| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Some versions of wbclient.h have function declarations with bool type
args, but they don't include stdbool.h themselves. Make sure that
we can deal with that by telling the autoconf test to include stdbool.h
explicitly. In order to do that properly we need to move some of the
standard header and type tests up in the file.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Add Makefile directives for setcifsacl.
Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
|
|
Add configure directives for option cifsacl. The default action is
to enable cifsacl option.
cifsacl option is enabled or disabled in a similar way to cifs.idmap
in the same function. In addition, for cifsacl, check for sys/xattr.h
is done in the smae .m4 file.
Add directives to build getcifsacl in Makefile.
Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
|
|
State getcifsacl and setcifsacl utilities to manipulate get/set xattr blob
respectively.
Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
|
|
Man pages for utility setcifsacl.
Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
|
|
Man pages for utility getcifsacl.
Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
|
|
Parse the blob that contains a security descriptor obtained by
calling getxattr API using attribute system.cifs_acl .
Start parsing and printing security descriptor including
the a DACL within the security descriptor, printing each ACE of
the DACL by printing SID, type, flags, and mask.
Winbind apis are used to translate raw SID to a name.
Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
|
|
Parse the blob that contains a security descriptor obtained by
calling getxattr API using attribute system.cifs_acl .
Start parsing and printing security descriptor including
the a DACL within the security descriptor, printing each ACE of
the DACL by printing SID, type, flags, and mask.
Winbind apis are used to translate raw SID to a name.
Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
|
|
Add defines and structures related to security descriptor, ACL,
ACE, various fields within an ACE, and SID.
Also define various file permissions and acess types.
Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
|
|
It currently says "no" is the default, but it should be "yes".
Reported-by: Elias Pipping <pipping@lavabit.com>
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Reported-by: Jan Lieskovsky <jlieskov@redhat.com>
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
As of version 1.5, the keyutils package is shipping a generic
dns_resolver upcall. Add a note to the cifs.upcall manpage that mentions
this and recommends the use of that program over cifs.upcall.
Eventually, we may want to be able to conditionally compile out the
dns_resolver part of the upcall, but it's already pretty small and
wouldn't save us very much.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
..also update the part that describes what kernel version this manpage
is accurate against.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Manpage contents for cifs mount option cifsacl
Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
|
|
It's possible that when mount.cifs goes to append the mtab that there
won't be enough space to do so, and the mntent won't be appended to the
file in its entirety.
Add a my_endmntent routine that will fflush and then fsync the FILE if
that succeeds. If either fails then it will truncate the file back to
its provided size. It will then call endmntent unconditionally.
Have add_mtab call fstat on the opened mtab file in order to get the
size of the file before it has been appended. Assuming that that
succeeds, use my_endmntent to ensure that the file is not corrupted
before closing it. It's possible that we'll have a small race window
where the mtab is incorrect, but it should be quickly corrected.
This was reported some time ago as CVE-2011-1678:
http://openwall.com/lists/oss-security/2011/03/04/9
...and it seems to fix the reproducer that I was able to come up with.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Reviewed-by: Suresh Jayaraman <sjayaraman@suse.de>
|
|
Clarify servernetbiosname parameter name, add mention of ignorecase, and
add a section on noposixpaths.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Fix alignment of columns and trailing whitespace in cifs.idmap(8). Fix
request-key.conf(5) reference in cifs.idmap(8) and cifs.upcall(8).
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Create man pages for program cifs.idmap
Enable cifs.idmap config option by default.
Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
|
|
Otherwise you get warnings about missing files with recent autotools.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
...to match the change in versioning.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Signed-off-by: Pavel Shilovsky <piastry@etersoft.ru>
|
|
...according to shared superblock capability merged into cifs-2.6
git tree recently.
Signed-off-by: Pavel Shilovsky <piastry@etersoft.ru>
|
|
...to account for the changes in the async write patchset.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
cifs.idmap.c: In function ‘cifs_idmap’:
cifs.idmap.c:85:16: warning: unused variable ‘gr’ [-Wunused-variable]
cifs.idmap.c:84:17: warning: unused variable ‘pw’ [-Wunused-variable]
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Handle cifs.idmap type of key. Extract a SID string from the description
and map it to either an uid or gid using winbind APIs.
If that fails (e.g. because winbind is not installed/running or winbind
returns an error), kernel assigns uid and gid (from mount superblock).
Enable including winbind header files and idmapping code conditional
to winbind devel rpms (header and library).
An entry such as this
create cifs.idmap * * /usr/sbin/cifs.idmap %k
is needed in the file /etc/request-key.conf.
[Note: Modified to not build new tool by default, and to fix up some
whitespace munging]
Modified-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
|
|
Signed-off-by: Pavel Shilovsky <piastry@etersoft.ru>
|
|
It currently test to see if errno == -EINVAL and whether the endptr
is '\0'. That's not correct however. What we really want it to do is
check to see if any error occurred by setting errno to 0 before the
conversion. If one did, then try to treat the value as a name.
Also fix a bogus compiler warning about cruid being uninitialized.
Reported-by: Jian Li <jiali@redhat.com>
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Don't construct a device name, but use the original device string
to mount so the device name in /proc/mounts matches the one in
/etc/fstab.
Signed-off-by: Luk Claes <luk@debian.org>
|
|
Signed-off-by: Pavel Shilovsky <piastry@etersoft.ru>
|
|
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
We get a pointer to the end of the address string (ipaddr), but the call
snprintf and pass in tmpbuf which is a pointer to the beginning of the
address string. If someone passes in an address with a scopeid then we
end up overwriting the entire address string.
Reported-by: Björn JACKE <bj@sernet.de>
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
It's possible that the user is trying to mount onto a directory to which
he doesn't have execute perms. If that's the case then the mount will
currently fail. Fix this by reenabling CAP_DAC_READ_SEARCH before
calling mount(2). That will ensure that the kernel's permissions check
for this is bypassed.
Reported-by: Erik Logtenberg <erik@logtenberg.eu>
Signed-off-by: Jeff Layton <jlayton@samba.org>
Reviewed-by: Steve French <sfrench@us.ibm.com>
|
|
It's possible to "goto return_i" in this function at several points
before line_buf is set. At that point, the NULL pointer check won't
work correctly and we can end up with a SIGSEGV.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Some distros replace /etc/mtab with a symlink to /proc/mounts. In that
situation, mount.cifs will hang for a while trying to lock the mtab.
/bin/mount checks to see if the mtab is a symlink. If it is or if a
stat() call on it fails, it doesn't try to to update the mtab. Have
mount.cifs do the same.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
The 4.8 release had mis-generated autoconf files (they didn't include
the libcap-ng autoconf goop). 4.8.1 will have that fixed.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
It references umount.cifs(8) which is no longer shipped as part of
cifs-utils. Replace it with a reference to cifs.upcall(8) instead.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Allow admins to pass in a username for the cruid= mount option.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Reviewed-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
|
|
The handling of these options is quite convoluted. Change it so that
these options are stored as numbers and then appended to the option
strings.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Reviewed-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
|
|
Based on a patch from a few years ago by Igor Mammedov. This patch
adds the ability for cifs.upcall to establish a TGT using the
system-default keytab.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Acked-by: Igor Mammedov <niallain@gmail.com>
|
|
Signed-off-by: Jeff Layton <jlayton@samba.org>
Acked-by: Igor Mammedov <niallain@gmail.com>
|
|
Signed-off-by: Jeff Layton <jlayton@samba.org>
Acked-by: Igor Mammedov <niallain@gmail.com>
|
|
...and switch the code to using strndup. Check for allocation errors as
well, and fix some off-by-one bugs in the ones that decode strings.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Acked-by: Igor Mammedov <niallain@gmail.com>
|
|
Signed-off-by: Jeff Layton <jlayton@samba.org>
Acked-by: Igor Mammedov <niallain@gmail.com>
|
