Compare commits
No commits in common. "c8" and "c10s" have entirely different histories.
@ -1 +0,0 @@
|
|||||||
9df055a73d89ed3d536828d0cea304c9e04139d4 SOURCES/cifs-utils-7.0.tar.bz2
|
|
33
.gitignore
vendored
33
.gitignore
vendored
@ -1 +1,32 @@
|
|||||||
SOURCES/cifs-utils-7.0.tar.bz2
|
cifs-utils-4.5.tar.bz2
|
||||||
|
cifs-utils-4.6.tar.bz2
|
||||||
|
/cifs-utils-4.7.tar.bz2
|
||||||
|
/cifs-utils-4.8.tar.bz2
|
||||||
|
/cifs-utils-4.8.1.tar.bz2
|
||||||
|
/cifs-utils-4.9.tar.bz2
|
||||||
|
/cifs-utils-5.0.tar.bz2
|
||||||
|
/cifs-utils-5.1.tar.bz2
|
||||||
|
/cifs-utils-5.2.tar.bz2
|
||||||
|
/cifs-utils-5.3.tar.bz2
|
||||||
|
/cifs-utils-5.4.tar.bz2
|
||||||
|
/cifs-utils-5.5.tar.bz2
|
||||||
|
/cifs-utils-5.6.tar.bz2
|
||||||
|
/cifs-utils-5.7.tar.bz2
|
||||||
|
/cifs-utils-5.8.tar.bz2
|
||||||
|
/cifs-utils-5.9.tar.bz2
|
||||||
|
/cifs-utils-6.0.tar.bz2
|
||||||
|
/cifs-utils-6.1.tar.bz2
|
||||||
|
/cifs-utils-6.2.tar.bz2
|
||||||
|
/cifs-utils-6.3.tar.bz2
|
||||||
|
/cifs-utils-6.4.tar.bz2
|
||||||
|
/cifs-utils-6.5.tar.bz2
|
||||||
|
/cifs-utils-6.6.tar.bz2
|
||||||
|
/cifs-utils-6.7.tar.bz2
|
||||||
|
/cifs-utils-6.8.tar.bz2
|
||||||
|
/cifs-utils-6.9.tar.bz2
|
||||||
|
/cifs-utils-6.11.tar.bz2
|
||||||
|
/cifs-utils-6.13.tar.bz2
|
||||||
|
/cifs-utils-6.14.tar.bz2
|
||||||
|
/cifs-utils-6.15.tar.bz2
|
||||||
|
/cifs-utils-7.0.tar.bz2
|
||||||
|
/cifs-utils-7.1.tar.bz2
|
||||||
|
@ -1,55 +0,0 @@
|
|||||||
From 17162396d9ace9396c27826f1c62719186e29ae9 Mon Sep 17 00:00:00 2001
|
|
||||||
From: =?UTF-8?q?Pavel=20Filipensk=C3=BD?= <pfilipensky@samba.org>
|
|
||||||
Date: Fri, 20 Jan 2023 20:53:44 +0100
|
|
||||||
Subject: [PATCH] Use explicit #!/usr/bin/python3
|
|
||||||
|
|
||||||
---
|
|
||||||
checkopts | 2 +-
|
|
||||||
smb2-quota | 2 +-
|
|
||||||
smb2-secdesc | 2 +-
|
|
||||||
smbinfo | 2 +-
|
|
||||||
4 files changed, 4 insertions(+), 4 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/checkopts b/checkopts
|
|
||||||
index 88e70b1..00c4cfd 100755
|
|
||||||
--- a/checkopts
|
|
||||||
+++ b/checkopts
|
|
||||||
@@ -1,4 +1,4 @@
|
|
||||||
-#!/usr/bin/env python3
|
|
||||||
+#!/usr/bin/python3
|
|
||||||
#
|
|
||||||
# Script to check for inconsistencies between documented mount options
|
|
||||||
# and implemented kernel options.
|
|
||||||
diff --git a/smb2-quota b/smb2-quota
|
|
||||||
index 6d0b8a3..49207c7 100755
|
|
||||||
--- a/smb2-quota
|
|
||||||
+++ b/smb2-quota
|
|
||||||
@@ -1,4 +1,4 @@
|
|
||||||
-#!/usr/bin/env python
|
|
||||||
+#!/usr/bin/python3
|
|
||||||
# coding: utf-8
|
|
||||||
#
|
|
||||||
# smb2-quota is a cmdline tool to display quota information for the
|
|
||||||
diff --git a/smb2-secdesc b/smb2-secdesc
|
|
||||||
index 5886091..534dd92 100755
|
|
||||||
--- a/smb2-secdesc
|
|
||||||
+++ b/smb2-secdesc
|
|
||||||
@@ -1,4 +1,4 @@
|
|
||||||
-#!/usr/bin/env python
|
|
||||||
+#!/usr/bin/python3
|
|
||||||
# coding: utf-8
|
|
||||||
|
|
||||||
import array
|
|
||||||
diff --git a/smbinfo b/smbinfo
|
|
||||||
index 73c5bb3..766024e 100755
|
|
||||||
--- a/smbinfo
|
|
||||||
+++ b/smbinfo
|
|
||||||
@@ -1,4 +1,4 @@
|
|
||||||
-#!/usr/bin/env python3
|
|
||||||
+#!/usr/bin/python3
|
|
||||||
# -*- coding: utf-8 -*-
|
|
||||||
#
|
|
||||||
# smbinfo is a cmdline tool to query SMB-specific file and fs
|
|
||||||
--
|
|
||||||
2.38.1
|
|
||||||
|
|
@ -1,150 +1,86 @@
|
|||||||
#% define pre_release rc1
|
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 7.0-5
|
||||||
%define pre_release %nil
|
- Bump release for June 2024 mass rebuild
|
||||||
|
|
||||||
Name: cifs-utils
|
* Tue Jan 23 2024 Fedora Release Engineering <releng@fedoraproject.org> - 7.0-4
|
||||||
Version: 7.0
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
|
||||||
Release: 1%{pre_release}%{?dist}
|
|
||||||
Summary: Utilities for mounting and managing CIFS mounts
|
|
||||||
|
|
||||||
Group: System Environment/Daemons
|
* Fri Jan 19 2024 Fedora Release Engineering <releng@fedoraproject.org> - 7.0-3
|
||||||
License: GPLv3
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
|
||||||
URL: http://linux-cifs.samba.org/cifs-utils/
|
|
||||||
|
|
||||||
BuildRequires: libcap-ng-devel libtalloc-devel krb5-devel keyutils-libs-devel autoconf automake libwbclient-devel pam-devel
|
* Wed Jul 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 7.0-2
|
||||||
BuildRequires: python3-docutils
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
|
||||||
|
|
||||||
Requires: keyutils
|
* Thu Feb 23 2023 Pavel Filipenský <pfilipen@redhat.com> - 7.0-1
|
||||||
Requires(post): /usr/sbin/alternatives
|
- SPDX migration
|
||||||
Requires(preun): /usr/sbin/alternatives
|
|
||||||
|
|
||||||
Source0: https://download.samba.org/pub/linux-cifs/cifs-utils/%{name}-%{version}.tar.bz2
|
* Wed Feb 01 2023 Pavel Filipenský <pfilipen@redhat.com> - 7.0-1
|
||||||
Patch1: 0001-Use-explicit-usr-bin-python3.patch
|
- Upstream release 7.0
|
||||||
|
|
||||||
%description
|
* Wed Jan 18 2023 Fedora Release Engineering <releng@fedoraproject.org> - 6.15-3
|
||||||
The SMB/CIFS protocol is a standard file sharing protocol widely deployed
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
|
||||||
on Microsoft Windows machines. This package contains tools for mounting
|
|
||||||
shares on Linux using the SMB/CIFS protocol. The tools in this package
|
|
||||||
work in conjunction with support in the kernel to allow one to mount a
|
|
||||||
SMB/CIFS share onto a client and use it as if it were a standard Linux
|
|
||||||
file system.
|
|
||||||
|
|
||||||
%package devel
|
* Wed Jul 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 6.15-2
|
||||||
Summary: Files needed for building plugins for cifs-utils
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
|
||||||
Group: Development/Libraries
|
|
||||||
|
|
||||||
%description devel
|
* Sat Apr 30 2022 Alexander Bokovoy <abokovoy@redhat.com> - 6.15-1
|
||||||
The SMB/CIFS protocol is a standard file sharing protocol widely deployed
|
- Upstream release 6.15
|
||||||
on Microsoft Windows machines. This package contains the header file
|
- CVE-2022-27239: mount.cifs: fix length check for ip option parsing
|
||||||
necessary for building ID mapping plugins for cifs-utils.
|
- CVE-2022-29869: mount.cifs: fix verbose messages on option parsing
|
||||||
|
- Fixes: rhbz#2080525
|
||||||
|
|
||||||
%package -n pam_cifscreds
|
|
||||||
Summary: PAM module to manage NTLM credentials in kernel keyring
|
|
||||||
Group: System Environment/Base
|
|
||||||
|
|
||||||
%description -n pam_cifscreds
|
* Wed Feb 02 2022 Alexander Bokovoy <abokovoy@redhat.com> - 6.14-1
|
||||||
The pam_cifscreds PAM module is a tool for automatically adding
|
- Upstream release 6.14
|
||||||
credentials (username and password) for the purpose of establishing
|
|
||||||
sessions in multiuser mounts.
|
|
||||||
|
|
||||||
When a cifs filesystem is mounted with the "multiuser" option, and does
|
* Wed Jan 19 2022 Fedora Release Engineering <releng@fedoraproject.org> - 6.13-4
|
||||||
not use krb5 authentication, it needs to be able to get the credentials
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
|
||||||
for each user from somewhere. The pam_cifscreds module can be used to
|
|
||||||
provide these credentials to the kernel automatically at login.
|
|
||||||
|
|
||||||
%prep
|
* Thu Sep 23 2021 Bruno Wolff III <bruno@wolff.to> - 6.13-3
|
||||||
%setup -q -n %{name}-%{version}%{pre_release}
|
- Actually use the patches
|
||||||
%patch1 -p1
|
|
||||||
|
|
||||||
%build
|
* Thu Sep 23 2021 Bruno Wolff III <bruno@wolff.to> - 6.13-2
|
||||||
autoreconf -i
|
- Pull in a couple of upstream fixes slotted for the next release
|
||||||
%configure --prefix=/usr ROOTSBINDIR=%{_sbindir}
|
- fix regression in kerberos mount
|
||||||
make %{?_smp_mflags}
|
- fix crash when mount point does not exist
|
||||||
|
|
||||||
%install
|
* Wed Sep 22 2021 Bruno Wolff III <bruno@wolff.to> - 6.13-1
|
||||||
rm -rf %{buildroot}
|
- Fix for CVE-2021-20208: cifs.upcall kerberos auth leak in container
|
||||||
make install DESTDIR=%{buildroot}
|
- get/setcifsacl tools are improved to support changing owner, group and SACLs
|
||||||
mkdir -p %{buildroot}%{_sysconfdir}/%{name}
|
|
||||||
mkdir -p %{buildroot}%{_sysconfdir}/request-key.d
|
|
||||||
install -m 644 contrib/request-key.d/cifs.idmap.conf %{buildroot}%{_sysconfdir}/request-key.d
|
|
||||||
install -m 644 contrib/request-key.d/cifs.spnego.conf %{buildroot}%{_sysconfdir}/request-key.d
|
|
||||||
|
|
||||||
%files
|
* Wed Jul 21 2021 Fedora Release Engineering <releng@fedoraproject.org> - 6.11-4
|
||||||
%defattr(-,root,root,-)
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
|
||||||
%doc
|
|
||||||
%{_bindir}/getcifsacl
|
|
||||||
%{_bindir}/setcifsacl
|
|
||||||
%{_bindir}/cifscreds
|
|
||||||
%{_bindir}/smbinfo
|
|
||||||
%{_bindir}/smb2-quota
|
|
||||||
%{_sbindir}/mount.cifs
|
|
||||||
%{_sbindir}/mount.smb3
|
|
||||||
%{_sbindir}/cifs.upcall
|
|
||||||
%{_sbindir}/cifs.idmap
|
|
||||||
%dir %{_libdir}/%{name}
|
|
||||||
%{_libdir}/%{name}/idmapwb.so
|
|
||||||
%{_mandir}/man1/getcifsacl.1.gz
|
|
||||||
%{_mandir}/man1/setcifsacl.1.gz
|
|
||||||
%{_mandir}/man1/cifscreds.1.gz
|
|
||||||
%{_mandir}/man1/smbinfo.1.gz
|
|
||||||
%{_mandir}/man1/smb2-quota.1.gz
|
|
||||||
%{_mandir}/man8/cifs.upcall.8.gz
|
|
||||||
%{_mandir}/man8/cifs.idmap.8.gz
|
|
||||||
%{_mandir}/man8/mount.cifs.8.gz
|
|
||||||
%{_mandir}/man8/mount.smb3.8.gz
|
|
||||||
%{_mandir}/man8/idmapwb.8.gz
|
|
||||||
%dir %{_sysconfdir}/cifs-utils
|
|
||||||
%ghost %{_sysconfdir}/cifs-utils/idmap-plugin
|
|
||||||
%config(noreplace) %{_sysconfdir}/request-key.d/cifs.idmap.conf
|
|
||||||
%config(noreplace) %{_sysconfdir}/request-key.d/cifs.spnego.conf
|
|
||||||
|
|
||||||
%post
|
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 6.11-3
|
||||||
/usr/sbin/alternatives --install /etc/cifs-utils/idmap-plugin cifs-idmap-plugin %{_libdir}/%{name}/idmapwb.so 10
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
||||||
|
|
||||||
%preun
|
* Fri Dec 18 2020 Jonathan Lebon <jonathan@jlebon.com> - 6.11-2
|
||||||
if [ $1 = 0 ]; then
|
- Split out -info subpackage for smb2-quota and smbinfo
|
||||||
/usr/sbin/alternatives --remove cifs-idmap-plugin %{_libdir}/%{name}/idmapwb.so
|
https://bugzilla.redhat.com/show_bug.cgi?id=1909288
|
||||||
fi
|
|
||||||
|
|
||||||
%files devel
|
* Mon Nov 02 2020 Alexander Bokovoy <abokovoy@redhat.com> - 6.11-1
|
||||||
%{_includedir}/cifsidmap.h
|
- Update to v6.11 release
|
||||||
|
- Resolves: rhbz#1876400 - CVE-2020-14342 - cifs-utils: shell command injection
|
||||||
|
|
||||||
%files -n pam_cifscreds
|
* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 6.9-4
|
||||||
%{_libdir}/security/pam_cifscreds.so
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||||
%{_mandir}/man8/pam_cifscreds.8.gz
|
|
||||||
|
|
||||||
%changelog
|
* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 6.9-3
|
||||||
* Mon Jan 30 2023 Pavel Filipenský <pfilipen@redhat.com> - 7.0-1
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
||||||
- Update to cifs-utils-7.0
|
|
||||||
- Resolves: rhbz#2163373
|
|
||||||
|
|
||||||
* Thu Dec 12 2019 Sachin Prabhu <sprabhu@redhat.com> - 6.8-3
|
* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 6.9-2
|
||||||
- Add manual gating tests
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
||||||
- docs: cleanup rst formating
|
|
||||||
- mount.cifs.rst: document new (no)handlecache mount option
|
|
||||||
- manpage: update mount.cifs manpage with info about rdma option
|
|
||||||
- checkopts: add python script to cross check mount options
|
|
||||||
- mount.cifs.rst: document missing options, correct wrong ones
|
|
||||||
- checkopts: report duplicated options in man page
|
|
||||||
- mount.cifs.rst: more cleanups
|
|
||||||
- mount.cifs.rst: document vers=3 mount option
|
|
||||||
- mount.cifs.rst: document vers=3.02 mount option
|
|
||||||
- cifs: Allow DNS resolver key to expire
|
|
||||||
- mount.cifs: be more verbose and helpful regarding mount errors
|
|
||||||
- Update mount.cifs with vers=default mount option and SMBv3.0.2
|
|
||||||
- mount.cifs.rst: update vers=3.1.1 option description
|
|
||||||
- getcifsacl: Do not go to parse_sec_desc if getxattr fails.
|
|
||||||
- getcifsacl: Improve help usage and add -h option.
|
|
||||||
- setcifsacl: fix adding ACE when owner sid in unexpected location
|
|
||||||
- cifs.upcall: fix a compiler warning
|
|
||||||
- mount.cifs Add various missing parms from the help text
|
|
||||||
- mount.cifs: add more options to help message
|
|
||||||
- mount.cifs: detect GMT format of snapshot version
|
|
||||||
- Update man page for mount.cifs to add new options
|
|
||||||
- mount.cifs.rst: mention kernel version for snapshots
|
|
||||||
- Fix authors and maintainers
|
|
||||||
|
|
||||||
* Tue Jul 17 2018 Alexander Bokovoy <abokovoy@redhat.com> - 6.8-2
|
* Sun Apr 21 2019 Jeff Layton <jlayton@redhat.com>- 6.9-1
|
||||||
- Use Python 3 version of rst2man utility for generating man pages
|
- Update to v6.9 release
|
||||||
|
|
||||||
|
* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 6.8-4
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
||||||
|
|
||||||
|
* Tue Jul 17 2018 Alexander Bokovoy <abokovoy@redhat.com> - 6.8-3
|
||||||
|
- Use Python 3 version of rst2man
|
||||||
|
|
||||||
|
* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 6.8-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
||||||
|
|
||||||
* Tue Apr 10 2018 Fedora Release Engineering <releng@fedoraproject.org> - 6.8-1
|
* Tue Apr 10 2018 Fedora Release Engineering <releng@fedoraproject.org> - 6.8-1
|
||||||
- update to 6.8 release
|
- update to 6.8 release
|
||||||
@ -394,4 +330,3 @@ fi
|
|||||||
|
|
||||||
* Mon Feb 08 2010 Jeff Layton <jlayton@redhat.com> 4.0a1-1
|
* Mon Feb 08 2010 Jeff Layton <jlayton@redhat.com> 4.0a1-1
|
||||||
- first RPM package build
|
- first RPM package build
|
||||||
|
|
134
cifs-utils.spec
Normal file
134
cifs-utils.spec
Normal file
@ -0,0 +1,134 @@
|
|||||||
|
#% define pre_release rc1
|
||||||
|
%define pre_release %nil
|
||||||
|
|
||||||
|
%global bash_completion_dir %(pkg-config --variable=completionsdir bash-completion || echo /etc/bash_completion.d)
|
||||||
|
|
||||||
|
Name: cifs-utils
|
||||||
|
Version: 7.1
|
||||||
|
Release: %autorelease
|
||||||
|
Summary: Utilities for mounting and managing CIFS mounts
|
||||||
|
|
||||||
|
License: GPL-3.0-only
|
||||||
|
URL: http://linux-cifs.samba.org/cifs-utils/
|
||||||
|
|
||||||
|
BuildRequires: gcc
|
||||||
|
BuildRequires: libcap-ng-devel libtalloc-devel krb5-devel keyutils-libs-devel autoconf automake libwbclient-devel pam-devel
|
||||||
|
BuildRequires: python3-docutils
|
||||||
|
BuildRequires: make
|
||||||
|
|
||||||
|
Requires: keyutils
|
||||||
|
Requires(post): /usr/sbin/alternatives
|
||||||
|
Requires(preun): /usr/sbin/alternatives
|
||||||
|
|
||||||
|
Recommends: %{name}-info%{?_isa} = %{version}-%{release}
|
||||||
|
|
||||||
|
Source0: https://download.samba.org/pub/linux-cifs/cifs-utils/%{name}-%{version}.tar.bz2
|
||||||
|
|
||||||
|
Patch0: smbinfo-bash-completion.patch
|
||||||
|
|
||||||
|
%description
|
||||||
|
The SMB/CIFS protocol is a standard file sharing protocol widely deployed
|
||||||
|
on Microsoft Windows machines. This package contains tools for mounting
|
||||||
|
shares on Linux using the SMB/CIFS protocol. The tools in this package
|
||||||
|
work in conjunction with support in the kernel to allow one to mount a
|
||||||
|
SMB/CIFS share onto a client and use it as if it were a standard Linux
|
||||||
|
file system.
|
||||||
|
|
||||||
|
%package devel
|
||||||
|
Summary: Files needed for building plugins for cifs-utils
|
||||||
|
|
||||||
|
%description devel
|
||||||
|
The SMB/CIFS protocol is a standard file sharing protocol widely deployed
|
||||||
|
on Microsoft Windows machines. This package contains the header file
|
||||||
|
necessary for building ID mapping plugins for cifs-utils.
|
||||||
|
|
||||||
|
%package -n pam_cifscreds
|
||||||
|
Summary: PAM module to manage NTLM credentials in kernel keyring
|
||||||
|
|
||||||
|
%description -n pam_cifscreds
|
||||||
|
The pam_cifscreds PAM module is a tool for automatically adding
|
||||||
|
credentials (username and password) for the purpose of establishing
|
||||||
|
sessions in multiuser mounts.
|
||||||
|
|
||||||
|
When a cifs filesystem is mounted with the "multiuser" option, and does
|
||||||
|
not use krb5 authentication, it needs to be able to get the credentials
|
||||||
|
for each user from somewhere. The pam_cifscreds module can be used to
|
||||||
|
provide these credentials to the kernel automatically at login.
|
||||||
|
|
||||||
|
%prep
|
||||||
|
%autosetup -n %{name}-%{version}%{pre_release} -p1
|
||||||
|
|
||||||
|
%build
|
||||||
|
grep -F -r -l '/usr/bin/env python' | xargs --no-run-if-empty -n1 sed -i 's@/usr/bin/env python.*@%python3@g'
|
||||||
|
autoreconf -i
|
||||||
|
%configure --prefix=/usr ROOTSBINDIR=%{_sbindir}
|
||||||
|
make %{?_smp_mflags}
|
||||||
|
|
||||||
|
%install
|
||||||
|
rm -rf %{buildroot}
|
||||||
|
make install DESTDIR=%{buildroot}
|
||||||
|
mkdir -p %{buildroot}%{_sysconfdir}/%{name}
|
||||||
|
mkdir -p %{buildroot}%{_sysconfdir}/request-key.d
|
||||||
|
install -m 644 contrib/request-key.d/cifs.idmap.conf %{buildroot}%{_sysconfdir}/request-key.d
|
||||||
|
install -m 644 contrib/request-key.d/cifs.spnego.conf %{buildroot}%{_sysconfdir}/request-key.d
|
||||||
|
install -Dpm 644 bash-completion/smbinfo %{buildroot}%{_datadir}%{bash_completion_dir}/smbinfo
|
||||||
|
|
||||||
|
%files
|
||||||
|
%doc
|
||||||
|
%license COPYING
|
||||||
|
%{_bindir}/getcifsacl
|
||||||
|
%{_bindir}/setcifsacl
|
||||||
|
%{_bindir}/cifscreds
|
||||||
|
%{_sbindir}/mount.cifs
|
||||||
|
%{_sbindir}/mount.smb3
|
||||||
|
%{_sbindir}/cifs.upcall
|
||||||
|
%{_sbindir}/cifs.idmap
|
||||||
|
%dir %{_libdir}/%{name}
|
||||||
|
%{_libdir}/%{name}/idmapwb.so
|
||||||
|
%{_mandir}/man1/getcifsacl.*
|
||||||
|
%{_mandir}/man1/setcifsacl.*
|
||||||
|
%{_mandir}/man1/cifscreds.*
|
||||||
|
%{_mandir}/man8/cifs.upcall.*
|
||||||
|
%{_mandir}/man8/cifs.idmap.*
|
||||||
|
%{_mandir}/man8/mount.cifs.*
|
||||||
|
%{_mandir}/man8/mount.smb3.*
|
||||||
|
%{_mandir}/man8/idmapwb.*
|
||||||
|
%{_datadir}%{bash_completion_dir}/smbinfo
|
||||||
|
%dir %{_sysconfdir}/cifs-utils
|
||||||
|
%ghost %{_sysconfdir}/cifs-utils/idmap-plugin
|
||||||
|
%config(noreplace) %{_sysconfdir}/request-key.d/cifs.idmap.conf
|
||||||
|
%config(noreplace) %{_sysconfdir}/request-key.d/cifs.spnego.conf
|
||||||
|
|
||||||
|
%post
|
||||||
|
/usr/sbin/alternatives --install /etc/cifs-utils/idmap-plugin cifs-idmap-plugin %{_libdir}/%{name}/idmapwb.so 10
|
||||||
|
|
||||||
|
%preun
|
||||||
|
if [ $1 = 0 ]; then
|
||||||
|
/usr/sbin/alternatives --remove cifs-idmap-plugin %{_libdir}/%{name}/idmapwb.so
|
||||||
|
fi
|
||||||
|
|
||||||
|
%files devel
|
||||||
|
%{_includedir}/cifsidmap.h
|
||||||
|
|
||||||
|
%files -n pam_cifscreds
|
||||||
|
%{_libdir}/security/pam_cifscreds.so
|
||||||
|
%{_mandir}/man8/pam_cifscreds.8.gz
|
||||||
|
|
||||||
|
# This subpackage also serves the purpose of avoiding a Python dependency on
|
||||||
|
# the main package: https://bugzilla.redhat.com/show_bug.cgi?id=1909288.
|
||||||
|
%package info
|
||||||
|
Summary: Additional tools for querying information about CIFS mount
|
||||||
|
Requires: %{name}%{?_isa} = %{version}-%{release}
|
||||||
|
|
||||||
|
%description info
|
||||||
|
This subpackage includes additional tools for querying information
|
||||||
|
about CIFS mount.
|
||||||
|
|
||||||
|
%files info
|
||||||
|
%{_bindir}/smb2-quota
|
||||||
|
%{_bindir}/smbinfo
|
||||||
|
%{_mandir}/man1/smb2-quota.*
|
||||||
|
%{_mandir}/man1/smbinfo.*
|
||||||
|
|
||||||
|
%changelog
|
||||||
|
%autochangelog
|
6
gating.yaml
Normal file
6
gating.yaml
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
--- !Policy
|
||||||
|
product_versions:
|
||||||
|
- rhel-10
|
||||||
|
decision_context: osci_compose_gate
|
||||||
|
rules:
|
||||||
|
- !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}
|
40
mount-crash-fix.patch
Normal file
40
mount-crash-fix.patch
Normal file
@ -0,0 +1,40 @@
|
|||||||
|
diff --git a/mount.cifs.c b/mount.cifs.c
|
||||||
|
index 7f898bbd215a..84274c98ddf5 100644
|
||||||
|
--- a/mount.cifs.c
|
||||||
|
+++ b/mount.cifs.c
|
||||||
|
@@ -1996,9 +1996,9 @@ acquire_mountpoint(char **mountpointp)
|
||||||
|
*/
|
||||||
|
realuid = getuid();
|
||||||
|
if (realuid == 0) {
|
||||||
|
- dacrc = toggle_dac_capability(0, 1);
|
||||||
|
- if (dacrc)
|
||||||
|
- return dacrc;
|
||||||
|
+ rc = toggle_dac_capability(0, 1);
|
||||||
|
+ if (rc)
|
||||||
|
+ goto out;
|
||||||
|
} else {
|
||||||
|
oldfsuid = setfsuid(realuid);
|
||||||
|
oldfsgid = setfsgid(getgid());
|
||||||
|
@@ -2019,7 +2019,6 @@ acquire_mountpoint(char **mountpointp)
|
||||||
|
rc = EX_SYSERR;
|
||||||
|
}
|
||||||
|
|
||||||
|
- *mountpointp = mountpoint;
|
||||||
|
restore_privs:
|
||||||
|
if (realuid == 0) {
|
||||||
|
dacrc = toggle_dac_capability(0, 0);
|
||||||
|
@@ -2030,9 +2029,13 @@ restore_privs:
|
||||||
|
gid_t __attribute__((unused)) gignore = setfsgid(oldfsgid);
|
||||||
|
}
|
||||||
|
|
||||||
|
- if (rc)
|
||||||
|
+out:
|
||||||
|
+ if (rc) {
|
||||||
|
free(mountpoint);
|
||||||
|
+ mountpoint = NULL;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
+ *mountpointp = mountpoint;
|
||||||
|
return rc;
|
||||||
|
}
|
||||||
|
|
47
smbinfo-bash-completion.patch
Normal file
47
smbinfo-bash-completion.patch
Normal file
@ -0,0 +1,47 @@
|
|||||||
|
From d69d2129c6476afbcbbe8dc6e2ed17f233084d85 Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Pavel=20Filipensk=C3=BD?= <pfilipensky@samba.org>
|
||||||
|
Date: Mon, 7 Oct 2024 21:48:31 +0200
|
||||||
|
Subject: [PATCH] smbinfo: add bash completion support for filestreaminfo,
|
||||||
|
keys, gettconinfo
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
|
||||||
|
---
|
||||||
|
bash-completion/smbinfo | 9 ++++++---
|
||||||
|
1 file changed, 6 insertions(+), 3 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/bash-completion/smbinfo b/bash-completion/smbinfo
|
||||||
|
index d56b581..ec0d8a4 100644
|
||||||
|
--- a/bash-completion/smbinfo
|
||||||
|
+++ b/bash-completion/smbinfo
|
||||||
|
@@ -15,19 +15,22 @@ smb_info()
|
||||||
|
filemodeinfo
|
||||||
|
filepositioninfo
|
||||||
|
filestandardinfo
|
||||||
|
+ filestreaminfo
|
||||||
|
fsctl-getobjid
|
||||||
|
getcompression
|
||||||
|
setcompression
|
||||||
|
list-snapshots
|
||||||
|
quota
|
||||||
|
- secdesc"
|
||||||
|
+ secdesc
|
||||||
|
+ keys
|
||||||
|
+ gettconinfo"
|
||||||
|
case $prev in
|
||||||
|
'-v'|'-h')
|
||||||
|
return 0
|
||||||
|
;;
|
||||||
|
'fileaccessinfo'|'filealigninfo'|'fileallinfo'|'filebasicinfo'|'fileeainfo'|'filefsfullsizeinfo'|\
|
||||||
|
- 'fileinternalinfo'|'filemodeinfo'|'filepositioninfo'|'filestandardinfo'|'fsctl-getobjid'|\
|
||||||
|
- 'getcompression'|'setcompression'|'list-snapshots'|'quota'|'secdesc')
|
||||||
|
+ 'fileinternalinfo'|'filemodeinfo'|'filepositioninfo'|'filestandardinfo'|'filestreaminfo'|'fsctl-getobjid'|\
|
||||||
|
+ 'getcompression'|'setcompression'|'list-snapshots'|'quota'|'secdesc'|'keys'|'gettconinfo')
|
||||||
|
local IFS=$'\n'
|
||||||
|
compopt -o filenames
|
||||||
|
COMPREPLY=( $(compgen -f -o dirnames -- ${cur:-""}) )
|
||||||
|
--
|
||||||
|
2.46.1
|
||||||
|
|
1
sources
Normal file
1
sources
Normal file
@ -0,0 +1 @@
|
|||||||
|
SHA512 (cifs-utils-7.1.tar.bz2) = 9eda85b2767cd19c7f69843750450c3862596debf47f41d9ce07f3d7438225b700b260be9585d2f7c9962d3f4dd8434b1b647c9ba670962cf136ce7ad86f92ab
|
24
tests/sanity/runtest.sh
Executable file
24
tests/sanity/runtest.sh
Executable file
@ -0,0 +1,24 @@
|
|||||||
|
#!/usr/bin/bash
|
||||||
|
set -x
|
||||||
|
CIFS_SHARE=$PWD/cifs-share
|
||||||
|
CIFS_MNT=$PWD/cifs-mnt
|
||||||
|
mount.cifs -V
|
||||||
|
cp /etc/samba/smb.conf /etc/samba/smb.conf.bark
|
||||||
|
cat << __EOF__ >/etc/samba/smb.conf
|
||||||
|
[cifs]
|
||||||
|
path=$CIFS_SHARE
|
||||||
|
writeable=yes
|
||||||
|
__EOF__
|
||||||
|
|
||||||
|
testparm -s
|
||||||
|
mkdir -p $CIFS_SHARE $CIFS_MNT
|
||||||
|
chcon -t samba_share_t $CIFS_SHARE
|
||||||
|
setsebool -P samba_export_all_rw on
|
||||||
|
echo -e "redhat\nredhat" | smbpasswd -a root -s
|
||||||
|
systemctl start smb
|
||||||
|
sleep 5
|
||||||
|
mount //localhost/cifs $CIFS_MNT -o user=root,password=redhat
|
||||||
|
ls -l $CIFS_MNT
|
||||||
|
umount $CIFS_MNT
|
||||||
|
cp /etc/samba/smb.conf.bark /etc/samba/smb.conf
|
||||||
|
rm -rf $CIFS_SHARE $CIFS_MNT
|
16
tests/tests.yml
Normal file
16
tests/tests.yml
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
- hosts: localhost
|
||||||
|
roles:
|
||||||
|
- role: standard-test-basic
|
||||||
|
tags:
|
||||||
|
- classic
|
||||||
|
tests:
|
||||||
|
- simple:
|
||||||
|
dir: sanity
|
||||||
|
run: ./runtest.sh
|
||||||
|
required_packages:
|
||||||
|
- which
|
||||||
|
- samba
|
||||||
|
- samba-client
|
||||||
|
- coreutils
|
||||||
|
- policycoreutils
|
||||||
|
- systemd
|
429
upcall-fix.patch
Normal file
429
upcall-fix.patch
Normal file
@ -0,0 +1,429 @@
|
|||||||
|
diff --git a/cifs.upcall.c b/cifs.upcall.c
|
||||||
|
index e4139349fea7..ad0430157958 100644
|
||||||
|
--- a/cifs.upcall.c
|
||||||
|
+++ b/cifs.upcall.c
|
||||||
|
@@ -52,6 +52,9 @@
|
||||||
|
#include <stdbool.h>
|
||||||
|
#include <errno.h>
|
||||||
|
#include <sched.h>
|
||||||
|
+#include <sys/mman.h>
|
||||||
|
+#include <sys/types.h>
|
||||||
|
+#include <sys/wait.h>
|
||||||
|
|
||||||
|
#include "data_blob.h"
|
||||||
|
#include "spnego.h"
|
||||||
|
@@ -787,6 +790,25 @@ handle_krb5_mech(const char *oid, const char *host, DATA_BLOB * secblob,
|
||||||
|
return retval;
|
||||||
|
}
|
||||||
|
|
||||||
|
+
|
||||||
|
+
|
||||||
|
+struct decoded_args {
|
||||||
|
+ int ver;
|
||||||
|
+ char hostname[NI_MAXHOST + 1];
|
||||||
|
+ char ip[NI_MAXHOST + 1];
|
||||||
|
+
|
||||||
|
+/* Max user name length. */
|
||||||
|
+#define MAX_USERNAME_SIZE 256
|
||||||
|
+ char username[MAX_USERNAME_SIZE + 1];
|
||||||
|
+
|
||||||
|
+ uid_t uid;
|
||||||
|
+ uid_t creduid;
|
||||||
|
+ pid_t pid;
|
||||||
|
+ sectype_t sec;
|
||||||
|
+
|
||||||
|
+/*
|
||||||
|
+ * Flags to keep track of what was provided
|
||||||
|
+ */
|
||||||
|
#define DKD_HAVE_HOSTNAME 0x1
|
||||||
|
#define DKD_HAVE_VERSION 0x2
|
||||||
|
#define DKD_HAVE_SEC 0x4
|
||||||
|
@@ -796,23 +818,13 @@ handle_krb5_mech(const char *oid, const char *host, DATA_BLOB * secblob,
|
||||||
|
#define DKD_HAVE_CREDUID 0x40
|
||||||
|
#define DKD_HAVE_USERNAME 0x80
|
||||||
|
#define DKD_MUSTHAVE_SET (DKD_HAVE_HOSTNAME|DKD_HAVE_VERSION|DKD_HAVE_SEC)
|
||||||
|
-
|
||||||
|
-struct decoded_args {
|
||||||
|
- int ver;
|
||||||
|
- char *hostname;
|
||||||
|
- char *ip;
|
||||||
|
- char *username;
|
||||||
|
- uid_t uid;
|
||||||
|
- uid_t creduid;
|
||||||
|
- pid_t pid;
|
||||||
|
- sectype_t sec;
|
||||||
|
+ int have;
|
||||||
|
};
|
||||||
|
|
||||||
|
static unsigned int
|
||||||
|
-decode_key_description(const char *desc, struct decoded_args *arg)
|
||||||
|
+__decode_key_description(const char *desc, struct decoded_args *arg)
|
||||||
|
{
|
||||||
|
- int len;
|
||||||
|
- int retval = 0;
|
||||||
|
+ size_t len;
|
||||||
|
char *pos;
|
||||||
|
const char *tkn = desc;
|
||||||
|
|
||||||
|
@@ -826,13 +838,13 @@ decode_key_description(const char *desc, struct decoded_args *arg)
|
||||||
|
len = pos - tkn;
|
||||||
|
|
||||||
|
len -= 5;
|
||||||
|
- free(arg->hostname);
|
||||||
|
- arg->hostname = strndup(tkn + 5, len);
|
||||||
|
- if (arg->hostname == NULL) {
|
||||||
|
- syslog(LOG_ERR, "Unable to allocate memory");
|
||||||
|
+ if (len > sizeof(arg->hostname)-1) {
|
||||||
|
+ syslog(LOG_ERR, "host= value too long for buffer");
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
- retval |= DKD_HAVE_HOSTNAME;
|
||||||
|
+ memset(arg->hostname, 0, sizeof(arg->hostname));
|
||||||
|
+ strncpy(arg->hostname, tkn + 5, len);
|
||||||
|
+ arg->have |= DKD_HAVE_HOSTNAME;
|
||||||
|
syslog(LOG_DEBUG, "host=%s", arg->hostname);
|
||||||
|
} else if (!strncmp(tkn, "ip4=", 4) || !strncmp(tkn, "ip6=", 4)) {
|
||||||
|
if (pos == NULL)
|
||||||
|
@@ -841,13 +853,13 @@ decode_key_description(const char *desc, struct decoded_args *arg)
|
||||||
|
len = pos - tkn;
|
||||||
|
|
||||||
|
len -= 4;
|
||||||
|
- free(arg->ip);
|
||||||
|
- arg->ip = strndup(tkn + 4, len);
|
||||||
|
- if (arg->ip == NULL) {
|
||||||
|
- syslog(LOG_ERR, "Unable to allocate memory");
|
||||||
|
+ if (len > sizeof(arg->ip)-1) {
|
||||||
|
+ syslog(LOG_ERR, "ip[46]= value too long for buffer");
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
- retval |= DKD_HAVE_IP;
|
||||||
|
+ memset(arg->ip, 0, sizeof(arg->ip));
|
||||||
|
+ strncpy(arg->ip, tkn + 4, len);
|
||||||
|
+ arg->have |= DKD_HAVE_IP;
|
||||||
|
syslog(LOG_DEBUG, "ip=%s", arg->ip);
|
||||||
|
} else if (strncmp(tkn, "user=", 5) == 0) {
|
||||||
|
if (pos == NULL)
|
||||||
|
@@ -856,13 +868,13 @@ decode_key_description(const char *desc, struct decoded_args *arg)
|
||||||
|
len = pos - tkn;
|
||||||
|
|
||||||
|
len -= 5;
|
||||||
|
- free(arg->username);
|
||||||
|
- arg->username = strndup(tkn + 5, len);
|
||||||
|
- if (arg->username == NULL) {
|
||||||
|
- syslog(LOG_ERR, "Unable to allocate memory");
|
||||||
|
+ if (len > sizeof(arg->username)-1) {
|
||||||
|
+ syslog(LOG_ERR, "user= value too long for buffer");
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
- retval |= DKD_HAVE_USERNAME;
|
||||||
|
+ memset(arg->username, 0, sizeof(arg->username));
|
||||||
|
+ strncpy(arg->username, tkn + 5, len);
|
||||||
|
+ arg->have |= DKD_HAVE_USERNAME;
|
||||||
|
syslog(LOG_DEBUG, "user=%s", arg->username);
|
||||||
|
} else if (strncmp(tkn, "pid=", 4) == 0) {
|
||||||
|
errno = 0;
|
||||||
|
@@ -873,13 +885,13 @@ decode_key_description(const char *desc, struct decoded_args *arg)
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
syslog(LOG_DEBUG, "pid=%u", arg->pid);
|
||||||
|
- retval |= DKD_HAVE_PID;
|
||||||
|
+ arg->have |= DKD_HAVE_PID;
|
||||||
|
} else if (strncmp(tkn, "sec=", 4) == 0) {
|
||||||
|
if (strncmp(tkn + 4, "krb5", 4) == 0) {
|
||||||
|
- retval |= DKD_HAVE_SEC;
|
||||||
|
+ arg->have |= DKD_HAVE_SEC;
|
||||||
|
arg->sec = KRB5;
|
||||||
|
} else if (strncmp(tkn + 4, "mskrb5", 6) == 0) {
|
||||||
|
- retval |= DKD_HAVE_SEC;
|
||||||
|
+ arg->have |= DKD_HAVE_SEC;
|
||||||
|
arg->sec = MS_KRB5;
|
||||||
|
}
|
||||||
|
syslog(LOG_DEBUG, "sec=%d", arg->sec);
|
||||||
|
@@ -891,7 +903,7 @@ decode_key_description(const char *desc, struct decoded_args *arg)
|
||||||
|
strerror(errno));
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
- retval |= DKD_HAVE_UID;
|
||||||
|
+ arg->have |= DKD_HAVE_UID;
|
||||||
|
syslog(LOG_DEBUG, "uid=%u", arg->uid);
|
||||||
|
} else if (strncmp(tkn, "creduid=", 8) == 0) {
|
||||||
|
errno = 0;
|
||||||
|
@@ -901,7 +913,7 @@ decode_key_description(const char *desc, struct decoded_args *arg)
|
||||||
|
strerror(errno));
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
- retval |= DKD_HAVE_CREDUID;
|
||||||
|
+ arg->have |= DKD_HAVE_CREDUID;
|
||||||
|
syslog(LOG_DEBUG, "creduid=%u", arg->creduid);
|
||||||
|
} else if (strncmp(tkn, "ver=", 4) == 0) { /* if version */
|
||||||
|
errno = 0;
|
||||||
|
@@ -911,14 +923,56 @@ decode_key_description(const char *desc, struct decoded_args *arg)
|
||||||
|
strerror(errno));
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
- retval |= DKD_HAVE_VERSION;
|
||||||
|
+ arg->have |= DKD_HAVE_VERSION;
|
||||||
|
syslog(LOG_DEBUG, "ver=%d", arg->ver);
|
||||||
|
}
|
||||||
|
if (pos == NULL)
|
||||||
|
break;
|
||||||
|
tkn = pos + 1;
|
||||||
|
} while (tkn);
|
||||||
|
- return retval;
|
||||||
|
+ return 0;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static unsigned int
|
||||||
|
+decode_key_description(const char *desc, struct decoded_args **arg)
|
||||||
|
+{
|
||||||
|
+ pid_t pid;
|
||||||
|
+ pid_t rc;
|
||||||
|
+ int status;
|
||||||
|
+
|
||||||
|
+ /*
|
||||||
|
+ * Do all the decoding/string processing in a child process
|
||||||
|
+ * with low privileges.
|
||||||
|
+ */
|
||||||
|
+
|
||||||
|
+ *arg = mmap(NULL, sizeof(struct decoded_args), PROT_READ | PROT_WRITE,
|
||||||
|
+ MAP_ANONYMOUS | MAP_SHARED, -1, 0);
|
||||||
|
+ if (*arg == MAP_FAILED) {
|
||||||
|
+ syslog(LOG_ERR, "%s: mmap failed: %s", __func__, strerror(errno));
|
||||||
|
+ return -1;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ pid = fork();
|
||||||
|
+ if (pid < 0) {
|
||||||
|
+ syslog(LOG_ERR, "%s: fork failed: %s", __func__, strerror(errno));
|
||||||
|
+ munmap(*arg, sizeof(struct decoded_args));
|
||||||
|
+ *arg = NULL;
|
||||||
|
+ return -1;
|
||||||
|
+ }
|
||||||
|
+ if (pid == 0) {
|
||||||
|
+ /* do the parsing in child */
|
||||||
|
+ drop_all_capabilities();
|
||||||
|
+ exit(__decode_key_description(desc, *arg));
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ rc = waitpid(pid, &status, 0);
|
||||||
|
+ if (rc < 0 || !WIFEXITED(status) || WEXITSTATUS(status) != 0) {
|
||||||
|
+ munmap(*arg, sizeof(struct decoded_args));
|
||||||
|
+ *arg = NULL;
|
||||||
|
+ return 1;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
static int setup_key(const key_serial_t key, const void *data, size_t datalen)
|
||||||
|
@@ -1098,7 +1152,7 @@ int main(const int argc, char *const argv[])
|
||||||
|
bool try_dns = false, legacy_uid = false , env_probe = true;
|
||||||
|
char *buf;
|
||||||
|
char hostbuf[NI_MAXHOST], *host;
|
||||||
|
- struct decoded_args arg;
|
||||||
|
+ struct decoded_args *arg = NULL;
|
||||||
|
const char *oid;
|
||||||
|
uid_t uid;
|
||||||
|
char *keytab_name = NULL;
|
||||||
|
@@ -1109,7 +1163,6 @@ int main(const int argc, char *const argv[])
|
||||||
|
const char *key_descr = NULL;
|
||||||
|
|
||||||
|
hostbuf[0] = '\0';
|
||||||
|
- memset(&arg, 0, sizeof(arg));
|
||||||
|
|
||||||
|
openlog(prog, 0, LOG_DAEMON);
|
||||||
|
|
||||||
|
@@ -1150,9 +1203,6 @@ int main(const int argc, char *const argv[])
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
- if (trim_capabilities(env_probe))
|
||||||
|
- goto out;
|
||||||
|
-
|
||||||
|
/* is there a key? */
|
||||||
|
if (argc <= optind) {
|
||||||
|
usage();
|
||||||
|
@@ -1178,6 +1228,10 @@ int main(const int argc, char *const argv[])
|
||||||
|
|
||||||
|
syslog(LOG_DEBUG, "key description: %s", buf);
|
||||||
|
|
||||||
|
+ /*
|
||||||
|
+ * If we are requested a simple DNS query, do it and exit
|
||||||
|
+ */
|
||||||
|
+
|
||||||
|
if (strncmp(buf, "cifs.resolver", sizeof("cifs.resolver") - 1) == 0)
|
||||||
|
key_descr = ".cifs.resolver";
|
||||||
|
else if (strncmp(buf, "dns_resolver", sizeof("dns_resolver") - 1) == 0)
|
||||||
|
@@ -1187,33 +1241,42 @@ int main(const int argc, char *const argv[])
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
|
||||||
|
- have = decode_key_description(buf, &arg);
|
||||||
|
+ /*
|
||||||
|
+ * Otherwise, it's a spnego key request
|
||||||
|
+ */
|
||||||
|
+
|
||||||
|
+ rc = decode_key_description(buf, &arg);
|
||||||
|
free(buf);
|
||||||
|
- if ((have & DKD_MUSTHAVE_SET) != DKD_MUSTHAVE_SET) {
|
||||||
|
+ if (rc) {
|
||||||
|
+ syslog(LOG_ERR, "failed to decode key description");
|
||||||
|
+ goto out;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if ((arg->have & DKD_MUSTHAVE_SET) != DKD_MUSTHAVE_SET) {
|
||||||
|
syslog(LOG_ERR, "unable to get necessary params from key "
|
||||||
|
"description (0x%x)", have);
|
||||||
|
rc = 1;
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
|
||||||
|
- if (arg.ver > CIFS_SPNEGO_UPCALL_VERSION) {
|
||||||
|
+ if (arg->ver > CIFS_SPNEGO_UPCALL_VERSION) {
|
||||||
|
syslog(LOG_ERR, "incompatible kernel upcall version: 0x%x",
|
||||||
|
- arg.ver);
|
||||||
|
+ arg->ver);
|
||||||
|
rc = 1;
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
|
||||||
|
- if (strlen(arg.hostname) >= NI_MAXHOST) {
|
||||||
|
+ if (strlen(arg->hostname) >= NI_MAXHOST) {
|
||||||
|
syslog(LOG_ERR, "hostname provided by kernel is too long");
|
||||||
|
rc = 1;
|
||||||
|
goto out;
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
- if (!legacy_uid && (have & DKD_HAVE_CREDUID))
|
||||||
|
- uid = arg.creduid;
|
||||||
|
- else if (have & DKD_HAVE_UID)
|
||||||
|
- uid = arg.uid;
|
||||||
|
+ if (!legacy_uid && (arg->have & DKD_HAVE_CREDUID))
|
||||||
|
+ uid = arg->creduid;
|
||||||
|
+ else if (arg->have & DKD_HAVE_UID)
|
||||||
|
+ uid = arg->uid;
|
||||||
|
else {
|
||||||
|
/* no uid= or creduid= parm -- something is wrong */
|
||||||
|
syslog(LOG_ERR, "No uid= or creduid= parm specified");
|
||||||
|
@@ -1221,6 +1284,21 @@ int main(const int argc, char *const argv[])
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ /*
|
||||||
|
+ * Change to the process's namespace. This means that things will work
|
||||||
|
+ * acceptably in containers, because we'll be looking at the correct
|
||||||
|
+ * filesystem and have the correct network configuration.
|
||||||
|
+ */
|
||||||
|
+ rc = switch_to_process_ns(arg->pid);
|
||||||
|
+ if (rc == -1) {
|
||||||
|
+ syslog(LOG_ERR, "unable to switch to process namespace: %s", strerror(errno));
|
||||||
|
+ rc = 1;
|
||||||
|
+ goto out;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (trim_capabilities(env_probe))
|
||||||
|
+ goto out;
|
||||||
|
+
|
||||||
|
/*
|
||||||
|
* The kernel doesn't pass down the gid, so we resort here to scraping
|
||||||
|
* one out of the passwd nss db. Note that this might not reflect the
|
||||||
|
@@ -1266,20 +1344,7 @@ int main(const int argc, char *const argv[])
|
||||||
|
* look at the environ file.
|
||||||
|
*/
|
||||||
|
env_cachename =
|
||||||
|
- get_cachename_from_process_env(env_probe ? arg.pid : 0);
|
||||||
|
-
|
||||||
|
- /*
|
||||||
|
- * Change to the process's namespace. This means that things will work
|
||||||
|
- * acceptably in containers, because we'll be looking at the correct
|
||||||
|
- * filesystem and have the correct network configuration.
|
||||||
|
- */
|
||||||
|
- rc = switch_to_process_ns(arg.pid);
|
||||||
|
- if (rc == -1) {
|
||||||
|
- syslog(LOG_ERR, "unable to switch to process namespace: %s",
|
||||||
|
- strerror(errno));
|
||||||
|
- rc = 1;
|
||||||
|
- goto out;
|
||||||
|
- }
|
||||||
|
+ get_cachename_from_process_env(env_probe ? arg->pid : 0);
|
||||||
|
|
||||||
|
rc = setuid(uid);
|
||||||
|
if (rc == -1) {
|
||||||
|
@@ -1301,18 +1366,18 @@ int main(const int argc, char *const argv[])
|
||||||
|
|
||||||
|
ccache = get_existing_cc(env_cachename);
|
||||||
|
/* Couldn't find credcache? Try to use keytab */
|
||||||
|
- if (ccache == NULL && arg.username != NULL)
|
||||||
|
- ccache = init_cc_from_keytab(keytab_name, arg.username);
|
||||||
|
+ if (ccache == NULL && arg->username[0] != '\0')
|
||||||
|
+ ccache = init_cc_from_keytab(keytab_name, arg->username);
|
||||||
|
|
||||||
|
if (ccache == NULL) {
|
||||||
|
rc = 1;
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
|
||||||
|
- host = arg.hostname;
|
||||||
|
+ host = arg->hostname;
|
||||||
|
|
||||||
|
// do mech specific authorization
|
||||||
|
- switch (arg.sec) {
|
||||||
|
+ switch (arg->sec) {
|
||||||
|
case MS_KRB5:
|
||||||
|
case KRB5:
|
||||||
|
/*
|
||||||
|
@@ -1328,7 +1393,7 @@ int main(const int argc, char *const argv[])
|
||||||
|
* TRY only:
|
||||||
|
* cifs/bar.example.com@REALM
|
||||||
|
*/
|
||||||
|
- if (arg.sec == MS_KRB5)
|
||||||
|
+ if (arg->sec == MS_KRB5)
|
||||||
|
oid = OID_KERBEROS5_OLD;
|
||||||
|
else
|
||||||
|
oid = OID_KERBEROS5;
|
||||||
|
@@ -1385,10 +1450,10 @@ retry_new_hostname:
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
- if (!try_dns || !(have & DKD_HAVE_IP))
|
||||||
|
+ if (!try_dns || !(arg->have & DKD_HAVE_IP))
|
||||||
|
break;
|
||||||
|
|
||||||
|
- rc = ip_to_fqdn(arg.ip, hostbuf, sizeof(hostbuf));
|
||||||
|
+ rc = ip_to_fqdn(arg->ip, hostbuf, sizeof(hostbuf));
|
||||||
|
if (rc)
|
||||||
|
break;
|
||||||
|
|
||||||
|
@@ -1396,7 +1461,7 @@ retry_new_hostname:
|
||||||
|
host = hostbuf;
|
||||||
|
goto retry_new_hostname;
|
||||||
|
default:
|
||||||
|
- syslog(LOG_ERR, "sectype: %d is not implemented", arg.sec);
|
||||||
|
+ syslog(LOG_ERR, "sectype: %d is not implemented", arg->sec);
|
||||||
|
rc = 1;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
@@ -1414,7 +1479,7 @@ retry_new_hostname:
|
||||||
|
rc = 1;
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
- keydata->version = arg.ver;
|
||||||
|
+ keydata->version = arg->ver;
|
||||||
|
keydata->flags = 0;
|
||||||
|
keydata->sesskey_len = sess_key.length;
|
||||||
|
keydata->secblob_len = secblob.length;
|
||||||
|
@@ -1440,11 +1505,10 @@ out:
|
||||||
|
krb5_cc_close(context, ccache);
|
||||||
|
if (context)
|
||||||
|
krb5_free_context(context);
|
||||||
|
- free(arg.hostname);
|
||||||
|
- free(arg.ip);
|
||||||
|
- free(arg.username);
|
||||||
|
free(keydata);
|
||||||
|
free(env_cachename);
|
||||||
|
+ if (arg)
|
||||||
|
+ munmap(arg, sizeof(*arg));
|
||||||
|
syslog(LOG_DEBUG, "Exit status %ld", rc);
|
||||||
|
return rc;
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user