Compare commits
No commits in common. "c8" and "c9-beta" have entirely different histories.
@ -1 +1 @@
|
|||||||
9df055a73d89ed3d536828d0cea304c9e04139d4 SOURCES/cifs-utils-7.0.tar.bz2
|
75c4eadf2b789ba0e504b4991f3284e15bf9266a SOURCES/cifs-utils-7.5.tar.bz2
|
||||||
|
|||||||
2
.gitignore
vendored
2
.gitignore
vendored
@ -1 +1 @@
|
|||||||
SOURCES/cifs-utils-7.0.tar.bz2
|
SOURCES/cifs-utils-7.5.tar.bz2
|
||||||
|
|||||||
@ -1,55 +0,0 @@
|
|||||||
From 17162396d9ace9396c27826f1c62719186e29ae9 Mon Sep 17 00:00:00 2001
|
|
||||||
From: =?UTF-8?q?Pavel=20Filipensk=C3=BD?= <pfilipensky@samba.org>
|
|
||||||
Date: Fri, 20 Jan 2023 20:53:44 +0100
|
|
||||||
Subject: [PATCH] Use explicit #!/usr/bin/python3
|
|
||||||
|
|
||||||
---
|
|
||||||
checkopts | 2 +-
|
|
||||||
smb2-quota | 2 +-
|
|
||||||
smb2-secdesc | 2 +-
|
|
||||||
smbinfo | 2 +-
|
|
||||||
4 files changed, 4 insertions(+), 4 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/checkopts b/checkopts
|
|
||||||
index 88e70b1..00c4cfd 100755
|
|
||||||
--- a/checkopts
|
|
||||||
+++ b/checkopts
|
|
||||||
@@ -1,4 +1,4 @@
|
|
||||||
-#!/usr/bin/env python3
|
|
||||||
+#!/usr/bin/python3
|
|
||||||
#
|
|
||||||
# Script to check for inconsistencies between documented mount options
|
|
||||||
# and implemented kernel options.
|
|
||||||
diff --git a/smb2-quota b/smb2-quota
|
|
||||||
index 6d0b8a3..49207c7 100755
|
|
||||||
--- a/smb2-quota
|
|
||||||
+++ b/smb2-quota
|
|
||||||
@@ -1,4 +1,4 @@
|
|
||||||
-#!/usr/bin/env python
|
|
||||||
+#!/usr/bin/python3
|
|
||||||
# coding: utf-8
|
|
||||||
#
|
|
||||||
# smb2-quota is a cmdline tool to display quota information for the
|
|
||||||
diff --git a/smb2-secdesc b/smb2-secdesc
|
|
||||||
index 5886091..534dd92 100755
|
|
||||||
--- a/smb2-secdesc
|
|
||||||
+++ b/smb2-secdesc
|
|
||||||
@@ -1,4 +1,4 @@
|
|
||||||
-#!/usr/bin/env python
|
|
||||||
+#!/usr/bin/python3
|
|
||||||
# coding: utf-8
|
|
||||||
|
|
||||||
import array
|
|
||||||
diff --git a/smbinfo b/smbinfo
|
|
||||||
index 73c5bb3..766024e 100755
|
|
||||||
--- a/smbinfo
|
|
||||||
+++ b/smbinfo
|
|
||||||
@@ -1,4 +1,4 @@
|
|
||||||
-#!/usr/bin/env python3
|
|
||||||
+#!/usr/bin/python3
|
|
||||||
# -*- coding: utf-8 -*-
|
|
||||||
#
|
|
||||||
# smbinfo is a cmdline tool to query SMB-specific file and fs
|
|
||||||
--
|
|
||||||
2.38.1
|
|
||||||
|
|
||||||
41
SOURCES/cifs.upcall-Adjust-log-level.patch
Normal file
41
SOURCES/cifs.upcall-Adjust-log-level.patch
Normal file
@ -0,0 +1,41 @@
|
|||||||
|
From 927123ede36fab4a68aea6f6a3495ad909430ed1 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Pierguido Lambri <plambri@redhat.com>
|
||||||
|
Date: Fri, 30 Jan 2026 14:11:28 +0000
|
||||||
|
Subject: [PATCH 3/3] cifs.upcall: Adjust log level
|
||||||
|
|
||||||
|
Because now only error message are logged, let's switch some messages
|
||||||
|
from DEBUG to ERROR level.
|
||||||
|
This will help see when an error occurred with cifs.upcall and
|
||||||
|
eventually turn on the debug mode.
|
||||||
|
|
||||||
|
Signed-off-by: Pierguido Lambri <plambri@redhat.com>
|
||||||
|
Reviewed-by: Paulo Alcantara (Red Hat) <pc@manguebit.org>
|
||||||
|
---
|
||||||
|
cifs.upcall.c | 4 ++--
|
||||||
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/cifs.upcall.c b/cifs.upcall.c
|
||||||
|
index b57a48c743e4..9d0eecf3aa11 100644
|
||||||
|
--- a/cifs.upcall.c
|
||||||
|
+++ b/cifs.upcall.c
|
||||||
|
@@ -1618,7 +1618,7 @@ int main(const int argc, char *const argv[])
|
||||||
|
__func__);
|
||||||
|
} else {
|
||||||
|
if (!get_tgt_time(ccache)) {
|
||||||
|
- syslog(LOG_DEBUG, "%s: valid TGT is not present in credential cache",
|
||||||
|
+ syslog(LOG_ERR, "%s: valid TGT is not present in credential cache",
|
||||||
|
__func__);
|
||||||
|
krb5_cc_close(context, ccache);
|
||||||
|
ccache = NULL;
|
||||||
|
@@ -1721,7 +1721,7 @@ retry_new_hostname:
|
||||||
|
}
|
||||||
|
|
||||||
|
if (rc) {
|
||||||
|
- syslog(LOG_DEBUG, "Unable to obtain service ticket");
|
||||||
|
+ syslog(LOG_ERR, "Unable to obtain service ticket");
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
|
||||||
|
--
|
||||||
|
2.52.0
|
||||||
|
|
||||||
68
SOURCES/cifs.upcall-add-option-to-enable-debug-logs.patch
Normal file
68
SOURCES/cifs.upcall-add-option-to-enable-debug-logs.patch
Normal file
@ -0,0 +1,68 @@
|
|||||||
|
From 3047b9ccefdcf6327bf060ebf0d40864c5b1a11e Mon Sep 17 00:00:00 2001
|
||||||
|
From: Pierguido Lambri <plambri@redhat.com>
|
||||||
|
Date: Fri, 30 Jan 2026 14:11:26 +0000
|
||||||
|
Subject: [PATCH 1/3] cifs.upcall: add option to enable debug logs
|
||||||
|
|
||||||
|
cifs.upcall uses two levels of logs, DEBUG and ERR.
|
||||||
|
However, when using systemd, these logs will always be recorded.
|
||||||
|
When the system does a lot of upcalls, the journal could be filled
|
||||||
|
with debug logs, which may not be useful at that time.
|
||||||
|
Added then a new option '-d' to enable debug logs only when needed.
|
||||||
|
This will set a logmask up to LOG_DEBUG instead of the default
|
||||||
|
of LOG_ERR, thus reducing the amount of logs when no debug is needed.
|
||||||
|
|
||||||
|
Signed-off-by: Pierguido Lambri <plambri@redhat.com>
|
||||||
|
Reviewed-by: Paulo Alcantara (Red Hat) <pc@manguebit.org>
|
||||||
|
---
|
||||||
|
cifs.upcall.c | 13 +++++++++++--
|
||||||
|
1 file changed, 11 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/cifs.upcall.c b/cifs.upcall.c
|
||||||
|
index 69e27a34f637..b57a48c743e4 100644
|
||||||
|
--- a/cifs.upcall.c
|
||||||
|
+++ b/cifs.upcall.c
|
||||||
|
@@ -1356,10 +1356,11 @@ lowercase_string(char *c)
|
||||||
|
|
||||||
|
static void usage(void)
|
||||||
|
{
|
||||||
|
- fprintf(stderr, "Usage: %s [ -K /path/to/keytab] [-k /path/to/krb5.conf] [-E] [-t] [-v] [-l] [-e nsecs] key_serial\n", prog);
|
||||||
|
+ fprintf(stderr, "Usage: %s [ -K /path/to/keytab] [-k /path/to/krb5.conf] [-d] [-E] [-t] [-v] [-l] [-e nsecs] key_serial\n", prog);
|
||||||
|
}
|
||||||
|
|
||||||
|
static const struct option long_options[] = {
|
||||||
|
+ {"debug", 0, NULL, 'd'},
|
||||||
|
{"no-env-probe", 0, NULL, 'E'},
|
||||||
|
{"krb5conf", 1, NULL, 'k'},
|
||||||
|
{"legacy-uid", 0, NULL, 'l'},
|
||||||
|
@@ -1379,6 +1380,7 @@ int main(const int argc, char *const argv[])
|
||||||
|
size_t datalen;
|
||||||
|
long rc = 1;
|
||||||
|
int c;
|
||||||
|
+ int mask;
|
||||||
|
bool try_dns = false, legacy_uid = false , env_probe = true;
|
||||||
|
char *buf;
|
||||||
|
char hostbuf[NI_MAXHOST], *host;
|
||||||
|
@@ -1395,12 +1397,19 @@ int main(const int argc, char *const argv[])
|
||||||
|
hostbuf[0] = '\0';
|
||||||
|
|
||||||
|
openlog(prog, 0, LOG_DAEMON);
|
||||||
|
+ mask = LOG_UPTO(LOG_ERR);
|
||||||
|
+ setlogmask(mask);
|
||||||
|
|
||||||
|
- while ((c = getopt_long(argc, argv, "cEk:K:ltve:", long_options, NULL)) != -1) {
|
||||||
|
+ while ((c = getopt_long(argc, argv, "cdEk:K:ltve:", long_options, NULL)) != -1) {
|
||||||
|
switch (c) {
|
||||||
|
case 'c':
|
||||||
|
/* legacy option -- skip it */
|
||||||
|
break;
|
||||||
|
+ case 'd':
|
||||||
|
+ /* enable debug logs */
|
||||||
|
+ mask = LOG_UPTO(LOG_DEBUG);
|
||||||
|
+ setlogmask(mask);
|
||||||
|
+ break;
|
||||||
|
case 'E':
|
||||||
|
/* skip probing initiating process env */
|
||||||
|
env_probe = false;
|
||||||
|
--
|
||||||
|
2.52.0
|
||||||
|
|
||||||
@ -1,46 +0,0 @@
|
|||||||
From d2f39a20d68aa55023b63e575f06941721e644c6 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Paulo Alcantara <pc@manguebit.org>
|
|
||||||
Date: Tue, 23 Jun 2026 15:06:20 -0300
|
|
||||||
Subject: [PATCH] cifs.upcall: fix compiler warning with -Wvla
|
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Type: text/plain; charset=UTF-8
|
|
||||||
Content-Transfer-Encoding: 8bit
|
|
||||||
|
|
||||||
The length value for @path array in get_uidgid() needs to be evaluated
|
|
||||||
at compile time, so replace strlen() with sizeof() when defining
|
|
||||||
PROC_PID_PATH_MAXLEN and then fix the following warning:
|
|
||||||
|
|
||||||
cifs.upcall.c: In function ‘get_uidgid’:
|
|
||||||
cifs.upcall.c:1400:9: warning: ISO C90 forbids array ‘path’ whose size
|
|
||||||
cannot be evaluated [-Wvla]
|
|
||||||
1400 | char path[PROC_PID_PATH_MAXLEN] = {}, buf[256];
|
|
||||||
| ^~~~
|
|
||||||
|
|
||||||
Fixes: 972c5b5ff95e ("cifs.upcall: remove getpwuid() dependency")
|
|
||||||
Signed-off-by: Paulo Alcantara (Red Hat) <pc@manguebit.org>
|
|
||||||
Reviewed-by: David Howells <dhowells@redhat.com>
|
|
||||||
Cc: Enzo Matsumiya <ematsumiya@suse.de>
|
|
||||||
Cc: linux-cifs@vger.kernel.org
|
|
||||||
Signed-off-by: Steve French <stfrench@microsoft.com>
|
|
||||||
---
|
|
||||||
cifs.upcall.c | 4 ++--
|
|
||||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/cifs.upcall.c b/cifs.upcall.c
|
|
||||||
index 01690dfcade1..11dbc6186a74 100644
|
|
||||||
--- a/cifs.upcall.c
|
|
||||||
+++ b/cifs.upcall.c
|
|
||||||
@@ -1375,8 +1375,8 @@ static int ip_to_fqdn(const char *addrstr, char *host, size_t hostlen)
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
-/* cover worst case/impossible scenarios, + 1 for NUL */
|
|
||||||
-#define PROC_PID_PATH_MAXLEN ((int)strlen("/proc/2147483647/status") + 1)
|
|
||||||
+/* cover worst case/impossible scenarios */
|
|
||||||
+#define PROC_PID_PATH_MAXLEN ((int)sizeof("/proc/2147483647/status"))
|
|
||||||
/* max valid UID/GID is (UINT_MAX - 1) */
|
|
||||||
#define INVALID_UIDGID UINT_MAX
|
|
||||||
|
|
||||||
--
|
|
||||||
2.54.0
|
|
||||||
|
|
||||||
@ -1,383 +0,0 @@
|
|||||||
From e9495963e0d5c26f7d0137829d8dc625130b53cc Mon Sep 17 00:00:00 2001
|
|
||||||
From: Enzo Matsumiya <ematsumiya@suse.de>
|
|
||||||
Date: Mon, 6 Jul 2026 10:55:55 -0300
|
|
||||||
Subject: [PATCH] cifs.upcall: fix regression with krb5 + creduid
|
|
||||||
|
|
||||||
Commit 972c5b5ff95e ("cifs.upcall: remove getpwuid() dependency")
|
|
||||||
introduced a regression when using creduid != uid (e.g.
|
|
||||||
"mount.cifs -o sec=krb5,cruid=X"), so 'uid' local var is replaced
|
|
||||||
with procfs "Uid" value (in the example, the one from mount.cifs).
|
|
||||||
|
|
||||||
That commit ignored the fact that:
|
|
||||||
mount UID can be different from creds UID, and that calling-app
|
|
||||||
process (post-mount) can be different from both
|
|
||||||
|
|
||||||
This patch "reverts" 972c5b5ff95e ("cifs.upcall: remove getpwuid()
|
|
||||||
dependency"); transform the "emergency"-added function get_uidgid()
|
|
||||||
into map_uidgid(), now only used to do NS UID/GID mapping.
|
|
||||||
|
|
||||||
Also add getpwuid() back, but this time called while still on host
|
|
||||||
namespace, so any possible custom NSS module is ran as allowed by
|
|
||||||
sysadmin.
|
|
||||||
|
|
||||||
Any scenario involving unmapped UIDs or GIDs is unsupported; this
|
|
||||||
means that any UID:GID in a child user namespace _must_ map back to
|
|
||||||
a valid and existing host UID:GID.
|
|
||||||
|
|
||||||
Fixes: 972c5b5ff95e ("cifs.upcall: remove getpwuid() dependency")
|
|
||||||
Reported-by: Paulo Alcantara (Red Hat) <pc@manguebit.org>
|
|
||||||
Signed-off-by: Enzo Matsumiya <ematsumiya@suse.de>
|
|
||||||
Signed-off-by: Paulo Alcantara (Red Hat) <pc@manguebit.org>
|
|
||||||
Signed-off-by: Steve French <stfrench@microsoft.com>
|
|
||||||
---
|
|
||||||
cifs.upcall.c | 279 ++++++++++++++++++++++++++++++++------------------
|
|
||||||
1 file changed, 177 insertions(+), 102 deletions(-)
|
|
||||||
|
|
||||||
Index: cifs-utils-7.0/cifs.upcall.c
|
|
||||||
===================================================================
|
|
||||||
--- cifs-utils-7.0.orig/cifs.upcall.c
|
|
||||||
+++ cifs-utils-7.0/cifs.upcall.c
|
|
||||||
@@ -52,6 +52,7 @@
|
|
||||||
#include <arpa/inet.h>
|
|
||||||
#include <ctype.h>
|
|
||||||
#include <grp.h>
|
|
||||||
+#include <pwd.h>
|
|
||||||
#include <stdbool.h>
|
|
||||||
#include <errno.h>
|
|
||||||
#include <sched.h>
|
|
||||||
@@ -1264,118 +1265,170 @@ static int ip_to_fqdn(const char *addrst
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
-/* cover worst case/impossible scenarios */
|
|
||||||
-#define PROC_PID_PATH_MAXLEN ((int)sizeof("/proc/2147483647/status"))
|
|
||||||
-/* max valid UID/GID is (UINT_MAX - 1) */
|
|
||||||
-#define INVALID_UIDGID UINT_MAX
|
|
||||||
+#define ID_MAP_PATH_MAX ((int)sizeof("/proc/2147483647/uid_map"))
|
|
||||||
|
|
||||||
-/*
|
|
||||||
- * get_uidgid - Get @pid's (real) UID and/or GID.
|
|
||||||
- * @pid: process to get UID/GID from
|
|
||||||
- * @uidp: pointer to store @pid's UID (can be NULL)
|
|
||||||
- * @gidp: pointer to store @pid's GID (can be NULL)
|
|
||||||
- *
|
|
||||||
- * Extract "Uid:" and "Gid:" fields from /proc/@pid/status.
|
|
||||||
- * Do so based on whether @uidp or @gidp are NULL.
|
|
||||||
- *
|
|
||||||
- * This function assumes we're on the same namespace as @pid.
|
|
||||||
- *
|
|
||||||
- * Return: 0 on success, -1 otherwise (errno set).
|
|
||||||
- *
|
|
||||||
- * On errors, *@uidp and *@gidp are set to INVALID_UIDGID.
|
|
||||||
- */
|
|
||||||
-static int get_uidgid(pid_t pid, uid_t *uidp, gid_t *gidp)
|
|
||||||
+static int map_id(pid_t pid, const char *map, unsigned int *idp)
|
|
||||||
{
|
|
||||||
- char path[PROC_PID_PATH_MAXLEN] = {}, buf[256];
|
|
||||||
+ unsigned long long ns_start, host_start, range;
|
|
||||||
+ char map_path[ID_MAP_PATH_MAX];
|
|
||||||
+ int map_path_size = sizeof(map_path);
|
|
||||||
+ unsigned int id;
|
|
||||||
FILE *fp = NULL;
|
|
||||||
- int ret;
|
|
||||||
+ int ret = 1;
|
|
||||||
|
|
||||||
- errno = 0;
|
|
||||||
- if (pid < 0 || (!uidp && !gidp)) {
|
|
||||||
- errno = EINVAL;
|
|
||||||
- return -1;
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
- if (uidp)
|
|
||||||
- *uidp = INVALID_UIDGID;
|
|
||||||
-
|
|
||||||
- if (gidp)
|
|
||||||
- *gidp = INVALID_UIDGID;
|
|
||||||
+ errno = EINVAL;
|
|
||||||
+ if (pid < 0 || !map || !idp || *idp == UINT_MAX)
|
|
||||||
+ goto out;
|
|
||||||
|
|
||||||
- ret = snprintf(path, PROC_PID_PATH_MAXLEN, "/proc/%d/status", pid);
|
|
||||||
- if (ret < 0 || ret >= PROC_PID_PATH_MAXLEN) {
|
|
||||||
- if (!errno)
|
|
||||||
+ ret = snprintf(map_path, map_path_size, "/proc/%d/%s", pid, map);
|
|
||||||
+ if (ret < 0 || ret >= map_path_size) {
|
|
||||||
+ if (ret >= map_path_size)
|
|
||||||
errno = ENAMETOOLONG;
|
|
||||||
- return -1;
|
|
||||||
+ ret = 1;
|
|
||||||
+ goto out;
|
|
||||||
}
|
|
||||||
|
|
||||||
- fp = fopen(path, "r");
|
|
||||||
- if (!fp) {
|
|
||||||
- ret = -1;
|
|
||||||
+ ret = 1;
|
|
||||||
+ fp = fopen(map_path, "r");
|
|
||||||
+ if (!fp)
|
|
||||||
goto out;
|
|
||||||
- }
|
|
||||||
|
|
||||||
- /* Parse /proc/pid/status fields */
|
|
||||||
- errno = 0;
|
|
||||||
- ret = -1;
|
|
||||||
- while (fgets(buf, 256, fp)) {
|
|
||||||
- unsigned long long val;
|
|
||||||
+ /*
|
|
||||||
+ * The map files have the same format:
|
|
||||||
+ * <NS ID start> <host ID start> <range>
|
|
||||||
+ * ... (<multiple entries are supported) ...
|
|
||||||
+ *
|
|
||||||
+ * Formula and validation:
|
|
||||||
+ * <final NS ID> = (*@idp - <host ID start>) + <NS ID start>
|
|
||||||
+ *
|
|
||||||
+ * - IDs: [0, UINT_MAX - 1]
|
|
||||||
+ * - range: [1, UINT_MAX], where range == UINT_MAX requires both ID ranges to start at 0,
|
|
||||||
+ * which then means this is an init host NS mapping (and that's ok)
|
|
||||||
+ *
|
|
||||||
+ * The formula itself would be enough to "validate" a matching NS ID, but we don't want to
|
|
||||||
+ * keep parsing a malformed map file, no matter how unlikely/impossible it is to happen.
|
|
||||||
+ * Same reason values are parsed as 'unsigned long long', so we can check for bogus data.
|
|
||||||
+ */
|
|
||||||
+ id = UINT_MAX;
|
|
||||||
+ errno = ENODATA;
|
|
||||||
+ while (fscanf(fp, "%llu %llu %llu", &ns_start, &host_start, &range) == 3) {
|
|
||||||
+ if (ns_start >= UINT_MAX || host_start >= UINT_MAX ||
|
|
||||||
+ range > UINT_MAX || range == 0) {
|
|
||||||
+ errno = EINVAL;
|
|
||||||
+ ret = 1;
|
|
||||||
+ break;
|
|
||||||
+ }
|
|
||||||
|
|
||||||
- errno = ENODATA;
|
|
||||||
- if ((!uidp || strncmp(buf, "Uid:", 4)) && (!gidp || strncmp(buf, "Gid:", 4)))
|
|
||||||
- continue;
|
|
||||||
+ if (range == UINT_MAX && (ns_start != 0 || host_start != 0)) {
|
|
||||||
+ errno = EINVAL;
|
|
||||||
+ ret = 1;
|
|
||||||
+ break;
|
|
||||||
+ }
|
|
||||||
|
|
||||||
- errno = 0;
|
|
||||||
+ if (host_start + range > UINT_MAX || ns_start + range > UINT_MAX) {
|
|
||||||
+ errno = EINVAL;
|
|
||||||
+ ret = 1;
|
|
||||||
+ break;
|
|
||||||
+ }
|
|
||||||
|
|
||||||
/*
|
|
||||||
- * Example line format (same for both Uid/Gid):
|
|
||||||
- * "Uid:\t%u\t%u\%u\%u"
|
|
||||||
+ * Check if host ID fits this line.
|
|
||||||
+ * Our desired NS ID may be in any line of the file.
|
|
||||||
*
|
|
||||||
- * Where the numbers represents:
|
|
||||||
- * <real> <effective> <saved> <fsuid>
|
|
||||||
+ * Note: new{uid,gid}map tools (that creates the map files) don't allow multiple
|
|
||||||
+ * maps (NS IDs) to the same host ID.
|
|
||||||
*
|
|
||||||
- * We're only interested in the <real> value.
|
|
||||||
+ * If we get a match here, we'll save it, but we continue parsing the file.
|
|
||||||
+ * If we happen to find a duplicate, it's possible this is a rogue file trying to
|
|
||||||
+ * bypass these checks.
|
|
||||||
*
|
|
||||||
- * (field names "Uid:"/"Gid:" parsed above, skip it)
|
|
||||||
+ * In such cases, discard the match and return EOPNOTSUPP, as returning a
|
|
||||||
+ * successful match could lead to disastrous results.
|
|
||||||
*/
|
|
||||||
- ret = sscanf(&buf[0] + 4, "%llu", &val);
|
|
||||||
- if (ret != 1) {
|
|
||||||
- ret = -1;
|
|
||||||
- if (errno)
|
|
||||||
+ if (*idp >= host_start && *idp < host_start + range) {
|
|
||||||
+ /* This means we found a duplicate */
|
|
||||||
+ if (!ret) {
|
|
||||||
+ ret = 1;
|
|
||||||
+ errno = EOPNOTSUPP;
|
|
||||||
+ syslog(LOG_ERR, "%s has multiple mapped IDs for %u (unsupported)",
|
|
||||||
+ map, *idp);
|
|
||||||
break;
|
|
||||||
- continue;
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
- ret = -1;
|
|
||||||
- if (val >= UINT_MAX) {
|
|
||||||
- errno = EINVAL;
|
|
||||||
- break;
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
- if (uidp && !strncmp(buf, "Uid:", 4))
|
|
||||||
- *uidp = (uid_t)val;
|
|
||||||
- else
|
|
||||||
- *gidp = (gid_t)val;
|
|
||||||
+ }
|
|
||||||
|
|
||||||
- if ((!uidp || *uidp != INVALID_UIDGID) && (!gidp || *gidp != INVALID_UIDGID)) {
|
|
||||||
- errno = 0;
|
|
||||||
+ id = (*idp - host_start) + ns_start;
|
|
||||||
ret = 0;
|
|
||||||
- break;
|
|
||||||
+ errno = 0;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
+
|
|
||||||
+ /* This means errno was reset by fscanf() without finding anything */
|
|
||||||
+ if (ret && errno == 0)
|
|
||||||
+ errno = ENODATA;
|
|
||||||
out:
|
|
||||||
- if (fp)
|
|
||||||
+ if (fp) {
|
|
||||||
+ int err = errno;
|
|
||||||
+
|
|
||||||
fclose(fp);
|
|
||||||
+ /* Ignore fclose() errors */
|
|
||||||
+ errno = err;
|
|
||||||
+ }
|
|
||||||
|
|
||||||
- if (ret) {
|
|
||||||
- syslog(LOG_DEBUG, "%s(pid=%d): %s", __func__, pid, strerror(errno));
|
|
||||||
- if (uidp)
|
|
||||||
- *uidp = INVALID_UIDGID;
|
|
||||||
+ if (!ret) {
|
|
||||||
+ *idp = id;
|
|
||||||
+ errno = 0;
|
|
||||||
+ } else {
|
|
||||||
+ syslog(LOG_DEBUG, "%s(pid=%d, map=%s, id=%u): %s", __func__, pid, map, *idp,
|
|
||||||
+ strerror(errno));
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ return ret;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+/*
|
|
||||||
+ * map_uidgid() - Map (real) UID/GID from init host NS to user NS.
|
|
||||||
+ * @pid: host NS PID
|
|
||||||
+ * @uidp: (in) host UID, (out) NS UID
|
|
||||||
+ * @gidp: (in) host GID, (out) NS GID
|
|
||||||
+ *
|
|
||||||
+ * Parse /proc/@pid/{uid,gid}_map files to get NS UID/GID values.
|
|
||||||
+ * Since @pid is expected to be a host NS PID, this must be called before switching namespaces.
|
|
||||||
+ *
|
|
||||||
+ * Note: we can't use /proc/self here because we haven't switched NS yet, so {uid,gid}_map files
|
|
||||||
+ * would contain host NS values.
|
|
||||||
+ *
|
|
||||||
+ * Return: 0 on success, 1 otherwise (errno set).
|
|
||||||
+ */
|
|
||||||
+static int map_uidgid(pid_t pid, uid_t *uidp, gid_t *gidp)
|
|
||||||
+{
|
|
||||||
+ uid_t orig_uid;
|
|
||||||
+ gid_t orig_gid;
|
|
||||||
+ int ret = 1;
|
|
||||||
+
|
|
||||||
+ errno = EINVAL;
|
|
||||||
+ if (!uidp || !gidp)
|
|
||||||
+ goto out;
|
|
||||||
+
|
|
||||||
+ orig_uid = *uidp;
|
|
||||||
+ orig_gid = *gidp;
|
|
||||||
|
|
||||||
- if (gidp)
|
|
||||||
- *gidp = INVALID_UIDGID;
|
|
||||||
+ ret = map_id(pid, "uid_map", uidp);
|
|
||||||
+ if (ret) {
|
|
||||||
+ if (errno == ENODATA)
|
|
||||||
+ syslog(LOG_ERR, "UID %u not mapped in this namespace (unsupported)",
|
|
||||||
+ orig_uid);
|
|
||||||
+ goto out;
|
|
||||||
}
|
|
||||||
|
|
||||||
+ ret = map_id(pid, "gid_map", gidp);
|
|
||||||
+ if (ret && errno == ENODATA)
|
|
||||||
+ syslog(LOG_ERR, "GID %u not mapped in this namespace (unsupported)",
|
|
||||||
+ orig_gid);
|
|
||||||
+out:
|
|
||||||
+ if (ret && errno != ENODATA)
|
|
||||||
+ syslog(LOG_ERR, "%s: %s", __func__, strerror(errno));
|
|
||||||
+ else if (!ret)
|
|
||||||
+ syslog(LOG_DEBUG, "host %u:%u -> NS %u:%u", orig_uid, orig_gid, *uidp, *gidp);
|
|
||||||
+
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -1421,6 +1474,7 @@ int main(const int argc, char *const arg
|
|
||||||
const char *oid;
|
|
||||||
uid_t uid;
|
|
||||||
gid_t gid;
|
|
||||||
+ struct passwd *pw;
|
|
||||||
char *keytab_name = NULL;
|
|
||||||
char *env_cachename = NULL;
|
|
||||||
krb5_ccache ccache = NULL;
|
|
||||||
@@ -1561,39 +1615,60 @@ int main(const int argc, char *const arg
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
- * Change to the process's namespace. This means that things will work
|
|
||||||
- * acceptably in containers, because we'll be looking at the correct
|
|
||||||
- * filesystem and have the correct network configuration.
|
|
||||||
+ * 'uid' always points to a host UID, so we must get the corresponding host GID.
|
|
||||||
+ * It's safe to call getpwuid() here because we're still on host NS, i.e. caller
|
|
||||||
+ * application has no control over custom NSS modules.
|
|
||||||
+ *
|
|
||||||
+ * FIXME: if UID is from another NS, or a subuid, this will fail on mount.
|
|
||||||
*/
|
|
||||||
- rc = switch_to_process_ns(arg->pid);
|
|
||||||
- if (rc == -1) {
|
|
||||||
- syslog(LOG_ERR, "unable to switch to process namespace: %s", strerror(errno));
|
|
||||||
+ errno = 0;
|
|
||||||
+ pw = getpwuid(uid);
|
|
||||||
+ if (!pw) {
|
|
||||||
+ syslog(LOG_ERR, "failed to retrieve GID from UID %u: %s", uid,
|
|
||||||
+ strerror(errno ? errno : ENOENT));
|
|
||||||
rc = 1;
|
|
||||||
goto out;
|
|
||||||
}
|
|
||||||
|
|
||||||
- if (trim_capabilities(env_probe))
|
|
||||||
- goto out;
|
|
||||||
+ gid = pw->pw_gid;
|
|
||||||
|
|
||||||
/*
|
|
||||||
* We can't reasonably do this for root. When mounting a DFS share,
|
|
||||||
* for instance we can end up with creds being overridden, but the env
|
|
||||||
* variable left intact.
|
|
||||||
+ *
|
|
||||||
+ * Always check this before NS UID mapping.
|
|
||||||
*/
|
|
||||||
if (uid == 0)
|
|
||||||
env_probe = false;
|
|
||||||
|
|
||||||
/*
|
|
||||||
- * FIXME: this only works if we haven't switched PID namespaces.
|
|
||||||
- * If we did, /proc/arg->pid/ might not exist, or worse, point to something else.
|
|
||||||
+ * Map host 'uid' and 'gid' to the target user NS.
|
|
||||||
+ *
|
|
||||||
+ * Any scenario that involves unmapped UIDs or primary GIDs is not supported -- we
|
|
||||||
+ * don't have, and can't find, all the info that would be necessary to find a
|
|
||||||
+ * UID/GID within all the possible NS combinations.
|
|
||||||
*/
|
|
||||||
- rc = get_uidgid(arg->pid, &uid, &gid);
|
|
||||||
- if (rc) {
|
|
||||||
- syslog(LOG_ERR, "get_uidgid (NS): %s", strerror(errno));
|
|
||||||
+ if (!in_same_user_ns(arg->pid, getpid())) {
|
|
||||||
+ rc = map_uidgid(arg->pid, &uid, &gid);
|
|
||||||
+ if (rc)
|
|
||||||
+ goto out;
|
|
||||||
+ }
|
|
||||||
+ /*
|
|
||||||
+ * Change to the process's namespace. This means that things will work
|
|
||||||
+ * acceptably in containers, because we'll be looking at the correct
|
|
||||||
+ * filesystem and have the correct network configuration.
|
|
||||||
+ */
|
|
||||||
+ rc = switch_to_process_ns(arg->pid);
|
|
||||||
+ if (rc == -1) {
|
|
||||||
+ syslog(LOG_ERR, "unable to switch to process namespace: %s", strerror(errno));
|
|
||||||
rc = 1;
|
|
||||||
goto out;
|
|
||||||
}
|
|
||||||
|
|
||||||
+ if (trim_capabilities(env_probe))
|
|
||||||
+ goto out;
|
|
||||||
+
|
|
||||||
rc = setgid(gid);
|
|
||||||
if (rc) {
|
|
||||||
syslog(LOG_ERR, "setgid: %s", strerror(errno));
|
|
||||||
@ -1,251 +0,0 @@
|
|||||||
From 972c5b5ff95e3e812bc8daa72d0383654ab0dba7 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Enzo Matsumiya <ematsumiya@suse.de>
|
|
||||||
Date: Mon, 15 Jun 2026 14:25:22 -0300
|
|
||||||
Subject: [PATCH] cifs.upcall: remove getpwuid() dependency
|
|
||||||
|
|
||||||
This patch removes getpwuid() and resort to getting UID/GID from
|
|
||||||
/proc/pid/status
|
|
||||||
|
|
||||||
Changes:
|
|
||||||
- add get_uidgid() helper
|
|
||||||
- drop supplementary groups (i.e. move setgroups(0, NULL)) before even
|
|
||||||
decoding spnego key -- those are never needed in any case
|
|
||||||
|
|
||||||
Signed-off-by: Enzo Matsumiya <ematsumiya@suse.de>
|
|
||||||
Reported-by: Shaomin Chen <eeesssooo020@gmail.com>
|
|
||||||
Acked-by: Paulo Alcantara (Red Hat) <pc@manguebit.org>
|
|
||||||
Acked-by: Pavel Shilovskiy <pshilovskiy@microsoft.com>
|
|
||||||
Reviewed-by: Shyam Prasad N <sprasad@microsoft.com>
|
|
||||||
Signed-off-by: Steve French <stfrench@microsoft.com>
|
|
||||||
---
|
|
||||||
cifs.upcall.c | 180 ++++++++++++++++++++++++++++++++++++++++----------
|
|
||||||
1 file changed, 145 insertions(+), 35 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/cifs.upcall.c b/cifs.upcall.c
|
|
||||||
index 52c03280dbe0..ae3294dd61f0 100644
|
|
||||||
--- a/cifs.upcall.c
|
|
||||||
+++ b/cifs.upcall.c
|
|
||||||
@@ -51,7 +51,6 @@
|
|
||||||
#include <netdb.h>
|
|
||||||
#include <arpa/inet.h>
|
|
||||||
#include <ctype.h>
|
|
||||||
-#include <pwd.h>
|
|
||||||
#include <grp.h>
|
|
||||||
#include <stdbool.h>
|
|
||||||
#include <errno.h>
|
|
||||||
@@ -1265,6 +1264,121 @@ static int ip_to_fqdn(const char *addrstr, char *host, size_t hostlen)
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
+/* cover worst case/impossible scenarios, + 1 for NUL */
|
|
||||||
+#define PROC_PID_PATH_MAXLEN ((int)strlen("/proc/2147483647/status") + 1)
|
|
||||||
+/* max valid UID/GID is (UINT_MAX - 1) */
|
|
||||||
+#define INVALID_UIDGID UINT_MAX
|
|
||||||
+
|
|
||||||
+/*
|
|
||||||
+ * get_uidgid - Get @pid's (real) UID and/or GID.
|
|
||||||
+ * @pid: process to get UID/GID from
|
|
||||||
+ * @uidp: pointer to store @pid's UID (can be NULL)
|
|
||||||
+ * @gidp: pointer to store @pid's GID (can be NULL)
|
|
||||||
+ *
|
|
||||||
+ * Extract "Uid:" and "Gid:" fields from /proc/@pid/status.
|
|
||||||
+ * Do so based on whether @uidp or @gidp are NULL.
|
|
||||||
+ *
|
|
||||||
+ * This function assumes we're on the same namespace as @pid.
|
|
||||||
+ *
|
|
||||||
+ * Return: 0 on success, -1 otherwise (errno set).
|
|
||||||
+ *
|
|
||||||
+ * On errors, *@uidp and *@gidp are set to INVALID_UIDGID.
|
|
||||||
+ */
|
|
||||||
+static int get_uidgid(pid_t pid, uid_t *uidp, gid_t *gidp)
|
|
||||||
+{
|
|
||||||
+ char path[PROC_PID_PATH_MAXLEN] = {}, buf[256];
|
|
||||||
+ FILE *fp = NULL;
|
|
||||||
+ int ret;
|
|
||||||
+
|
|
||||||
+ errno = 0;
|
|
||||||
+ if (pid < 0 || (!uidp && !gidp)) {
|
|
||||||
+ errno = EINVAL;
|
|
||||||
+ return -1;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ if (uidp)
|
|
||||||
+ *uidp = INVALID_UIDGID;
|
|
||||||
+
|
|
||||||
+ if (gidp)
|
|
||||||
+ *gidp = INVALID_UIDGID;
|
|
||||||
+
|
|
||||||
+ ret = snprintf(path, PROC_PID_PATH_MAXLEN, "/proc/%d/status", pid);
|
|
||||||
+ if (ret < 0 || ret >= PROC_PID_PATH_MAXLEN) {
|
|
||||||
+ if (!errno)
|
|
||||||
+ errno = ENAMETOOLONG;
|
|
||||||
+ return -1;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ fp = fopen(path, "r");
|
|
||||||
+ if (!fp) {
|
|
||||||
+ ret = -1;
|
|
||||||
+ goto out;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ /* Parse /proc/pid/status fields */
|
|
||||||
+ errno = 0;
|
|
||||||
+ ret = -1;
|
|
||||||
+ while (fgets(buf, 256, fp)) {
|
|
||||||
+ unsigned long long val;
|
|
||||||
+
|
|
||||||
+ errno = ENODATA;
|
|
||||||
+ if ((!uidp || strncmp(buf, "Uid:", 4)) && (!gidp || strncmp(buf, "Gid:", 4)))
|
|
||||||
+ continue;
|
|
||||||
+
|
|
||||||
+ errno = 0;
|
|
||||||
+
|
|
||||||
+ /*
|
|
||||||
+ * Example line format (same for both Uid/Gid):
|
|
||||||
+ * "Uid:\t%u\t%u\%u\%u"
|
|
||||||
+ *
|
|
||||||
+ * Where the numbers represents:
|
|
||||||
+ * <real> <effective> <saved> <fsuid>
|
|
||||||
+ *
|
|
||||||
+ * We're only interested in the <real> value.
|
|
||||||
+ *
|
|
||||||
+ * (field names "Uid:"/"Gid:" parsed above, skip it)
|
|
||||||
+ */
|
|
||||||
+ ret = sscanf(&buf[0] + 4, "%llu", &val);
|
|
||||||
+ if (ret != 1) {
|
|
||||||
+ ret = -1;
|
|
||||||
+ if (errno)
|
|
||||||
+ break;
|
|
||||||
+ continue;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ ret = -1;
|
|
||||||
+ if (val >= UINT_MAX) {
|
|
||||||
+ errno = EINVAL;
|
|
||||||
+ break;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ if (uidp && !strncmp(buf, "Uid:", 4))
|
|
||||||
+ *uidp = (uid_t)val;
|
|
||||||
+ else
|
|
||||||
+ *gidp = (gid_t)val;
|
|
||||||
+
|
|
||||||
+ if ((!uidp || *uidp != INVALID_UIDGID) && (!gidp || *gidp != INVALID_UIDGID)) {
|
|
||||||
+ errno = 0;
|
|
||||||
+ ret = 0;
|
|
||||||
+ break;
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+out:
|
|
||||||
+ if (fp)
|
|
||||||
+ fclose(fp);
|
|
||||||
+
|
|
||||||
+ if (ret) {
|
|
||||||
+ syslog(LOG_DEBUG, "%s(pid=%d): %s", __func__, pid, strerror(errno));
|
|
||||||
+ if (uidp)
|
|
||||||
+ *uidp = INVALID_UIDGID;
|
|
||||||
+
|
|
||||||
+ if (gidp)
|
|
||||||
+ *gidp = INVALID_UIDGID;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ return ret;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
/* walk a string and lowercase it in-place */
|
|
||||||
static void
|
|
||||||
lowercase_string(char *c)
|
|
||||||
@@ -1306,10 +1420,10 @@ int main(const int argc, char *const argv[])
|
|
||||||
struct decoded_args *arg = NULL;
|
|
||||||
const char *oid;
|
|
||||||
uid_t uid;
|
|
||||||
+ gid_t gid;
|
|
||||||
char *keytab_name = NULL;
|
|
||||||
char *env_cachename = NULL;
|
|
||||||
krb5_ccache ccache = NULL;
|
|
||||||
- struct passwd *pw;
|
|
||||||
unsigned expire_time = DNS_RESOLVER_DEFAULT_TIMEOUT;
|
|
||||||
const char *key_descr = NULL;
|
|
||||||
|
|
||||||
@@ -1396,6 +1510,17 @@ int main(const int argc, char *const argv[])
|
|
||||||
* Otherwise, it's a spnego key request
|
|
||||||
*/
|
|
||||||
|
|
||||||
+ /*
|
|
||||||
+ * We don't need supplementary groups, ever.
|
|
||||||
+ * Drop them ASAP.
|
|
||||||
+ */
|
|
||||||
+ rc = setgroups(0, NULL);
|
|
||||||
+ if (rc == -1) {
|
|
||||||
+ syslog(LOG_ERR, "setgroups: %s", strerror(errno));
|
|
||||||
+ rc = 1;
|
|
||||||
+ goto out;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
rc = decode_key_description(buf, &arg);
|
|
||||||
free(buf);
|
|
||||||
if (rc) {
|
|
||||||
@@ -1450,38 +1575,6 @@ int main(const int argc, char *const argv[])
|
|
||||||
if (trim_capabilities(env_probe))
|
|
||||||
goto out;
|
|
||||||
|
|
||||||
- /*
|
|
||||||
- * The kernel doesn't pass down the gid, so we resort here to scraping
|
|
||||||
- * one out of the passwd nss db. Note that this might not reflect the
|
|
||||||
- * actual gid of the process that initiated the upcall. While we could
|
|
||||||
- * scrape that out of /proc, relying on that is a bit more risky.
|
|
||||||
- */
|
|
||||||
- pw = getpwuid(uid);
|
|
||||||
- if (!pw) {
|
|
||||||
- syslog(LOG_ERR, "Unable to find pw entry for uid %d: %s\n",
|
|
||||||
- uid, strerror(errno));
|
|
||||||
- rc = 1;
|
|
||||||
- goto out;
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
- /*
|
|
||||||
- * The kernel should send down a zero-length grouplist already, but
|
|
||||||
- * just to be on the safe side...
|
|
||||||
- */
|
|
||||||
- rc = setgroups(0, NULL);
|
|
||||||
- if (rc == -1) {
|
|
||||||
- syslog(LOG_ERR, "setgroups: %s", strerror(errno));
|
|
||||||
- rc = 1;
|
|
||||||
- goto out;
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
- rc = setgid(pw->pw_gid);
|
|
||||||
- if (rc == -1) {
|
|
||||||
- syslog(LOG_ERR, "setgid: %s", strerror(errno));
|
|
||||||
- rc = 1;
|
|
||||||
- goto out;
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
/*
|
|
||||||
* We can't reasonably do this for root. When mounting a DFS share,
|
|
||||||
* for instance we can end up with creds being overridden, but the env
|
|
||||||
@@ -1490,6 +1583,24 @@ int main(const int argc, char *const argv[])
|
|
||||||
if (uid == 0)
|
|
||||||
env_probe = false;
|
|
||||||
|
|
||||||
+ /*
|
|
||||||
+ * FIXME: this only works if we haven't switched PID namespaces.
|
|
||||||
+ * If we did, /proc/arg->pid/ might not exist, or worse, point to something else.
|
|
||||||
+ */
|
|
||||||
+ rc = get_uidgid(arg->pid, &uid, &gid);
|
|
||||||
+ if (rc) {
|
|
||||||
+ syslog(LOG_ERR, "get_uidgid (NS): %s", strerror(errno));
|
|
||||||
+ rc = 1;
|
|
||||||
+ goto out;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ rc = setgid(gid);
|
|
||||||
+ if (rc) {
|
|
||||||
+ syslog(LOG_ERR, "setgid: %s", strerror(errno));
|
|
||||||
+ rc = 1;
|
|
||||||
+ goto out;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
/*
|
|
||||||
* Must do this before setuid, as we need elevated capabilities to
|
|
||||||
* look at the environ file.
|
|
||||||
41
SOURCES/docs-Enable-debug-logs.patch
Normal file
41
SOURCES/docs-Enable-debug-logs.patch
Normal file
@ -0,0 +1,41 @@
|
|||||||
|
From 224512b9e62c886fd8d9802bc50a7702c4fe4517 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Pierguido Lambri <plambri@redhat.com>
|
||||||
|
Date: Fri, 30 Jan 2026 14:11:27 +0000
|
||||||
|
Subject: [PATCH 2/3] docs: Enable debug logs
|
||||||
|
|
||||||
|
Documented a new option '-d' to enable debug logs.
|
||||||
|
By default only error logs are enabled, with this new option
|
||||||
|
debug logs can be enabled when needed.
|
||||||
|
|
||||||
|
Signed-off-by: Pierguido Lambri <plambri@redhat.com>
|
||||||
|
Reviewed-by: Paulo Alcantara (Red Hat) <pc@manguebit.org>
|
||||||
|
---
|
||||||
|
cifs.upcall.rst.in | 5 ++++-
|
||||||
|
1 file changed, 4 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/cifs.upcall.rst.in b/cifs.upcall.rst.in
|
||||||
|
index 09d0503591d6..895efc53ef50 100644
|
||||||
|
--- a/cifs.upcall.rst.in
|
||||||
|
+++ b/cifs.upcall.rst.in
|
||||||
|
@@ -11,7 +11,7 @@ Userspace upcall helper for Common Internet File System (CIFS)
|
||||||
|
SYNOPSIS
|
||||||
|
********
|
||||||
|
|
||||||
|
- cifs.upcall [--trust-dns|-t] [--version|-v] [--legacy-uid|-l]
|
||||||
|
+ cifs.upcall [--trust-dns|-t] [--version|-v] [--legacy-uid|-l] [--debug|-d]
|
||||||
|
[--krb5conf=/path/to/krb5.conf|-k /path/to/krb5.conf]
|
||||||
|
[--keytab=/path/to/keytab|-K /path/to/keytab] [--expire|-e nsecs] {keyid}
|
||||||
|
|
||||||
|
@@ -38,6 +38,9 @@ OPTIONS
|
||||||
|
-c
|
||||||
|
This option is deprecated and is currently ignored.
|
||||||
|
|
||||||
|
+--debug|-d
|
||||||
|
+ Enable debug logs. By default no debug messages are logged, only errors.
|
||||||
|
+
|
||||||
|
--no-env-probe|-E
|
||||||
|
Normally, ``cifs.upcall`` will probe the environment variable space of
|
||||||
|
the process that initiated the upcall in order to fetch the value of
|
||||||
|
--
|
||||||
|
2.52.0
|
||||||
|
|
||||||
@ -1,35 +0,0 @@
|
|||||||
From 4d87803f386764ed0b5949ccf70fc684b744b83a Mon Sep 17 00:00:00 2001
|
|
||||||
From: Paulo Alcantara <pc@manguebit.org>
|
|
||||||
Date: Tue, 25 Nov 2025 17:58:29 -0300
|
|
||||||
Subject: [PATCH] docs: update echo_interval description
|
|
||||||
|
|
||||||
It is '3 * echo_interval' since upstream commit f2caf901c1b7 ("cifs:
|
|
||||||
Fix a race condition with cifs_echo_request").
|
|
||||||
|
|
||||||
Reported-by: Alexandros Panagiotou <apanagio@redhat.com>
|
|
||||||
Signed-off-by: Paulo Alcantara (Red Hat) <pc@manguebit.org>
|
|
||||||
Cc: Steve French <smfrench@gmail.com>
|
|
||||||
Cc: linux-cifs@vger.kernel.org
|
|
||||||
Signed-off-by: Steve French <stfrench@microsoft.com>
|
|
||||||
---
|
|
||||||
mount.cifs.rst | 4 ++--
|
|
||||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/mount.cifs.rst b/mount.cifs.rst
|
|
||||||
index 9eee7d5afc06..52fe492a5d37 100644
|
|
||||||
--- a/mount.cifs.rst
|
|
||||||
+++ b/mount.cifs.rst
|
|
||||||
@@ -484,8 +484,8 @@ echo_interval=n
|
|
||||||
sets the interval at which echo requests are sent to the server on an
|
|
||||||
idling connection. This setting also affects the time required for a
|
|
||||||
connection to an unresponsive server to timeout. Here n is the echo
|
|
||||||
- interval in seconds. The reconnection happens at twice the value of the
|
|
||||||
- echo_interval set for an unresponsive server.
|
|
||||||
+ interval in seconds. The reconnection happens at three times the
|
|
||||||
+ value of the echo_interval set for an unresponsive server.
|
|
||||||
If this option is not given then the default value of 60 seconds is used.
|
|
||||||
The minimum tunable value is 1 second and maximum can go up to 600 seconds.
|
|
||||||
|
|
||||||
--
|
|
||||||
2.53.0
|
|
||||||
|
|
||||||
@ -1,49 +0,0 @@
|
|||||||
From e7ec0032898d855be144c0cdc9d9e3f78ae01bf2 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Paulo Alcantara <pc@manguebit.com>
|
|
||||||
Date: Sun, 10 Mar 2024 22:24:24 -0300
|
|
||||||
Subject: [PATCH 1/2] mount.cifs.rst: add missing reference for sssd
|
|
||||||
|
|
||||||
Reference sssd in mount.cifs(8) as it can be used instead of winbind
|
|
||||||
via cifs.idmap utility. It's also enabled by default in most systems.
|
|
||||||
|
|
||||||
Signed-off-by: Paulo Alcantara (Red Hat) <pc@manguebit.com>
|
|
||||||
---
|
|
||||||
mount.cifs.rst | 14 +++++++-------
|
|
||||||
1 file changed, 7 insertions(+), 7 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/mount.cifs.rst b/mount.cifs.rst
|
|
||||||
index 3becf200e038..64127b23cf17 100644
|
|
||||||
--- a/mount.cifs.rst
|
|
||||||
+++ b/mount.cifs.rst
|
|
||||||
@@ -773,10 +773,10 @@ specified in the following Microsoft TechNet document:
|
|
||||||
In order to map SIDs to/from UIDs and GIDs, the following is required:
|
|
||||||
|
|
||||||
- a kernel upcall to the ``cifs.idmap`` utility set up via request-key.conf(5)
|
|
||||||
-- winbind support configured via nsswitch.conf(5) and smb.conf(5)
|
|
||||||
+- winbind or sssd support configured via nsswitch.conf(5)
|
|
||||||
|
|
||||||
-Please refer to the respective manpages of cifs.idmap(8) and
|
|
||||||
-winbindd(8) for more information.
|
|
||||||
+Please refer to the respective manpages of cifs.idmap(8), winbindd(8)
|
|
||||||
+and sssd(8) for more information.
|
|
||||||
|
|
||||||
Security descriptors for a file object can be retrieved and set
|
|
||||||
directly using extended attribute named ``system.cifs_acl``. The
|
|
||||||
@@ -792,10 +792,10 @@ Some of the things to consider while using this mount option:
|
|
||||||
- The mapping between a CIFS/NTFS ACL and POSIX file permission bits
|
|
||||||
is imperfect and some ACL information may be lost in the
|
|
||||||
translation.
|
|
||||||
-- If either upcall to cifs.idmap is not setup correctly or winbind is
|
|
||||||
- not configured and running, ID mapping will fail. In that case uid
|
|
||||||
- and gid will default to either to those values of the share or to
|
|
||||||
- the values of uid and/or gid mount options if specified.
|
|
||||||
+- If either upcall to cifs.idmap is not setup correctly or winbind or
|
|
||||||
+ sssd is not configured and running, ID mapping will fail. In that
|
|
||||||
+ case uid and gid will default to either to those values of the share
|
|
||||||
+ or to the values of uid and/or gid mount options if specified.
|
|
||||||
|
|
||||||
**********************************
|
|
||||||
ACCESSING FILES WITH BACKUP INTENT
|
|
||||||
--
|
|
||||||
2.44.0
|
|
||||||
|
|
||||||
@ -1,59 +0,0 @@
|
|||||||
From 4718e09e4b15b957bf9d729793bc3de7caad8134 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Paulo Alcantara <pc@manguebit.com>
|
|
||||||
Date: Sun, 10 Mar 2024 22:24:25 -0300
|
|
||||||
Subject: [PATCH 2/2] mount.cifs.rst: update section about xattr/acl support
|
|
||||||
|
|
||||||
Update section about required xattr/acl support for UID/GID mapping.
|
|
||||||
|
|
||||||
Signed-off-by: Paulo Alcantara (Red Hat) <pc@manguebit.com>
|
|
||||||
---
|
|
||||||
mount.cifs.rst | 26 +++++++++++++++++++-------
|
|
||||||
1 file changed, 19 insertions(+), 7 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/mount.cifs.rst b/mount.cifs.rst
|
|
||||||
index 64127b23cf17..d82a13c932b3 100644
|
|
||||||
--- a/mount.cifs.rst
|
|
||||||
+++ b/mount.cifs.rst
|
|
||||||
@@ -321,11 +321,12 @@ soft
|
|
||||||
noacl
|
|
||||||
Do not allow POSIX ACL operations even if server would support them.
|
|
||||||
|
|
||||||
- The CIFS client can get and set POSIX ACLs (getfacl, setfacl) to Samba
|
|
||||||
- servers version 3.0.10 and later. Setting POSIX ACLs requires enabling
|
|
||||||
- both ``CIFS_XATTR`` and then ``CIFS_POSIX`` support in the CIFS
|
|
||||||
- configuration options when building the cifs module. POSIX ACL support
|
|
||||||
- can be disabled on a per mount basis by specifying ``noacl`` on mount.
|
|
||||||
+ The CIFS client can get and set POSIX ACLs (getfacl, setfacl) to
|
|
||||||
+ Samba servers version 3.0.10 and later. Setting POSIX ACLs requires
|
|
||||||
+ enabling both ``CONFIG_CIFS_XATTR`` and then ``CONFIG_CIFS_POSIX``
|
|
||||||
+ support in the CIFS configuration options when building the cifs
|
|
||||||
+ module. POSIX ACL support can be disabled on a per mount basis by
|
|
||||||
+ specifying ``noacl`` on mount.
|
|
||||||
|
|
||||||
cifsacl
|
|
||||||
This option is used to map CIFS/NTFS ACLs to/from Linux permission
|
|
||||||
@@ -762,8 +763,19 @@ bits, and POSIX ACL as user authentication model. This is the most
|
|
||||||
common authentication model for CIFS servers and is the one used by
|
|
||||||
Windows.
|
|
||||||
|
|
||||||
-Support for this requires both CIFS_XATTR and CIFS_ACL support in the
|
|
||||||
-CIFS configuration options when building the cifs module.
|
|
||||||
+Support for this requires cifs kernel module built with both
|
|
||||||
+``CONFIG_CIFS_XATTR`` and ``CONFIG_CIFS_ACL`` options enabled. Since
|
|
||||||
+Linux 5.3, ``CONFIG_CIFS_ACL`` option no longer exists as CIFS/NTFS
|
|
||||||
+ACL support is always built into cifs kernel module.
|
|
||||||
+
|
|
||||||
+Most distribution kernels will already have those options enabled by
|
|
||||||
+default, but you can still check if they are enabled with::
|
|
||||||
+
|
|
||||||
+ cat /lib/modules/$(uname -r)/build/.config
|
|
||||||
+
|
|
||||||
+Alternatively, if kernel is configured with ``CONFIG_IKCONFIG_PROC``::
|
|
||||||
+
|
|
||||||
+ zcat /proc/config.gz
|
|
||||||
|
|
||||||
A CIFS/NTFS ACL is mapped to file permission bits using an algorithm
|
|
||||||
specified in the following Microsoft TechNet document:
|
|
||||||
--
|
|
||||||
2.44.0
|
|
||||||
|
|
||||||
@ -1,30 +1,42 @@
|
|||||||
|
## START: Set by rpmautospec
|
||||||
|
## (rpmautospec version 0.6.5)
|
||||||
|
## RPMAUTOSPEC: autorelease, autochangelog
|
||||||
|
%define autorelease(e:s:pb:n) %{?-p:0.}%{lua:
|
||||||
|
release_number = 1;
|
||||||
|
base_release_number = tonumber(rpm.expand("%{?-b*}%{!?-b:1}"));
|
||||||
|
print(release_number + base_release_number - 1);
|
||||||
|
}%{?-e:.%{-e*}}%{?-s:.%{-s*}}%{!?-n:%{?dist}}
|
||||||
|
## END: Set by rpmautospec
|
||||||
|
|
||||||
#% define pre_release rc1
|
#% define pre_release rc1
|
||||||
%define pre_release %nil
|
%define pre_release %nil
|
||||||
|
|
||||||
|
%global bash_completion_dir %(pkg-config --variable=completionsdir bash-completion || echo /etc/bash_completion.d)
|
||||||
|
|
||||||
Name: cifs-utils
|
Name: cifs-utils
|
||||||
Version: 7.0
|
Version: 7.5
|
||||||
Release: 5%{pre_release}%{?dist}
|
Release: %autorelease
|
||||||
Summary: Utilities for mounting and managing CIFS mounts
|
Summary: Utilities for mounting and managing CIFS mounts
|
||||||
|
|
||||||
Group: System Environment/Daemons
|
License: GPL-3.0-only
|
||||||
License: GPLv3
|
|
||||||
URL: http://linux-cifs.samba.org/cifs-utils/
|
URL: http://linux-cifs.samba.org/cifs-utils/
|
||||||
|
|
||||||
BuildRequires: libcap-ng-devel libtalloc-devel krb5-devel keyutils-libs-devel autoconf automake libwbclient-devel pam-devel
|
BuildRequires: gcc
|
||||||
BuildRequires: python3-docutils
|
BuildRequires: libcap-ng-devel libtalloc-devel krb5-devel keyutils-libs-devel autoconf automake libwbclient-devel pam-devel
|
||||||
|
BuildRequires: python3-docutils
|
||||||
|
BuildRequires: make
|
||||||
|
|
||||||
Requires: keyutils
|
Requires: keyutils
|
||||||
Requires(post): /usr/sbin/alternatives
|
Requires(post): /usr/sbin/alternatives
|
||||||
Requires(preun): /usr/sbin/alternatives
|
Requires(preun): /usr/sbin/alternatives
|
||||||
|
|
||||||
|
Recommends: %{name}-info%{?_isa} = %{version}-%{release}
|
||||||
|
|
||||||
Source0: https://download.samba.org/pub/linux-cifs/cifs-utils/%{name}-%{version}.tar.bz2
|
Source0: https://download.samba.org/pub/linux-cifs/cifs-utils/%{name}-%{version}.tar.bz2
|
||||||
Patch1: 0001-Use-explicit-usr-bin-python3.patch
|
|
||||||
Patch2: mount.cifs.rst-add-missing-reference-for-sssd.patch
|
Patch0: cifs.upcall-add-option-to-enable-debug-logs.patch
|
||||||
Patch3: mount.cifs.rst-update-section-about-xattr-acl-suppor.patch
|
Patch1: docs-Enable-debug-logs.patch
|
||||||
Patch4: docs-update-echo_interval-description.patch
|
Patch2: cifs.upcall-Adjust-log-level.patch
|
||||||
Patch5: cifs.upcall-remove-getpwuid-dependency.patch
|
|
||||||
Patch6: cifs.upcall-fix-compiler-warning-with-Wvla.patch
|
|
||||||
Patch7: cifs.upcall-fix-regression-with-krb5-creduid.patch
|
|
||||||
|
|
||||||
%description
|
%description
|
||||||
The SMB/CIFS protocol is a standard file sharing protocol widely deployed
|
The SMB/CIFS protocol is a standard file sharing protocol widely deployed
|
||||||
@ -36,7 +48,6 @@ file system.
|
|||||||
|
|
||||||
%package devel
|
%package devel
|
||||||
Summary: Files needed for building plugins for cifs-utils
|
Summary: Files needed for building plugins for cifs-utils
|
||||||
Group: Development/Libraries
|
|
||||||
|
|
||||||
%description devel
|
%description devel
|
||||||
The SMB/CIFS protocol is a standard file sharing protocol widely deployed
|
The SMB/CIFS protocol is a standard file sharing protocol widely deployed
|
||||||
@ -45,7 +56,6 @@ necessary for building ID mapping plugins for cifs-utils.
|
|||||||
|
|
||||||
%package -n pam_cifscreds
|
%package -n pam_cifscreds
|
||||||
Summary: PAM module to manage NTLM credentials in kernel keyring
|
Summary: PAM module to manage NTLM credentials in kernel keyring
|
||||||
Group: System Environment/Base
|
|
||||||
|
|
||||||
%description -n pam_cifscreds
|
%description -n pam_cifscreds
|
||||||
The pam_cifscreds PAM module is a tool for automatically adding
|
The pam_cifscreds PAM module is a tool for automatically adding
|
||||||
@ -58,16 +68,10 @@ for each user from somewhere. The pam_cifscreds module can be used to
|
|||||||
provide these credentials to the kernel automatically at login.
|
provide these credentials to the kernel automatically at login.
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q -n %{name}-%{version}%{pre_release}
|
%autosetup -n %{name}-%{version}%{pre_release} -p1
|
||||||
%patch1 -p1
|
|
||||||
%patch2 -p1
|
|
||||||
%patch3 -p1
|
|
||||||
%patch4 -p1
|
|
||||||
%patch5 -p1
|
|
||||||
%patch6 -p1
|
|
||||||
%patch7 -p1
|
|
||||||
|
|
||||||
%build
|
%build
|
||||||
|
grep -F -r -l '/usr/bin/env python' | xargs --no-run-if-empty -n1 sed -i 's@/usr/bin/env python.*@%python3@g'
|
||||||
autoreconf -i
|
autoreconf -i
|
||||||
%configure --prefix=/usr ROOTSBINDIR=%{_sbindir}
|
%configure --prefix=/usr ROOTSBINDIR=%{_sbindir}
|
||||||
make %{?_smp_mflags}
|
make %{?_smp_mflags}
|
||||||
@ -79,42 +83,40 @@ mkdir -p %{buildroot}%{_sysconfdir}/%{name}
|
|||||||
mkdir -p %{buildroot}%{_sysconfdir}/request-key.d
|
mkdir -p %{buildroot}%{_sysconfdir}/request-key.d
|
||||||
install -m 644 contrib/request-key.d/cifs.idmap.conf %{buildroot}%{_sysconfdir}/request-key.d
|
install -m 644 contrib/request-key.d/cifs.idmap.conf %{buildroot}%{_sysconfdir}/request-key.d
|
||||||
install -m 644 contrib/request-key.d/cifs.spnego.conf %{buildroot}%{_sysconfdir}/request-key.d
|
install -m 644 contrib/request-key.d/cifs.spnego.conf %{buildroot}%{_sysconfdir}/request-key.d
|
||||||
|
install -Dpm 644 bash-completion/smbinfo %{buildroot}%{_datadir}%{bash_completion_dir}/smbinfo
|
||||||
|
|
||||||
%files
|
%files
|
||||||
%defattr(-,root,root,-)
|
|
||||||
%doc
|
%doc
|
||||||
|
%license COPYING
|
||||||
%{_bindir}/getcifsacl
|
%{_bindir}/getcifsacl
|
||||||
%{_bindir}/setcifsacl
|
%{_bindir}/setcifsacl
|
||||||
%{_bindir}/cifscreds
|
%{_bindir}/cifscreds
|
||||||
%{_bindir}/smbinfo
|
|
||||||
%{_bindir}/smb2-quota
|
|
||||||
%{_sbindir}/mount.cifs
|
%{_sbindir}/mount.cifs
|
||||||
%{_sbindir}/mount.smb3
|
%{_sbindir}/mount.smb3
|
||||||
%{_sbindir}/cifs.upcall
|
%{_sbindir}/cifs.upcall
|
||||||
%{_sbindir}/cifs.idmap
|
%{_sbindir}/cifs.idmap
|
||||||
%dir %{_libdir}/%{name}
|
%dir %{_libdir}/%{name}
|
||||||
%{_libdir}/%{name}/idmapwb.so
|
%{_libdir}/%{name}/idmapwb.so
|
||||||
%{_mandir}/man1/getcifsacl.1.gz
|
%{_mandir}/man1/getcifsacl.*
|
||||||
%{_mandir}/man1/setcifsacl.1.gz
|
%{_mandir}/man1/setcifsacl.*
|
||||||
%{_mandir}/man1/cifscreds.1.gz
|
%{_mandir}/man1/cifscreds.*
|
||||||
%{_mandir}/man1/smbinfo.1.gz
|
%{_mandir}/man8/cifs.upcall.*
|
||||||
%{_mandir}/man1/smb2-quota.1.gz
|
%{_mandir}/man8/cifs.idmap.*
|
||||||
%{_mandir}/man8/cifs.upcall.8.gz
|
%{_mandir}/man8/mount.cifs.*
|
||||||
%{_mandir}/man8/cifs.idmap.8.gz
|
%{_mandir}/man8/mount.smb3.*
|
||||||
%{_mandir}/man8/mount.cifs.8.gz
|
%{_mandir}/man8/idmapwb.*
|
||||||
%{_mandir}/man8/mount.smb3.8.gz
|
%{_datadir}%{bash_completion_dir}/smbinfo
|
||||||
%{_mandir}/man8/idmapwb.8.gz
|
|
||||||
%dir %{_sysconfdir}/cifs-utils
|
%dir %{_sysconfdir}/cifs-utils
|
||||||
%ghost %{_sysconfdir}/cifs-utils/idmap-plugin
|
%ghost %{_sysconfdir}/cifs-utils/idmap-plugin
|
||||||
%config(noreplace) %{_sysconfdir}/request-key.d/cifs.idmap.conf
|
%config(noreplace) %{_sysconfdir}/request-key.d/cifs.idmap.conf
|
||||||
%config(noreplace) %{_sysconfdir}/request-key.d/cifs.spnego.conf
|
%config(noreplace) %{_sysconfdir}/request-key.d/cifs.spnego.conf
|
||||||
|
|
||||||
%post
|
%post
|
||||||
/usr/sbin/alternatives --install /etc/cifs-utils/idmap-plugin cifs-idmap-plugin %{_libdir}/%{name}/idmapwb.so 10
|
alternatives --install /etc/cifs-utils/idmap-plugin cifs-idmap-plugin %{_libdir}/%{name}/idmapwb.so 10
|
||||||
|
|
||||||
%preun
|
%preun
|
||||||
if [ $1 = 0 ]; then
|
if [ $1 = 0 ]; then
|
||||||
/usr/sbin/alternatives --remove cifs-idmap-plugin %{_libdir}/%{name}/idmapwb.so
|
alternatives --remove cifs-idmap-plugin %{_libdir}/%{name}/idmapwb.so
|
||||||
fi
|
fi
|
||||||
|
|
||||||
%files devel
|
%files devel
|
||||||
@ -124,56 +126,102 @@ fi
|
|||||||
%{_libdir}/security/pam_cifscreds.so
|
%{_libdir}/security/pam_cifscreds.so
|
||||||
%{_mandir}/man8/pam_cifscreds.8.gz
|
%{_mandir}/man8/pam_cifscreds.8.gz
|
||||||
|
|
||||||
|
# This subpackage also serves the purpose of avoiding a Python dependency on
|
||||||
|
# the main package: https://bugzilla.redhat.com/show_bug.cgi?id=1909288.
|
||||||
|
%package info
|
||||||
|
Summary: Additional tools for querying information about CIFS mount
|
||||||
|
Requires: %{name}%{?_isa} = %{version}-%{release}
|
||||||
|
|
||||||
|
%description info
|
||||||
|
This subpackage includes additional tools for querying information
|
||||||
|
about CIFS mount.
|
||||||
|
|
||||||
|
%files info
|
||||||
|
%{_bindir}/smb2-quota
|
||||||
|
%{_bindir}/smbinfo
|
||||||
|
%{_mandir}/man1/smb2-quota.*
|
||||||
|
%{_mandir}/man1/smbinfo.*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Tue Jul 7 2026 Paulo Alcantara <paalcant@redhat.com> - 7.0-5
|
## START: Generated by rpmautospec
|
||||||
- resolves: RHEL-192933 - fix krb5 mount regression
|
* Tue Feb 03 2026 Paulo Alcantara <paalcant@redhat.com> - 7.5-1
|
||||||
|
- resolves: RHEL-127499 - Enable debug logs in cifs.upcall
|
||||||
|
|
||||||
* Thu Jun 25 2026 Paulo Alcantara <paalcant@redhat.com> - 7.0-4
|
* Wed Nov 26 2025 Paulo Alcantara <paalcant@redhat.com> - 7.4-1
|
||||||
- cifs.upcall: remove getpwuid dependency
|
- resolves: RHEL-110765 - fix regression with cifscreds(1)
|
||||||
- cifs.upcall: fix compiler warning with -Wvla
|
|
||||||
- Resolves: RHEL-185759 - Fix CVE-2026-12505
|
|
||||||
|
|
||||||
* Thu Feb 19 2026 Paulo Alcantara <paalcant@redhat.com> - 7.0-3
|
* Fri Mar 07 2025 Paulo Alcantara <paalcant@redhat.com> - 7.2-1
|
||||||
- docs: update echo_interval description
|
- resolves: RHEL-82680 - Update to version 7.2
|
||||||
- Resolves: RHEL-80397
|
|
||||||
|
|
||||||
* Thu Jun 13 2024 Paulo Alcantara <paalcant@redhat.com> - 7.0-2
|
* Wed Oct 09 2024 Pavel Filipenský <pfilipensky@samba.org> - 7.1-2
|
||||||
|
- Fix damaged test filename
|
||||||
|
|
||||||
|
* Tue Oct 08 2024 Pavel Filipenský <pfilipensky@samba.org> - 7.1-1
|
||||||
|
- resolves: RHEL-61732 - Update to version 7.1
|
||||||
|
|
||||||
|
* Mon Apr 22 2024 Paulo Alcantara <paalcant@redhat.com> - 7.0-5
|
||||||
|
- Implement CLDAP Ping to find the closest site
|
||||||
|
- Resolves: RHELPLAN-17597
|
||||||
|
|
||||||
|
* Tue Apr 16 2024 Paulo Alcantara <paalcant@redhat.com> - 7.0-4
|
||||||
- mount.cifs.rst: add missing reference for sssd
|
- mount.cifs.rst: add missing reference for sssd
|
||||||
- mount.cifs.rst: update section about xattr/acl support
|
- mount.cifs.rst: update section about xattr/acl support
|
||||||
- Resolves: RHEL-41059
|
- Resolves: RHEL-22495
|
||||||
|
|
||||||
|
* Fri Apr 12 2024 Paulo Alcantara <paalcant@redhat.com> - 7.0-3
|
||||||
|
- pam_cifscreds: fix NULL arg warning passed to pam_syslog()
|
||||||
|
- Resolves: RHEL-28050
|
||||||
|
|
||||||
|
* Fri Apr 12 2024 Paulo Alcantara <paalcant@redhat.com> - 7.0-2
|
||||||
|
- cifs.upcall: fix UAF in get_cachename_from_process_env()
|
||||||
|
- Resolves: RHEL-28047
|
||||||
|
|
||||||
* Mon Jan 30 2023 Pavel Filipenský <pfilipen@redhat.com> - 7.0-1
|
* Mon Jan 30 2023 Pavel Filipenský <pfilipen@redhat.com> - 7.0-1
|
||||||
- Update to cifs-utils-7.0
|
- Update to cifs-utils-7.0
|
||||||
- Resolves: rhbz#2163373
|
- Resolves: rhbz#2163303
|
||||||
|
|
||||||
* Thu Dec 12 2019 Sachin Prabhu <sprabhu@redhat.com> - 6.8-3
|
* Wed Feb 02 2022 Alexander Bokovoy <abokovoy@redhat.com> - 6.14
|
||||||
- Add manual gating tests
|
- Update to v6.14 release
|
||||||
- docs: cleanup rst formating
|
- Resolves: rhbz#1925956
|
||||||
- mount.cifs.rst: document new (no)handlecache mount option
|
|
||||||
- manpage: update mount.cifs manpage with info about rdma option
|
|
||||||
- checkopts: add python script to cross check mount options
|
|
||||||
- mount.cifs.rst: document missing options, correct wrong ones
|
|
||||||
- checkopts: report duplicated options in man page
|
|
||||||
- mount.cifs.rst: more cleanups
|
|
||||||
- mount.cifs.rst: document vers=3 mount option
|
|
||||||
- mount.cifs.rst: document vers=3.02 mount option
|
|
||||||
- cifs: Allow DNS resolver key to expire
|
|
||||||
- mount.cifs: be more verbose and helpful regarding mount errors
|
|
||||||
- Update mount.cifs with vers=default mount option and SMBv3.0.2
|
|
||||||
- mount.cifs.rst: update vers=3.1.1 option description
|
|
||||||
- getcifsacl: Do not go to parse_sec_desc if getxattr fails.
|
|
||||||
- getcifsacl: Improve help usage and add -h option.
|
|
||||||
- setcifsacl: fix adding ACE when owner sid in unexpected location
|
|
||||||
- cifs.upcall: fix a compiler warning
|
|
||||||
- mount.cifs Add various missing parms from the help text
|
|
||||||
- mount.cifs: add more options to help message
|
|
||||||
- mount.cifs: detect GMT format of snapshot version
|
|
||||||
- Update man page for mount.cifs to add new options
|
|
||||||
- mount.cifs.rst: mention kernel version for snapshots
|
|
||||||
- Fix authors and maintainers
|
|
||||||
|
|
||||||
* Tue Jul 17 2018 Alexander Bokovoy <abokovoy@redhat.com> - 6.8-2
|
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 6.11-5
|
||||||
- Use Python 3 version of rst2man utility for generating man pages
|
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
||||||
|
Related: rhbz#1991688
|
||||||
|
|
||||||
|
* Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 6.11-4
|
||||||
|
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
|
||||||
|
|
||||||
|
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 6.11-3
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
||||||
|
|
||||||
|
* Fri Dec 18 2020 Jonathan Lebon <jonathan@jlebon.com> - 6.11-2
|
||||||
|
- Split out -info subpackage for smb2-quota and smbinfo
|
||||||
|
https://bugzilla.redhat.com/show_bug.cgi?id=1909288
|
||||||
|
|
||||||
|
* Mon Nov 02 2020 Alexander Bokovoy <abokovoy@redhat.com> - 6.11-1
|
||||||
|
- Update to v6.11 release
|
||||||
|
- Resolves: rhbz#1876400 - CVE-2020-14342 - cifs-utils: shell command injection
|
||||||
|
|
||||||
|
* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 6.9-4
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||||
|
|
||||||
|
* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 6.9-3
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
||||||
|
|
||||||
|
* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 6.9-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
||||||
|
|
||||||
|
* Sun Apr 21 2019 Jeff Layton <jlayton@redhat.com>- 6.9-1
|
||||||
|
- Update to v6.9 release
|
||||||
|
|
||||||
|
* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 6.8-4
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
||||||
|
|
||||||
|
* Tue Jul 17 2018 Alexander Bokovoy <abokovoy@redhat.com> - 6.8-3
|
||||||
|
- Use Python 3 version of rst2man
|
||||||
|
|
||||||
|
* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 6.8-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
||||||
|
|
||||||
* Tue Apr 10 2018 Fedora Release Engineering <releng@fedoraproject.org> - 6.8-1
|
* Tue Apr 10 2018 Fedora Release Engineering <releng@fedoraproject.org> - 6.8-1
|
||||||
- update to 6.8 release
|
- update to 6.8 release
|
||||||
@ -424,3 +472,4 @@ fi
|
|||||||
* Mon Feb 08 2010 Jeff Layton <jlayton@redhat.com> 4.0a1-1
|
* Mon Feb 08 2010 Jeff Layton <jlayton@redhat.com> 4.0a1-1
|
||||||
- first RPM package build
|
- first RPM package build
|
||||||
|
|
||||||
|
## END: Generated by rpmautospec
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user