| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
This was added when it was thought that smb2 would be a different fstype
altogether. Now that we are not adding a separate fstype, this code is
no longer needed since nothing will ever call /sbin/mount.smb2.
Cc: Steve French <smfrench@gmail.com>
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Traditionally, this ver= option was used to specify the "options
version" that we're passing in. It has always been set to '1' though
and we have never changed that.
Eventually we want to have a ver= (or vers=) option that allows users
to specify the SMB version that they want to use to talk to the server.
At that point, this option will just get in the way. Let's go ahead
and remove it now in preparation for that day.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
We handle this option in userspace, so there's little value in also
passing it to the kernel.
Also fix minor double-comma nit in the options string.
Reported-by: Ronald <ronald645@gmail.com>
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
toggle_dac_capability
I'm not sure what I was thinking when I added that check in, but it's
been there since the inception. We shouldn't care at all what the
real uid is when we call toggle_dac_capability and indeed we don't
care with the libcap-ng version. Remove that check.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
the build process of the cifs-utils for Mandriva 2011 made me notice of
the unused variable rc in toggle_dac_capability() of mount.cifs.c.
A bit up in the code we store the return value and do not make use of it
while calling return.
The attached patch intends to fix this.
The failing build result is still visible at
https://build.opensuse.org/package/live_build_log?arch=x86_64&package=cifs-utils&project=network%3Asamba%3ASTABLE&repository=Mandriva_2011
Acked-by: Suresh Jayaraman <sjayaraman@suse.com>
Signed-off-by: Lars Mueller <lmuelle@suse.com>
|
|
older gcc versions (4.3 in the case of SUSE Linux Enterprise 11 SP 1 and
SP 2) complain about uninitialized variables in the recent 5.4 release.
The attached patch makes the build process a bit quieter.
Acked-by: Suresh Jayaraman <sjayaraman@suse.com>
Signed-off-by: Lars Mueller <lmuelle@suse.com>
|
|
...and add -D_FORTIFY_SOURCE=2 to the default $CFLAGS.
Acked-by: Acked-by: Suresh Jayaraman <sjayaraman@suse.com>
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
can't chdir
If mount.cifs is installed as a setuid root program, then a user can
use it to gather information about files and directories to which he
does not have access.
One of the first things that mount.cifs does is to chdir() into the
mountpoint and then proceeds to perform the mount onto ".". A malicious
user could exploit this fact to determine information about directories
to which he does not have access. Specifically, whether the dentry in
question is a file or directory and whether it exists at all.
This patch fixes this by making the program switch the fsuid to the
real uid for unprivileged users when mounting.
Note that this is a behavior change. mount.cifs has in the past allowed
users to mount onto any directory as long as it's listed in /etc/fstab
as a user mount. With this change, the user must also be able to chdir
into the mountpoint without needing special privileges. Hopefully not
many people have such a pathological configuration.
This patch should fix CVE-2012-1586.
Reported-by: Jesus Olmos <jesus.olmos@blueliv.com>
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
autofs generally calls mount helpers with '-s'. Handle that the same
way we do for NFS -- append ",sloppy" option to the mount options.
The kernel can look for that option to decide whether to ignore
unknown mount options, warn, or error out.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
The current test just looks to see if errno was 0 after the conversion
but we need to do a bit more. According to the strtoul manpage:
If there were no digits at all, strtoul() stores the original value
of nptr in *endptr (and returns 0).
So, if you pass in a string of letters, strtoul will return 0, but
won't actually have converted anything. Luckily, in most cases, /bin/mount
papers over this bug by doing uid/gid conversions itself before calling
mount.cifs.
Fix this by also checking to ensure that strtoul() converted the entire
string in addition to checking that it didn't set errno. While we're at
it, fix the test in backupuid/backupgid options as well which don't
currently check whether errno got set.
Reported-by: Kyle Squizzato <ksquizza@redhat.com>
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
The new del_mtab code ignored errors from rename(). Make it handle that
error as well like it does other errors.
Cc: Carlos Maiolino <cmaiolino@redhat.com>
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
During a remount of a cifs filesystem, the mtab file is not properly
updated, which leads to a doubled entry of the same filesystem in the
/etc/mtab file. This patch adds a new function del_mtab() which is
called before the add_mtab() in case the fs is being remounted.
The del_mtab() function will delete from the mtab, the old entry from
the filesystem which is being remounted, and then, calls add_mtab() to
add an updated entry to the mtab file.
Signed-off-by: Carlos Maiolino <cmaiolino@redhat.com>
|
|
Add mount options backupuid and backugid and their manpage contents.
Check for either a valid uid/gid or valid user/group name.
Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
|
|
Both these options are started with "rw" - that's why the first one
isn't switched on even if it is specified. Fix this by adding a length
check for "rw" option check.
Signed-off-by: Pavel Shilovsky <piastry@etersoft.ru>
|
|
Reported-by: Jan Lieskovsky <jlieskov@redhat.com>
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
It's possible that when mount.cifs goes to append the mtab that there
won't be enough space to do so, and the mntent won't be appended to the
file in its entirety.
Add a my_endmntent routine that will fflush and then fsync the FILE if
that succeeds. If either fails then it will truncate the file back to
its provided size. It will then call endmntent unconditionally.
Have add_mtab call fstat on the opened mtab file in order to get the
size of the file before it has been appended. Assuming that that
succeeds, use my_endmntent to ensure that the file is not corrupted
before closing it. It's possible that we'll have a small race window
where the mtab is incorrect, but it should be quickly corrected.
This was reported some time ago as CVE-2011-1678:
http://openwall.com/lists/oss-security/2011/03/04/9
...and it seems to fix the reproducer that I was able to come up with.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Reviewed-by: Suresh Jayaraman <sjayaraman@suse.de>
|
|
It currently test to see if errno == -EINVAL and whether the endptr
is '\0'. That's not correct however. What we really want it to do is
check to see if any error occurred by setting errno to 0 before the
conversion. If one did, then try to treat the value as a name.
Also fix a bogus compiler warning about cruid being uninitialized.
Reported-by: Jian Li <jiali@redhat.com>
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Don't construct a device name, but use the original device string
to mount so the device name in /proc/mounts matches the one in
/etc/fstab.
Signed-off-by: Luk Claes <luk@debian.org>
|
|
It's possible that the user is trying to mount onto a directory to which
he doesn't have execute perms. If that's the case then the mount will
currently fail. Fix this by reenabling CAP_DAC_READ_SEARCH before
calling mount(2). That will ensure that the kernel's permissions check
for this is bypassed.
Reported-by: Erik Logtenberg <erik@logtenberg.eu>
Signed-off-by: Jeff Layton <jlayton@samba.org>
Reviewed-by: Steve French <sfrench@us.ibm.com>
|
|
It's possible to "goto return_i" in this function at several points
before line_buf is set. At that point, the NULL pointer check won't
work correctly and we can end up with a SIGSEGV.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Some distros replace /etc/mtab with a symlink to /proc/mounts. In that
situation, mount.cifs will hang for a while trying to lock the mtab.
/bin/mount checks to see if the mtab is a symlink. If it is or if a
stat() call on it fails, it doesn't try to to update the mtab. Have
mount.cifs do the same.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Allow admins to pass in a username for the cruid= mount option.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Reviewed-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
|
|
The handling of these options is quite convoluted. Change it so that
these options are stored as numbers and then appended to the option
strings.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Reviewed-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
|
|
The manpage says:
ip=arg
sets the destination IP address. This option is set automatically
if the server name portion of the requested UNC name can be
resolved so rarely needs to be specified by the user.
...but recent changes have made it not work anymore as an override if
someone specifies an ip= option as part of the mount options. Reinstate
that behavior by copying the ip= option verbatim into the addrlist of
the parsed options struct and then skipping the name resolution. That
should allow the ip= option to pass unadulterated to the kernel.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
The resolve_host routine from mount.cifs is carried out in
separate file and appropriate corrections are made.
Signed-off-by: Igor Druzhinin <jaxbrigs@gmail.com>
|
|
Avoid setting error code twice by moving error handling out of add_mtab_exit
block. We already set error code and report error in other places.
Signed-off-by: Suresh Jayaraman <sjayaraman@suse.de>
|
|
Add 'fsc' mount option to the 'Less commonly used options' section of
mount.cifs usage help text. As with the previous patch, this one too could be
queued and considered once the local caching patches gets merged upstream.
Signed-off-by: Suresh Jayaraman <sjayaraman@suse.de>
|
|
These are filesystem-independent mount options that get passed to
mount.cifs too. Handle them appropriately by enabling and disabling
MS_MANDLOCK and not handing them off to the kernel.
Also, don't set MS_MANDLOCK by default. There's no reason to ask the
kernel to enforce mandatory locking by default. This also matches
up better with the way that "mand" is set in the mtab.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
This mount options is used to clue in init scripts that the filesystem
shouldn't be mounted until networking is available. /bin/mount also passes
that option to the filesystem however, and cifs currently chokes on it.
mount.nfs ignores this option -- have mount.cifs do the same.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
The code currently uses fstab.h and _PATH_FSTAB, but uClibc apparently
doesn't have that header. It does have paths.h and _PATH_MNTTAB however
and so does glibc, so use that instead.
Fixes samba bug #7539.
Reported-and-Tested-by: Armin Kuster <linux@kama-aina.net>
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
We don't want to alter the device name in any way for the mtab as
/bin/umount depends on the string being identical for user mounts.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
The option parsing function now accepts all values for 'dir_mode' that
are supported by the kernel side code.
Signed-off-by: Scott Lovenberg <scott.lovenberg@gmail.com>
|
|
When the mount option parsing was cleaned up recently, the detection of
the "cred=" option was dropped.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Align CRED_ macro values to keep style consistent with last patch.
Signed-off-by: Scott Lovenberg <scott.lovenberg@gmail.com>
|
|
Moved option string parsing to function parse_opt_token(char*). Main
loop in parse_options(const char*, struct parsed_mount_info*)
transplanted to a switch block.
The parsing function folds common options to a single macro:
1.) 'unc','target', and 'path' -> 'OPT_UNC'
2.) 'dom*' and 'workg*' -> 'OPT_DOM'
3.) 'nobrl' and 'nolock' -> 'OPT_NO_LOCK'
Kept 'fmask' and 'dmask' (OPT_FMASK, OPT_DMASK), which fall through to
'file_mode' and 'dir_mode' in the main loop.
Signed-off-by: Scott Lovenberg <scott.lovenberg@gmail.com>
|
|
Signed-off-by: Steve French <smfrench@gmail.com>
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
mount.smb2 has different help (many fewer mount options) and different
fsname, but otherwise can reuse all of the good work Jeff did on
mount.cifs. This patch allow mount.cifs to detect if run as mount.smb2
(to display different help and fsname).
Signed-off-by: Steve French <smfrench@gmail.com>
|
|
Replaced max username in parse_options with the sum of its potential
parts for "domain/user%password" formatted values. Note that forward
slashes still expand to a double back slash in the parse_username
function, though.
Signed-off-by: Scott Lovenberg <scott.lovenberg@gmail.com>
|
|
...the kernel doesn't expect to see it and it causes a regression
when mounting some UNCs.
Reported-by: Ales Zelinka <azelinka@redhat.com>
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
The parsing for values has been moved to its own function and is a bit
cleaner. Temporary buffers are zeroed out before being freed to ensure
passwords/credentials aren't left in released memory.
Signed-off-by: Scott Lovenberg <scott.lovenberg@gmail.com>
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Remove magic numbers, redundant code and extra variables from open_cred_file().
Remove check for domain length since strlcpy is safe from buffer overflows.
Signed-off-by: Scott Lovenberg <scott.lovenberg@gmail.com>
|
|
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
mount.cifs calls strchr on currentaddress, which may be a NULL pointer.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
It's possible that root won't have privileges to chdir or evaluate the
paths without that capability.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
...some #defines are missing in that case. This fixes the build for
all possible libcap/libcap-ng availability scenarios.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
|
|
This patch makes the mount.cifs credentials file parameters consistent with
the command line parameters to remove ambiguity between the command line
parameter format and the credentials file format. That is, it parses for
both short and long form of the 'username', 'password', and 'domain'
parameters. This patch is against the current cifs-utils-4.2.
I'm also thinking of adding a second patch that allows for parsing a
"domain/user", "domain%user" and "domain/user%password" formats as allowed
from the command line.
Signed-off-by: Scott Lovenberg <scott.lovenberg@gmail.com>
|
|
Only the parent process will ever need CAP_DAC_OVERRIDE. The child can
get by with CAP_DAC_READ_SEARCH.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
...libcap-ng does this in a much easier fashion. If that's not
available, then we have to do it manually.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
