| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Add routines for the various things that cifs.idmap needs and have it
call them.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Add str_to_sid() functionality to the plugin API and have setcifsacl
use it.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Currently, the ACL-related tools in cifs-utils call into the wbclient
libs directly in order to do their bidding. The wbclient developers want
to get away from needing to configure winbind on the clients and instead
allow sssd to handle the mapping in most cases.
This patch represents an initial step in that direction. It adds a
plugin architecture for cifs-utils, adds wrappers around the calls into
libwbclient that find an idmap plugin library to use and then has it
call into that plugin to do the actual ID mapping.
The application will call into a set of routines that find the correct
plugin and dlopen() it. Currently the plugin is located in a well-known
location that is settable via autoconf. That location is intended to be
a symlink that points to the real plugin (generally under $pkglibdir).
The plugin will export a number of functions with well-known names. The
wrappers find those by using dlsym() and then call them.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
People who want to build a plugin for the idmapping routines will need a
header to describe the data types that they need. Add a cifsidmap.h file
and move the struct cifs_sid definition into it, along with the
constants needed to describe it.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
...which is really only mount.cifs.
Cc: Björn Jacke <bj@sernet.de>
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
When I moved the manpages for this to section 1, I missed some references
to them. Also, get rid of the unneeded clean-local-aclprogs makefile target.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
-pie and -fpie enable the building of position-independent executables,
and -Wl,-z,relro turns on read-only relocation support in gcc. These
options are important for security purposes to guard against possible
buffer overflows that lead to exploits.
Follow the example of samba here and enable these by default, but add
configure options that allow people to turn them off at build-time if
necessary.
We may also want to eventually add checks to ensure that the compiler
and linker understand these options, but I'll wait until we have some
evidence that it's needed before I expend the effort.
Reported-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
I think in hindsight, that adding -Werror by default was a mistake.
cifs-utils is built in a wide range of environments and tools, and it's
very difficult to eliminate all of the possible warnings.
Let's go ahead and remove it and reduce the steady trickle of patches
that are simply to silence obscure warnings.
Cc: Suresh Jayaraman <sjayaraman@suse.com>
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
...and add -D_FORTIFY_SOURCE=2 to the default $CFLAGS.
Acked-by: Acked-by: Suresh Jayaraman <sjayaraman@suse.com>
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
With the recent patch to fix the warnings in asn1.c, cifs-utils now
builds without any warnings. Ban them henceforth by adding -Werror for
builds.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Use the pkgconfig file that's included with wbclient to perform the test
for wbclient usability, and to set the correct CFLAGS and LDADD.
This is particularly necessary on recent Fedora with samba4 since it
puts the wbclient.h file in a different directory than before.
Also, remove a redundant test for wbclient.h from configure.ac.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
...via the $ROOTSBINDIR environment variable, and AC_ARG_VAR macro.
The default is to use /sbin for this value, which only currently
affects the installation location of mount.cifs.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
...I'm also including the POD sources here for easier editing, but we
may remove them in the future if it becomes burdensome to keep up 2
copies.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
These binaries don't use keys API at all. There's no need to link in
the keys library.
Reported-by: Frédéric L. W. Meunier <fredlwm@fredlwm.net>
Signed-off-by: Jeff Layton <jlayton@samba.org>
Acked-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
|
|
Add a contrib directory, a set of sample /etc/request-key.d files and
a README that explains what they're for. This version sets the path
to the upcall programs based on the configure options.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Andrew Bartlett suggests the heuristic supplied in the comments.
For now, we don't try to guess the domainname when the hostname is not
qualified, but add a comment with what needs to be done in order to
support that.
Also, with this change we no longer need util.o to be linked in.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Move the manpages to section 1 since getcifsacl and setcifsacl are user,
not sysadmin tools. Get rid of the useless sed calls on the manpages.
They don't have any explicit paths in them that need replacing.
Also get rid of the "4.0" in the footers of all the manpages.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Add Makefile directives for setcifsacl.
Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
|
|
Add configure directives for option cifsacl. The default action is
to enable cifsacl option.
cifsacl option is enabled or disabled in a similar way to cifs.idmap
in the same function. In addition, for cifsacl, check for sys/xattr.h
is done in the smae .m4 file.
Add directives to build getcifsacl in Makefile.
Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
|
|
Create man pages for program cifs.idmap
Enable cifs.idmap config option by default.
Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
|
|
Handle cifs.idmap type of key. Extract a SID string from the description
and map it to either an uid or gid using winbind APIs.
If that fails (e.g. because winbind is not installed/running or winbind
returns an error), kernel assigns uid and gid (from mount superblock).
Enable including winbind header files and idmapping code conditional
to winbind devel rpms (header and library).
An entry such as this
create cifs.idmap * * /usr/sbin/cifs.idmap %k
is needed in the file /etc/request-key.conf.
[Note: Modified to not build new tool by default, and to fix up some
whitespace munging]
Modified-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
|
|
Fix up some small problems with pathname replacement:
1) replace the bare 'sed' with $(SED)
2) '\@' is apparently not portable, so we need to use a different scheme
in case we end up using a non-typical sed binary.
3) do the sed conversion to a new file and then move it into place. If
sed falls down halfway through the conversion we could end up with
a half-baked manpage.
4) use the $@ construct for brevity and maintainability
5) add a comment so that the rationale behind this is explained
Many thanks to several folks inside Red Hat who pointed out these
issues.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Currently the manpages (particularly cifs.upcall.8) have hardcoded
paths in them that need to be manually adjusted. Replace those
paths with @sbindir@ and add a makefile target that will use sed
to replace those paths with the ones set by autoconf.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
It is a userspace part of a new infrastructure for stashing passwords
in kernel keyring per user basis. The patch adds the "cifscreds"
utility for management keys with credentials. Assembling of the utility
from the distribution is possible with --enable-cifscreds=yes option of
configure script.
Signed-off-by: Igor Druzhinin <jaxbrigs@gmail.com>
|
|
The resolve_host routine from mount.cifs is carried out in
separate file and appropriate corrections are made.
Signed-off-by: Igor Druzhinin <jaxbrigs@gmail.com>
|
|
...for extra warning goodness.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
...use $(foo) instead. That doesn't rely on an explicit AC_SUBST().
Reported-by: Lars Müller <lars@samba.org>
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
...in preference to libcap if it's available.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
mount.cifs is being linked against the krb5 library. Fix it so that
that doesn't happen.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
|
|
Might as well be as safe as possible. Have child drop all capabilities,
and have the parent drop all but CAP_SYS_ADMIN (needed for mounting) and
CAP_DAC_OVERRIDE (needed in case mtab isn't writable by root). We might
even eventually consider being clever and dropping CAP_DAC_OVERRIDE when
root has access to the mtab.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
|
|
Make it so that cifs.upcall is built by default, but autodisable it if
the needed headers aren't present.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
|
|
Signed-off-by: Jeff Layton <jlayton@redhat.com>
|
|
Signed-off-by: Jeff Layton <jlayton@redhat.com>
|
|
Signed-off-by: Jeff Layton <jlayton@redhat.com>
|
|
Signed-off-by: Jeff Layton <jlayton@redhat.com>
|
|
Signed-off-by: Jeff Layton <jlayton@redhat.com>
|
|
Signed-off-by: Jeff Layton <jlayton@redhat.com>
|
|
Signed-off-by: Jeff Layton <jlayton@redhat.com>
|
