diff --git a/.gitignore b/.gitignore index 96913ca..cd6fd99 100644 --- a/.gitignore +++ b/.gitignore @@ -18,3 +18,4 @@ cifs-utils-4.6.tar.bz2 /cifs-utils-6.1.tar.bz2 /cifs-utils-6.2.tar.bz2 /cifs-utils-6.3.tar.bz2 +/cifs-utils-6.4.tar.bz2 diff --git a/0001-autoconf-allow-PAM-security-install-directory-to-be-.patch b/0001-autoconf-allow-PAM-security-install-directory-to-be-.patch deleted file mode 100644 index 0c09626..0000000 --- a/0001-autoconf-allow-PAM-security-install-directory-to-be-.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 00a1cee869fce5b6aa79683da19a2529c2cfd690 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Lars=20M=C3=BCller?= -Date: Mon, 7 Apr 2014 14:35:10 -0400 -Subject: [PATCH] autoconf: allow PAM security install directory to be - configurable - -Allow the pam module install directory to be set at build time. - -Signed-off-by: Jeff Layton ---- - Makefile.am | 2 -- - configure.ac | 6 ++++++ - 2 files changed, 6 insertions(+), 2 deletions(-) - -diff --git a/Makefile.am b/Makefile.am -index a3fb413..92da8b1 100644 ---- a/Makefile.am -+++ b/Makefile.am -@@ -92,8 +92,6 @@ idmapwb.8: idmapwb.8.in - endif - - if CONFIG_PAM --pamdir = $(libdir)/security -- - pam_PROGRAMS = pam_cifscreds.so - - pam_cifscreds.so: pam_cifscreds.c cifskey.c resolve_host.c util.c -diff --git a/configure.ac b/configure.ac -index 6cd8558..43aa55c 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -58,6 +58,12 @@ AC_ARG_WITH(idmap-plugin, - AC_DEFINE_UNQUOTED(IDMAP_PLUGIN_PATH, "$pluginpath", [Location of plugin that ID mapping infrastructure should use. (usually a symlink to real plugin)]) - AC_SUBST([pluginpath]) - -+AC_ARG_WITH(pamdir, -+ [AC_HELP_STRING([--with-pamdir=DIR],[Where to install the PAM module @<:@default=$(libdir)/security@:>@])], -+ pamdir=$withval, -+ pamdir="\$(libdir)/security") -+AC_SUBST([pamdir]) -+ - # check for ROOTSBINDIR environment var - if test -z $ROOTSBINDIR; then - ROOTSBINDIR="/sbin" --- -1.8.4.2 - diff --git a/0002-cifs-use-krb5_kt_default-to-determine-default-keytab.patch b/0002-cifs-use-krb5_kt_default-to-determine-default-keytab.patch deleted file mode 100644 index 6f683d5..0000000 --- a/0002-cifs-use-krb5_kt_default-to-determine-default-keytab.patch +++ /dev/null @@ -1,56 +0,0 @@ -From a016e18969d10e3c777f35fe21b1c1f8c1d70880 Mon Sep 17 00:00:00 2001 -From: Jeff Layton -Date: Mon, 7 Apr 2014 14:35:17 -0400 -Subject: [PATCH] cifs: use krb5_kt_default() to determine default keytab - location - -...don't assume that it's in /etc/krb5.keytab. - -Reported-by: Konstantin Lepikhov -Signed-off-by: Jeff Layton ---- - cifs.upcall.c | 13 +++++++++---- - 1 file changed, 9 insertions(+), 4 deletions(-) - -diff --git a/cifs.upcall.c b/cifs.upcall.c -index cc65824..e8544c2 100644 ---- a/cifs.upcall.c -+++ b/cifs.upcall.c -@@ -55,7 +55,6 @@ - #define CIFS_DEFAULT_KRB5_DIR "/tmp" - #define CIFS_DEFAULT_KRB5_USER_DIR "/run/user/%U" - #define CIFS_DEFAULT_KRB5_PREFIX "krb5cc" --#define CIFS_DEFAULT_KRB5_KEYTAB "/etc/krb5.keytab" - - #define MAX_CCNAME_LEN PATH_MAX + 5 - -@@ -205,9 +204,15 @@ init_cc_from_keytab(const char *keytab_name, const char *user) - goto icfk_cleanup; - } - -- ret = krb5_kt_resolve(context, keytab_name, &keytab); -+ if (keytab_name) -+ ret = krb5_kt_resolve(context, keytab_name, &keytab); -+ else -+ ret = krb5_kt_default(context, &keytab); -+ - if (ret) { -- syslog(LOG_DEBUG, "krb5_kt_resolve: %d", (int)ret); -+ syslog(LOG_DEBUG, "%s: %d", -+ keytab_name ? "krb5_kt_resolve" : "krb5_kt_default", -+ (int)ret); - goto icfk_cleanup; - } - -@@ -841,7 +846,7 @@ int main(const int argc, char *const argv[]) - struct decoded_args arg; - const char *oid; - uid_t uid; -- char *keytab_name = CIFS_DEFAULT_KRB5_KEYTAB; -+ char *keytab_name = NULL; - time_t best_time = 0; - - hostbuf[0] = '\0'; --- -1.8.4.2 - diff --git a/0003-cifskey-better-use-snprintf.patch b/0003-cifskey-better-use-snprintf.patch deleted file mode 100644 index bea3603..0000000 --- a/0003-cifskey-better-use-snprintf.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 0c521d5060035da655107001374e08873ac5dde8 Mon Sep 17 00:00:00 2001 -From: Sebastian Krahmer -Date: Mon, 14 Apr 2014 11:39:41 +0200 -Subject: [PATCH] cifskey: better use snprintf() - -Prefer snprintf() over sprintf() in cifskey.c -Projects that fork the code (pam_cifscreds) can't rely on -the max-size parameters. - -[jlayton: removed unneeded initialization of "len" in key_add] - -Signed-off-by: Sebastian Krahmer ---- - cifskey.c | 10 +++++++--- - 1 file changed, 7 insertions(+), 3 deletions(-) - -diff --git a/cifskey.c b/cifskey.c -index 7716c42..e89cacf 100644 ---- a/cifskey.c -+++ b/cifskey.c -@@ -29,7 +29,8 @@ key_search(const char *addr, char keytype) - { - char desc[INET6_ADDRSTRLEN + sizeof(KEY_PREFIX) + 4]; - -- sprintf(desc, "%s:%c:%s", KEY_PREFIX, keytype, addr); -+ if (snprintf(desc, sizeof(desc), "%s:%c:%s", KEY_PREFIX, keytype, addr) >= (int)sizeof(desc)) -+ return -1; - - return keyctl_search(DEST_KEYRING, CIFS_KEY_TYPE, desc, 0); - } -@@ -43,10 +44,13 @@ key_add(const char *addr, const char *user, const char *pass, char keytype) - char val[MOUNT_PASSWD_SIZE + MAX_USERNAME_SIZE + 2]; - - /* set key description */ -- sprintf(desc, "%s:%c:%s", KEY_PREFIX, keytype, addr); -+ if (snprintf(desc, sizeof(desc), "%s:%c:%s", KEY_PREFIX, keytype, addr) >= (int)sizeof(desc)) -+ return -1; - - /* set payload contents */ -- len = sprintf(val, "%s:%s", user, pass); -+ len = snprintf(val, sizeof(val), "%s:%s", user, pass); -+ if (len >= (int)sizeof(val)) -+ return -1; - - return add_key(CIFS_KEY_TYPE, desc, val, len + 1, DEST_KEYRING); - } --- -1.8.4.2 - diff --git a/0004-cifscreds-better-error-handling-when-key_search-fail.patch b/0004-cifscreds-better-error-handling-when-key_search-fail.patch deleted file mode 100644 index cf57eea..0000000 --- a/0004-cifscreds-better-error-handling-when-key_search-fail.patch +++ /dev/null @@ -1,85 +0,0 @@ -From 3da4c43b575498be86c87a2ac3f3142e3cab1c59 Mon Sep 17 00:00:00 2001 -From: Jeff Layton -Date: Sun, 20 Apr 2014 20:41:05 -0400 -Subject: [PATCH] cifscreds: better error handling when key_search fails - -If we ended up getting a bogus string that would have overflowed, then -make key_search set errno to EINVAL before returning. The callers can -then test to see if the returned error is what was expected or something -else and handle it appropriately. - -Cc: Sebastian Krahmer -Signed-off-by: Jeff Layton ---- - cifscreds.c | 9 +++++++++ - cifskey.c | 5 ++++- - pam_cifscreds.c | 9 +++++++++ - 3 files changed, 22 insertions(+), 1 deletion(-) - -diff --git a/cifscreds.c b/cifscreds.c -index fa05dc8..64d55b0 100644 ---- a/cifscreds.c -+++ b/cifscreds.c -@@ -188,6 +188,15 @@ static int cifscreds_add(struct cmdarg *arg) - return EXIT_FAILURE; - } - -+ switch(errno) { -+ case ENOKEY: -+ /* success */ -+ break; -+ default: -+ printf("Key search failed: %s\n", strerror(errno)); -+ return EXIT_FAILURE; -+ } -+ - currentaddress = nextaddress; - if (currentaddress) { - *(currentaddress - 1) = ','; -diff --git a/cifskey.c b/cifskey.c -index e89cacf..4f01ed0 100644 ---- a/cifskey.c -+++ b/cifskey.c -@@ -20,6 +20,7 @@ - #include - #include - #include -+#include - #include "cifskey.h" - #include "resolve_host.h" - -@@ -29,8 +30,10 @@ key_search(const char *addr, char keytype) - { - char desc[INET6_ADDRSTRLEN + sizeof(KEY_PREFIX) + 4]; - -- if (snprintf(desc, sizeof(desc), "%s:%c:%s", KEY_PREFIX, keytype, addr) >= (int)sizeof(desc)) -+ if (snprintf(desc, sizeof(desc), "%s:%c:%s", KEY_PREFIX, keytype, addr) >= (int)sizeof(desc)) { -+ errno = EINVAL; - return -1; -+ } - - return keyctl_search(DEST_KEYRING, CIFS_KEY_TYPE, desc, 0); - } -diff --git a/pam_cifscreds.c b/pam_cifscreds.c -index e0d8a55..fb23117 100644 ---- a/pam_cifscreds.c -+++ b/pam_cifscreds.c -@@ -206,6 +206,15 @@ static int cifscreds_pam_add(pam_handle_t *ph, const char *user, const char *pas - return PAM_SERVICE_ERR; - } - -+ switch(errno) { -+ case ENOKEY: -+ break; -+ default: -+ pam_syslog(ph, LOG_ERR, "Unable to search keyring for %s (%s)", -+ currentaddress, strerror(errno)); -+ return PAM_SERVICE_ERR; -+ } -+ - currentaddress = nextaddress; - if (currentaddress) { - *(currentaddress - 1) = ','; --- -1.8.4.2 - diff --git a/0005-cifscreds-better-error-handling-for-key_add.patch b/0005-cifscreds-better-error-handling-for-key_add.patch deleted file mode 100644 index 3baedd6..0000000 --- a/0005-cifscreds-better-error-handling-for-key_add.patch +++ /dev/null @@ -1,102 +0,0 @@ -From 382ec63757c1d8d4d399d17ccc927c4897d4cfc9 Mon Sep 17 00:00:00 2001 -From: Jeff Layton -Date: Sun, 20 Apr 2014 20:41:05 -0400 -Subject: [PATCH] cifscreds: better error handling for key_add - -If the string buffers would have been overrun, set errno to EINVAL -before returning. Then, have the callers report the errors to -stderr or syslog as appropriate. - -Cc: Sebastian Krahmer -Signed-off-by: Jeff Layton ---- - cifscreds.c | 6 +++--- - cifskey.c | 8 ++++++-- - pam_cifscreds.c | 9 +++++---- - 3 files changed, 14 insertions(+), 9 deletions(-) - -diff --git a/cifscreds.c b/cifscreds.c -index 64d55b0..5d84c3c 100644 ---- a/cifscreds.c -+++ b/cifscreds.c -@@ -220,8 +220,8 @@ static int cifscreds_add(struct cmdarg *arg) - while (currentaddress) { - key_serial_t key = key_add(currentaddress, arg->user, pass, arg->keytype); - if (key <= 0) { -- fprintf(stderr, "error: Add credential key for %s\n", -- currentaddress); -+ fprintf(stderr, "error: Add credential key for %s: %s\n", -+ currentaddress, strerror(errno)); - } else { - if (keyctl(KEYCTL_SETPERM, key, CIFS_KEY_PERMS) < 0) { - fprintf(stderr, "error: Setting permissons " -@@ -422,7 +422,7 @@ static int cifscreds_update(struct cmdarg *arg) - key_serial_t key = key_add(addrs[id], arg->user, pass, arg->keytype); - if (key <= 0) - fprintf(stderr, "error: Update credential key " -- "for %s\n", addrs[id]); -+ "for %s: %s\n", addrs[id], strerror(errno)); - } - - return EXIT_SUCCESS; -diff --git a/cifskey.c b/cifskey.c -index 4f01ed0..919540f 100644 ---- a/cifskey.c -+++ b/cifskey.c -@@ -47,13 +47,17 @@ key_add(const char *addr, const char *user, const char *pass, char keytype) - char val[MOUNT_PASSWD_SIZE + MAX_USERNAME_SIZE + 2]; - - /* set key description */ -- if (snprintf(desc, sizeof(desc), "%s:%c:%s", KEY_PREFIX, keytype, addr) >= (int)sizeof(desc)) -+ if (snprintf(desc, sizeof(desc), "%s:%c:%s", KEY_PREFIX, keytype, addr) >= (int)sizeof(desc)) { -+ errno = EINVAL; - return -1; -+ } - - /* set payload contents */ - len = snprintf(val, sizeof(val), "%s:%s", user, pass); -- if (len >= (int)sizeof(val)) -+ if (len >= (int)sizeof(val)) { -+ errno = EINVAL; - return -1; -+ } - - return add_key(CIFS_KEY_TYPE, desc, val, len + 1, DEST_KEYRING); - } -diff --git a/pam_cifscreds.c b/pam_cifscreds.c -index fb23117..5d99c2d 100644 ---- a/pam_cifscreds.c -+++ b/pam_cifscreds.c -@@ -208,6 +208,7 @@ static int cifscreds_pam_add(pam_handle_t *ph, const char *user, const char *pas - - switch(errno) { - case ENOKEY: -+ /* success */ - break; - default: - pam_syslog(ph, LOG_ERR, "Unable to search keyring for %s (%s)", -@@ -233,8 +234,8 @@ static int cifscreds_pam_add(pam_handle_t *ph, const char *user, const char *pas - while (currentaddress) { - key_serial_t key = key_add(currentaddress, user, password, keytype); - if (key <= 0) { -- pam_syslog(ph, LOG_ERR, "error: Add credential key for %s", -- currentaddress); -+ pam_syslog(ph, LOG_ERR, "error: Add credential key for %s: %s", -+ currentaddress, strerror(errno)); - } else { - if ((args & ARG_DEBUG) == ARG_DEBUG) { - pam_syslog(ph, LOG_DEBUG, "credential key for \\\\%s\\%s added", -@@ -336,8 +337,8 @@ static int cifscreds_pam_update(pam_handle_t *ph, const char *user, const char * - for (id = 0; id < count; id++) { - key_serial_t key = key_add(currentaddress, user, password, keytype); - if (key <= 0) { -- pam_syslog(ph, LOG_ERR, "error: Update credential key for %s", -- currentaddress); -+ pam_syslog(ph, LOG_ERR, "error: Update credential key for %s: %s", -+ currentaddress, strerror(errno)); - } - } - --- -1.8.4.2 - diff --git a/cifs-utils.spec b/cifs-utils.spec index 64a8b9b..cf80898 100644 --- a/cifs-utils.spec +++ b/cifs-utils.spec @@ -2,8 +2,8 @@ %define pre_release %nil Name: cifs-utils -Version: 6.3 -Release: 3%{pre_release}%{?dist} +Version: 6.4 +Release: 1%{pre_release}%{?dist} Summary: Utilities for mounting and managing CIFS mounts Group: System Environment/Daemons @@ -18,11 +18,6 @@ Requires(post): /usr/sbin/alternatives Requires(preun): /usr/sbin/alternatives Source0: ftp://ftp.samba.org/pub/linux-cifs/cifs-utils/%{name}-%{version}%{pre_release}.tar.bz2 -Patch0: 0001-autoconf-allow-PAM-security-install-directory-to-be-.patch -Patch1: 0002-cifs-use-krb5_kt_default-to-determine-default-keytab.patch -Patch2: 0003-cifskey-better-use-snprintf.patch -Patch3: 0004-cifscreds-better-error-handling-when-key_search-fail.patch -Patch4: 0005-cifscreds-better-error-handling-for-key_add.patch %description The SMB/CIFS protocol is a standard file sharing protocol widely deployed @@ -57,11 +52,6 @@ provide these credentials to the kernel automatically at login. %prep %setup -q -n %{name}-%{version}%{pre_release} -%patch0 -p1 -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 -%patch4 -p1 %build autoreconf -i @@ -116,6 +106,9 @@ fi %{_mandir}/man8/pam_cifscreds.8.gz %changelog +* Mon Aug 04 2014 Sachin Prabhu - 6.4-1 +- update to 6.4 release + * Sat Jun 07 2014 Fedora Release Engineering - 6.3-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild diff --git a/sources b/sources index c5b689b..1c5b3ba 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -93697dbc043cb4d5c66e15e281f872e5 cifs-utils-6.3.tar.bz2 +b7d75b67fd3987952896d27256c7293d cifs-utils-6.4.tar.bz2