| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Move all man pages to easily editable POD files and generate troff
source when building.
Previous .in troff file are still preprocessed before final generation
to use configured path (.pod.in -> .pod -> troff). All temporary
files (.pod.in and troff sources) are properly deleted on clean.
Remove all troff file, no need to keep generated copies under source
control.
This commit does not change the content of the man pages but makes
future editing easier.
Adds a new --enable-man/--disable-man configure option to control the
generation and installation of man pages. The option is automatically
enabled if the system supports it. Explicitly enabling it will make the
configure script fail if pod2man is not installed.
Signed-off-by: Aurelien Aptel <aaptel@suse.com>
|
|
Setuid programs triggering upcalls could trick the program here. Also,
the d_automount method is done with credentials overridden so if you
can end up with mismatched creds and env vars due to that as well.
It's a hack, but the only recourse I can see is to avoid doing this
when the uid is 0. That means we can't rely on finding root credcaches
in alternate locations using $KRB5CCNAME, but I think that's the best
we can do.
Reported-and-Tested-by: Chad William Seys <cwseys@physics.wisc.edu>
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
/proc/<pid>/environ file
Chad reported that he was seeing a regression in cifs-utils-6.6. Prior
to that, cifs.upcall was able to find credcaches in non-default FILE:
locations, but with the rework of that code, that ability was lost.
Unfortunately, the krb5 library design doesn't really take into account
the fact that we might need to find a credcache in a process that isn't
descended from the session.
When the kernel does an upcall, it passes several bits of info about the
task that initiated the upcall. One of those things is the PID (the
tgid, in particular). We can use that info to reach into the
/proc/<pid>/environ file for the process, and grab whatever value of
$KRB5CCNAME is there.
Then, after switching credentials, set $KRB5CCNAME in the environment
to the same value before opening the credcache, to hint to the krb5
libs where they ought to look.
This new behavior is on by default, but can be disabled by having
request-key pass a '-E' flag to cifs.upcall.
Reported-by: Chad William Seys <cwseys@physics.wisc.edu>
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Currently cifs.upcall only looks at the default system keytab
(/etc/krb5.keytab). It's often the case however that a dedicated keytab
is desirable. Allow administrators to set one on the command-line.
Reported-by: steve <steve@steve-ss.com>
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
This was actually requested by the Red Hat QA group, who sometimes work
with multiple krb5.conf files when testing.
Requested-by: Marko Myllynen <myllynen@redhat.com>
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Move the manpages to section 1 since getcifsacl and setcifsacl are user,
not sysadmin tools. Get rid of the useless sed calls on the manpages.
They don't have any explicit paths in them that need replacing.
Also get rid of the "4.0" in the footers of all the manpages.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
As of version 1.5, the keyutils package is shipping a generic
dns_resolver upcall. Add a note to the cifs.upcall manpage that mentions
this and recommends the use of that program over cifs.upcall.
Eventually, we may want to be able to conditionally compile out the
dns_resolver part of the upcall, but it's already pretty small and
wouldn't save us very much.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Fix alignment of columns and trailing whitespace in cifs.idmap(8). Fix
request-key.conf(5) reference in cifs.idmap(8) and cifs.upcall(8).
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Currently the manpages (particularly cifs.upcall.8) have hardcoded
paths in them that need to be manually adjusted. Replace those
paths with @sbindir@ and add a makefile target that will use sed
to replace those paths with the ones set by autoconf.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
