samba.git/client, branch v3-5-test Unnamed repository; edit this file 'description' to name the repository. mount.cifs: check for NULL addr pointer before handling scopeid 2010-05-17T07:20:44+00:00 Jeff Layton jlayton@redhat.com 2010-05-12T11:05:10+00:00 78a6eb582d28d92db5ffab6ded40785be54cf540 Signed-off-by: Jeff Layton <jlayton@redhat.com> Fix bug #7315 (mount.cifs segfaults after upgrade to 2.6.33). 
Signed-off-by: Jeff Layton <jlayton@redhat.com>

Fix bug #7315 (mount.cifs segfaults after upgrade to 2.6.33).
mount.cifs: don't allow it to be run as setuid root program 2010-03-08T09:05:57+00:00 Jeff Layton jlayton@redhat.com 2010-01-26T13:36:11+00:00 e6c856ac84ee18a192edc3e8a6547e2e9387a1b5 mount.cifs has been the subject of several "security" fire drills due to distributions installing it as a setuid root program. This program has not been properly audited for security and the Samba team highly recommends that it not be installed as a setuid root program at this time. To make that abundantly clear, this patch forcibly disables the ability for mount.cifs to run as a setuid root program. People are welcome to trivially patch this out, but they do so at their own peril. A security audit and redesign of this program is in progress and we hope that we'll be able to remove this in the near future. Signed-off-by: Jeff Layton <jlayton@redhat.com> The last 3 patches address bug #6853 (mount.cifs race that allows user to replace mountpoint with a symlink). 
mount.cifs has been the subject of several "security" fire drills due to
distributions installing it as a setuid root program. This program has
not been properly audited for security and the Samba team highly
recommends that it not be installed as a setuid root program at this
time.

To make that abundantly clear, this patch forcibly disables the ability
for mount.cifs to run as a setuid root program. People are welcome to
trivially patch this out, but they do so at their own peril.

A security audit and redesign of this program is in progress and we hope
that we'll be able to remove this in the near future.

Signed-off-by: Jeff Layton <jlayton@redhat.com>

The last 3 patches address bug #6853 (mount.cifs race that allows user to
replace mountpoint with a symlink).
mount.cifs: check for invalid characters in device name and mountpoint 2010-03-08T09:05:46+00:00 Jeff Layton jlayton@redhat.com 2010-01-26T13:36:03+00:00 ae24005a5a2c165dfd9b859bf1c02b5f7e967be5 It's apparently possible to corrupt the mtab if you pass embedded newlines to addmntent. Apparently tabs are also a problem with certain earlier glibc versions. Backslashes are also a minor issue apparently, but we can't reasonably filter those. Make sure that neither the devname or mountpoint contain any problematic characters before allowing the mount to proceed. Signed-off-by: Jeff Layton <jlayton@redhat.com> 
It's apparently possible to corrupt the mtab if you pass embedded
newlines to addmntent. Apparently tabs are also a problem with certain
earlier glibc versions. Backslashes are also a minor issue apparently,
but we can't reasonably filter those.

Make sure that neither the devname or mountpoint contain any problematic
characters before allowing the mount to proceed.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
mount.cifs: take extra care that mountpoint isn't changed during mount 2010-03-08T09:05:46+00:00 Jeff Layton jlayton@redhat.com 2010-01-26T13:35:35+00:00 a60afceaa71c0c9b53b2ec1014db5d09d777803d It's possible to trick mount.cifs into mounting onto the wrong directory by replacing the mountpoint with a symlink to a directory. mount.cifs attempts to check the validity of the mountpoint, but there's still a possible race between those checks and the mount(2) syscall. To guard against this, chdir to the mountpoint very early, and only deal with it as "." from then on out. Signed-off-by: Jeff Layton <jlayton@redhat.com> 
It's possible to trick mount.cifs into mounting onto the wrong directory
by replacing the mountpoint with a symlink to a directory. mount.cifs
attempts to check the validity of the mountpoint, but there's still a
possible race between those checks and the mount(2) syscall.

To guard against this, chdir to the mountpoint very early, and only deal
with it as "." from then on out.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
cifs.upcall: allocate a talloc context for smb_krb5_unparse_name 2010-02-17T13:46:13+00:00 Jeff Layton jlayton@redhat.com 2010-02-16T14:16:42+00:00 01750852c1e9983b9d59a73d412101b4e0eb81a1 cifs.upcall calls smb_krb5_unparse_name with a NULL talloc context. Older versions of this function though will conditionally use SMB_REALLOC instead of TALLOC_REALLOC when a NULL context is passed in. To make it more consistent, just spawn a talloc context that we can pass into this function. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=565446 https://bugzilla.samba.org/show_bug.cgi?id=6868 Reported-by: Ludek Finstrle <luf@seznam.cz> Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Günther Deschner <gd@samba.org> (cherry picked from commit a8cc2fa09ed43a167f62711bef363a5ac335dc78) Fix bug #6868 (make bin/cifs.upcall fails). 
cifs.upcall calls smb_krb5_unparse_name with a NULL talloc context.
Older versions of this function though will conditionally use
SMB_REALLOC instead of TALLOC_REALLOC when a NULL context is passed
in. To make it more consistent, just spawn a talloc context that
we can pass into this function.

Resolves:
https://bugzilla.redhat.com/show_bug.cgi?id=565446
https://bugzilla.samba.org/show_bug.cgi?id=6868

Reported-by: Ludek Finstrle <luf@seznam.cz>
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Günther Deschner <gd@samba.org>
(cherry picked from commit a8cc2fa09ed43a167f62711bef363a5ac335dc78)

Fix bug #6868 (make bin/cifs.upcall fails).
s3-kerberos: only use krb5 headers where required. 2009-11-30T11:22:00+00:00 Günther Deschner gd@samba.org 2009-11-27T14:52:57+00:00 da926c1249705b95344730539c64111876955151 This seems to be the only way to deal with mixed heimdal/MIT setups during merged build. Guenther (cherry picked from commit 04f8c229de7ffad5f4ec1a0bb68c2c8b4ccf4e15) 
This seems to be the only way to deal with mixed heimdal/MIT setups during
merged build.

Guenther
(cherry picked from commit 04f8c229de7ffad5f4ec1a0bb68c2c8b4ccf4e15)
cifs.upcall: 2nd part of fix for Bug #6868: support building with Heimdal we well as with MIT. 2009-11-25T20:43:31+00:00 Günther Deschner gd@samba.org 2009-11-25T14:06:19+00:00 9e2f7070cf0eaf74297d565892edf5089756b124 Guenther (cherry picked from commit 660ee2e74523194e5f6b2b6428d76628beb74717) 
Guenther
(cherry picked from commit 660ee2e74523194e5f6b2b6428d76628beb74717)
cifs.upcall: Fix Bug #6868: support building with Heimdal we well as with MIT. 2009-11-12T09:25:27+00:00 Günther Deschner gd@samba.org 2009-11-11T23:52:38+00:00 1230faabf8d836b900cdb9848de9fc12a79155f3 Guenther (cherry picked from commit b29eed492f1c056adb0b53510be10e738276ca11) 
Guenther
(cherry picked from commit b29eed492f1c056adb0b53510be10e738276ca11)
s3-kerberos: modify cli_krb5_get_ticket to take a new impersonate_princ_s arg. 2009-11-06T12:38:55+00:00 Günther Deschner gd@samba.org 2008-10-13T15:29:22+00:00 ae4175e8a13e88fe7495af745d384b48f4f02784 Guenther (cherry picked from commit 60bf0eb60788a5d4dc5de24997c5efda64f2bd73) 
Guenther
(cherry picked from commit 60bf0eb60788a5d4dc5de24997c5efda64f2bd73)
mount.cifs: don't leak passwords with verbose option 2009-10-01T12:30:59+00:00 Jeff Layton jlayton@redhat.com 2009-09-25T11:07:40+00:00 54de6ac85eb81aecc8b44a500f374edb95bf6a3d When running mount.cifs with the --verbose option, it'll print out the option string that it passes to the kernel...including the mount password if there is one. Print a placeholder string instead to help ensure that this info can't be used for nefarious purposes. Also, the --verbose option printed the option string before it was completely assembled anyway. This patch should also make sure that the complete option string is printed out. Finally, strndup passwords passed in on the command line to ensure that they aren't shown by --verbose as well. Passwords used this way can never be truly kept private from other users on the machine of course, but it's simple enough to do it this way for completeness sake. Reported-by: Ronald Volgers <r.c.volgers@student.utwente.nl> Signed-off-by: Jeff Layton <jlayton@redhat.com> Acked-by: Steve French <sfrench@us.ibm.com> 
When running mount.cifs with the --verbose option, it'll print out the
option string that it passes to the kernel...including the mount
password if there is one. Print a placeholder string instead to help
ensure that this info can't be used for nefarious purposes.

Also, the --verbose option printed the option string before it was
completely assembled anyway. This patch should also make sure that
the complete option string is printed out.

Finally, strndup passwords passed in on the command line to ensure that
they aren't shown by --verbose as well. Passwords used this way can
never be truly kept private from other users on the machine of course,
but it's simple enough to do it this way for completeness sake.

Reported-by: Ronald Volgers <r.c.volgers@student.utwente.nl>
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Acked-by: Steve French <sfrench@us.ibm.com>