| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
...I'm also including the POD sources here for easier editing, but we
may remove them in the future if it becomes burdensome to keep up 2
copies.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
The "creds" portion seems redundant.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
...which is much more efficient than walking the keyring by hand.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
...and have it loosen the permissions to allow searching. There seems
to be no clear way to make user keys unreadable, but still allow for
them to be searched, so we'll need a new key_type that doesn't allow
you to read the payload from userspace. That will be proposed in a
separate kernel patch.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
This seems like a reasonable change, but I'm willing to listen to
arguments to the contrary...
cifscreds currently hangs the keys off of the uid keyring. It seems
more appropriate though that we require that each session have its
own set. This might be particularly important in a containerized
situation. If a user authenticates in one container, then we probably
don't want to allow a user in another to "borrow" those creds.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
As Donald points out, NetBIOS domains are allowed more characters than
the code currently allows. Change the test to one that checks for
disallowed characters instead.
Also, I can't find anything that says that '@' is not allowed in a
username. Might as well allow that too. Worst case, the server will
reject the username.
Reported-by: Donald R. Gray Jr <donald.r.gray@gmail.com>
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
...to indicate that the first argument is not a hostname but an
NT domain name. If it's set, then treat the argument as a
string literal.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
...and use getopt_long to get it. If someone doesn't specify the username,
use getusername() to get it.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Having to parse options in every command routine is cumbersome and
restrictive. Declare a struct to hold arguments, and then have the
functions take that struct as an argument.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
...banish the use of exit(), which may be helpful in the future in
the event that we eventually move some of this code into a library.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Change the payload to be "username:password". Since usernames can't
contain ':', this is suitable delimiter. Also, create_description
is just a sprintf now, so eliminate it.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
The username should be part of the key payload and not part of
the description. Also, prefix the address with an "a:" in the
description. Eventually we'll also need a "domain" key variant.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Eventually we'll add this back in a different way. The domain and
address should be exclusive of one another. IOW, we want the kernel to
be able to find credentials for a specific address or for the domain of
which the server is a member.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
...to eliminate this warning:
cifscreds.c: In function ‘cifscreds_clearall’:
cifscreds.c:422:47: warning: unused parameter ‘argv’
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
The new del_mtab code ignored errors from rename(). Make it handle that
error as well like it does other errors.
Cc: Carlos Maiolino <cmaiolino@redhat.com>
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
During a remount of a cifs filesystem, the mtab file is not properly
updated, which leads to a doubled entry of the same filesystem in the
/etc/mtab file. This patch adds a new function del_mtab() which is
called before the add_mtab() in case the fs is being remounted.
The del_mtab() function will delete from the mtab, the old entry from
the filesystem which is being remounted, and then, calls add_mtab() to
add an updated entry to the mtab file.
Signed-off-by: Carlos Maiolino <cmaiolino@redhat.com>
|
|
This was actually requested by the Red Hat QA group, who sometimes work
with multiple krb5.conf files when testing.
Requested-by: Marko Myllynen <myllynen@redhat.com>
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
These binaries don't use keys API at all. There's no need to link in
the keys library.
Reported-by: Frédéric L. W. Meunier <fredlwm@fredlwm.net>
Signed-off-by: Jeff Layton <jlayton@samba.org>
Acked-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
|
|
Add a contrib directory, a set of sample /etc/request-key.d files and
a README that explains what they're for. This version sets the path
to the upcall programs based on the configure options.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Reported-by: Sumit Bose <sbose@redhat.com>
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Resolve the unqualified hostname and set AI_CANONNAME to make sure that
field is populated. Scan forward to the first '.' in ai_canonname, and
append that value onto the unqualified hostname to get a FQDN. Then
prepend that value with "cifs/" and try to get a service ticket for
that principal.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Andrew Bartlett suggests the heuristic supplied in the comments.
For now, we don't try to guess the domainname when the hostname is not
qualified, but add a comment with what needs to be done in order to
support that.
Also, with this change we no longer need util.o to be linked in.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Most KDCs are case-sensitive (the notable exception being AD), but DNS
is case-insensitive. To prevent admins from having to put in all
possible case combinations of a principal, lowercase the hostname prior
to trying to get a principal.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
...and check to see if provided hostname will exceed it.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
...don't use "ipaddr" here since it's a const pointer.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Reviewed-by: Steve French <sfrench@us.ibm.com>
|
|
cifs.upcall.c: In function ‘cifs_krb5_principal_get_realm’:
cifs.upcall.c:80:57: warning: unused parameter ‘context’ [-Wunused-parameter]
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
With the addition of async readpages in 3.2 kernels, the behavior of
the rsize= option has changed.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Add functions to map a uid and gid to a SID. These functions are
similar to SID to uid and gid mapping functions. A SID is what is
returned to the cifs module.
Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
|
|
Minor cleanups and consistency fixes...
Cc: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Add mount options backupuid and backugid and their manpage contents.
Check for either a valid uid/gid or valid user/group name.
Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
|
|
Cc: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
Signed-off-by: Suresh Jayaraman <sjayaraman@suse.de>
|
|
Reviewed-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
Signed-off-by: Suresh Jayaraman <sjayaraman@suse.de>
|
|
Reviewed-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
Signed-off-by: Suresh Jayaraman <sjayaraman@suse.de>
|
|
The convention is to have that close to the bottom of the manpage. In
this case, we want it after the EXAMPLES section.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Move the manpages to section 1 since getcifsacl and setcifsacl are user,
not sysadmin tools. Get rid of the useless sed calls on the manpages.
They don't have any explicit paths in them that need replacing.
Also get rid of the "4.0" in the footers of all the manpages.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
...and eliminate this build warning:
setcifsacl.c: In function ‘build_cmdline_aces’:
setcifsacl.c:582:9: warning: variable ‘rc’ set but not used [-Wunused-but-set-variable]
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Acked-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Both these options are started with "rw" - that's why the first one
isn't switched on even if it is specified. Fix this by adding a length
check for "rw" option check.
Signed-off-by: Pavel Shilovsky <piastry@etersoft.ru>
|
|
Some versions of wbclient.h have function declarations with bool type
args, but they don't include stdbool.h themselves. Make sure that
we can deal with that by telling the autoconf test to include stdbool.h
explicitly. In order to do that properly we need to move some of the
standard header and type tests up in the file.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Add Makefile directives for setcifsacl.
Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
|
|
Add configure directives for option cifsacl. The default action is
to enable cifsacl option.
cifsacl option is enabled or disabled in a similar way to cifs.idmap
in the same function. In addition, for cifsacl, check for sys/xattr.h
is done in the smae .m4 file.
Add directives to build getcifsacl in Makefile.
Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
|
|
State getcifsacl and setcifsacl utilities to manipulate get/set xattr blob
respectively.
Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
|
|
Man pages for utility setcifsacl.
Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
|
|
Man pages for utility getcifsacl.
Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
|
