|
|
Add defines and structures related to security descriptor, ACL,
ACE, various fields within an ACE, and SID.
Also define various file permissions and acess types.
Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
|
|
It currently says "no" is the default, but it should be "yes".
Reported-by: Elias Pipping <pipping@lavabit.com>
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Reported-by: Jan Lieskovsky <jlieskov@redhat.com>
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
As of version 1.5, the keyutils package is shipping a generic
dns_resolver upcall. Add a note to the cifs.upcall manpage that mentions
this and recommends the use of that program over cifs.upcall.
Eventually, we may want to be able to conditionally compile out the
dns_resolver part of the upcall, but it's already pretty small and
wouldn't save us very much.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
..also update the part that describes what kernel version this manpage
is accurate against.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Manpage contents for cifs mount option cifsacl
Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
|
|
It's possible that when mount.cifs goes to append the mtab that there
won't be enough space to do so, and the mntent won't be appended to the
file in its entirety.
Add a my_endmntent routine that will fflush and then fsync the FILE if
that succeeds. If either fails then it will truncate the file back to
its provided size. It will then call endmntent unconditionally.
Have add_mtab call fstat on the opened mtab file in order to get the
size of the file before it has been appended. Assuming that that
succeeds, use my_endmntent to ensure that the file is not corrupted
before closing it. It's possible that we'll have a small race window
where the mtab is incorrect, but it should be quickly corrected.
This was reported some time ago as CVE-2011-1678:
http://openwall.com/lists/oss-security/2011/03/04/9
...and it seems to fix the reproducer that I was able to come up with.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Reviewed-by: Suresh Jayaraman <sjayaraman@suse.de>
|
|
Clarify servernetbiosname parameter name, add mention of ignorecase, and
add a section on noposixpaths.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Fix alignment of columns and trailing whitespace in cifs.idmap(8). Fix
request-key.conf(5) reference in cifs.idmap(8) and cifs.upcall(8).
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Create man pages for program cifs.idmap
Enable cifs.idmap config option by default.
Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
|
|
Otherwise you get warnings about missing files with recent autotools.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
...to match the change in versioning.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Signed-off-by: Pavel Shilovsky <piastry@etersoft.ru>
|
|
...according to shared superblock capability merged into cifs-2.6
git tree recently.
Signed-off-by: Pavel Shilovsky <piastry@etersoft.ru>
|
|
...to account for the changes in the async write patchset.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
