rpms
/
cifs-utils
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

base: rpms:cc70c4d6d650ade4997ac8931c90aacf4e21ee16
Branches Tags
rpms:c8
rpms:c9s
rpms:c9
rpms:c9-beta
rpms:c8-beta
rpms:c8s
rpms:imports/c8/cifs-utils-7.0-1.el8
rpms:imports/c9/cifs-utils-7.0-1.el9
rpms:imports/c9-beta/cifs-utils-7.0-1.el9
rpms:imports/c8-beta/cifs-utils-7.0-1.el8
rpms:imports/c8s/cifs-utils-7.0-1.el8
rpms:imports/c9/cifs-utils-6.14-1.el9
rpms:imports/c9-beta/cifs-utils-6.14-1.el9
rpms:imports/c9-beta/cifs-utils-6.11-5.el9
rpms:imports/c8-beta/cifs-utils-6.8-3.el8
rpms:imports/c8-beta/cifs-utils-6.8-2.el8
rpms:imports/c8s/cifs-utils-6.8-3.el8
rpms:imports/c8/cifs-utils-6.8-3.el8
rpms:imports/c8/cifs-utils-6.8-2.el8
...
compare: rpms:c23e7515414867be021c6b9c9c0dab8b4208f02d
Branches Tags
rpms:c9s
rpms:c8
rpms:c9
rpms:c9-beta
rpms:c8-beta
rpms:c8s
rpms:imports/c8/cifs-utils-7.0-1.el8
rpms:imports/c9/cifs-utils-7.0-1.el9
rpms:imports/c9-beta/cifs-utils-7.0-1.el9
rpms:imports/c8-beta/cifs-utils-7.0-1.el8
rpms:imports/c8s/cifs-utils-7.0-1.el8
rpms:imports/c9/cifs-utils-6.14-1.el9
rpms:imports/c9-beta/cifs-utils-6.14-1.el9
rpms:imports/c9-beta/cifs-utils-6.11-5.el9
rpms:imports/c8-beta/cifs-utils-6.8-3.el8
rpms:imports/c8-beta/cifs-utils-6.8-2.el8
rpms:imports/c8s/cifs-utils-6.8-3.el8
rpms:imports/c8/cifs-utils-6.8-3.el8
rpms:imports/c8/cifs-utils-6.8-2.el8

2 Commits
cc70c4d6d6 ... c23e751541

Author SHA1 Message Date
Paulo Alcantara c23e751541 mount.cifs.rst: add reference for sssd and update xattr/acl section 2024-04-18 01:20:51 +00:00
Paulo Alcantara c4e33cca26 pam_cifscreds: fix warning on NULL arg passed to %s in pam_syslog() 
Resolves: RHEL-28050

Signed-off-by: Paulo Alcantara <paalcant@redhat.com>
 2024-04-12 18:33:02 -03:00
5 changed files with 165 additions and 1 deletions
Show Stats Expand all files Collapse all files

1
.cifs-utils.metadata Normal file
View File

@ -0,0 +1 @@
9df055a73d89ed3d536828d0cea304c9e04139d4 cifs-utils-7.0.tar.bz2

17
cifs-utils.spec
View File

@ -3,7 +3,7 @@
Name: cifs-utils
Version: 7.0
Release: 2%{pre_release}%{?dist}
Release: 4%{pre_release}%{?dist}
Summary: Utilities for mounting and managing CIFS mounts
License: GPLv3
@ -22,6 +22,9 @@ Recommends: %{name}-info%{?_isa} = %{version}-%{release}
Source0: https://download.samba.org/pub/linux-cifs/cifs-utils/%{name}-%{version}.tar.bz2
Patch0: cifs.upcall-fix-UAF-in-get_cachename_from_process_en.patch
Patch1: pam_cifscreds-fix-warning-on-NULL-arg-passed-to-s-in.patch
Patch2: mount.cifs.rst-add-missing-reference-for-sssd.patch
Patch3: mount.cifs.rst-update-section-about-xattr-acl-suppor.patch
%description
The SMB/CIFS protocol is a standard file sharing protocol widely deployed
@ -55,6 +58,9 @@ provide these credentials to the kernel automatically at login.
%prep
%setup -q -n %{name}-%{version}%{pre_release}
%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1
%build
fgrep -r -l '/usr/bin/env python' | xargs -n1 sed -i 's@/usr/bin/env python.*@%python3@g'
@ -126,6 +132,15 @@ about CIFS mount.
%{_mandir}/man1/smbinfo.*
%changelog
* Tue Apr 16 2024 Paulo Alcantara <paalcant@redhat.com> - 7.0-4
- mount.cifs.rst: add missing reference for sssd
- mount.cifs.rst: update section about xattr/acl support
- Resolves: RHEL-22495
* Fri Apr 12 2024 Paulo Alcantara <paalcant@redhat.com> - 7.0-3
- pam_cifscreds: fix NULL arg warning passed to pam_syslog()
- Resolves: RHEL-28050
* Fri Apr 12 2024 Paulo Alcantara <paalcant@redhat.com> - 7.0-2
- cifs.upcall: fix UAF in get_cachename_from_process_env()
- Resolves: RHEL-28047

49
mount.cifs.rst-add-missing-reference-for-sssd.patch Normal file
View File

@ -0,0 +1,49 @@
From e7ec0032898d855be144c0cdc9d9e3f78ae01bf2 Mon Sep 17 00:00:00 2001
From: Paulo Alcantara <pc@manguebit.com>
Date: Sun, 10 Mar 2024 22:24:24 -0300
Subject: [PATCH 1/2] mount.cifs.rst: add missing reference for sssd
Reference sssd in mount.cifs(8) as it can be used instead of winbind
via cifs.idmap utility. It's also enabled by default in most systems.
Signed-off-by: Paulo Alcantara (Red Hat) <pc@manguebit.com>
---
mount.cifs.rst | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/mount.cifs.rst b/mount.cifs.rst
index 3becf200e038..64127b23cf17 100644
--- a/mount.cifs.rst
+++ b/mount.cifs.rst
@@ -773,10 +773,10 @@ specified in the following Microsoft TechNet document:
In order to map SIDs to/from UIDs and GIDs, the following is required:
- a kernel upcall to the ``cifs.idmap`` utility set up via request-key.conf(5)
-- winbind support configured via nsswitch.conf(5) and smb.conf(5)
+- winbind or sssd support configured via nsswitch.conf(5)
-Please refer to the respective manpages of cifs.idmap(8) and
-winbindd(8) for more information.
+Please refer to the respective manpages of cifs.idmap(8), winbindd(8)
+and sssd(8) for more information.
Security descriptors for a file object can be retrieved and set
directly using extended attribute named ``system.cifs_acl``. The
@@ -792,10 +792,10 @@ Some of the things to consider while using this mount option:
- The mapping between a CIFS/NTFS ACL and POSIX file permission bits
is imperfect and some ACL information may be lost in the
translation.
-- If either upcall to cifs.idmap is not setup correctly or winbind is
- not configured and running, ID mapping will fail. In that case uid
- and gid will default to either to those values of the share or to
- the values of uid and/or gid mount options if specified.
+- If either upcall to cifs.idmap is not setup correctly or winbind or
+ sssd is not configured and running, ID mapping will fail. In that
+ case uid and gid will default to either to those values of the share
+ or to the values of uid and/or gid mount options if specified.
**********************************
ACCESSING FILES WITH BACKUP INTENT
--
2.44.0

59
mount.cifs.rst-update-section-about-xattr-acl-suppor.patch Normal file
View File

@ -0,0 +1,59 @@
From 4718e09e4b15b957bf9d729793bc3de7caad8134 Mon Sep 17 00:00:00 2001
From: Paulo Alcantara <pc@manguebit.com>
Date: Sun, 10 Mar 2024 22:24:25 -0300
Subject: [PATCH 2/2] mount.cifs.rst: update section about xattr/acl support
Update section about required xattr/acl support for UID/GID mapping.
Signed-off-by: Paulo Alcantara (Red Hat) <pc@manguebit.com>
---
mount.cifs.rst | 26 +++++++++++++++++++-------
1 file changed, 19 insertions(+), 7 deletions(-)
diff --git a/mount.cifs.rst b/mount.cifs.rst
index 64127b23cf17..d82a13c932b3 100644
--- a/mount.cifs.rst
+++ b/mount.cifs.rst
@@ -321,11 +321,12 @@ soft
noacl
Do not allow POSIX ACL operations even if server would support them.
- The CIFS client can get and set POSIX ACLs (getfacl, setfacl) to Samba
- servers version 3.0.10 and later. Setting POSIX ACLs requires enabling
- both ``CIFS_XATTR`` and then ``CIFS_POSIX`` support in the CIFS
- configuration options when building the cifs module. POSIX ACL support
- can be disabled on a per mount basis by specifying ``noacl`` on mount.
+ The CIFS client can get and set POSIX ACLs (getfacl, setfacl) to
+ Samba servers version 3.0.10 and later. Setting POSIX ACLs requires
+ enabling both ``CONFIG_CIFS_XATTR`` and then ``CONFIG_CIFS_POSIX``
+ support in the CIFS configuration options when building the cifs
+ module. POSIX ACL support can be disabled on a per mount basis by
+ specifying ``noacl`` on mount.
cifsacl
This option is used to map CIFS/NTFS ACLs to/from Linux permission
@@ -762,8 +763,19 @@ bits, and POSIX ACL as user authentication model. This is the most
common authentication model for CIFS servers and is the one used by
Windows.
-Support for this requires both CIFS_XATTR and CIFS_ACL support in the
-CIFS configuration options when building the cifs module.
+Support for this requires cifs kernel module built with both
+``CONFIG_CIFS_XATTR`` and ``CONFIG_CIFS_ACL`` options enabled. Since
+Linux 5.3, ``CONFIG_CIFS_ACL`` option no longer exists as CIFS/NTFS
+ACL support is always built into cifs kernel module.
+
+Most distribution kernels will already have those options enabled by
+default, but you can still check if they are enabled with::
+
+ cat /lib/modules/$(uname -r)/build/.config
+
+Alternatively, if kernel is configured with ``CONFIG_IKCONFIG_PROC``::
+
+ zcat /proc/config.gz
A CIFS/NTFS ACL is mapped to file permission bits using an algorithm
specified in the following Microsoft TechNet document:
--
2.44.0

40
pam_cifscreds-fix-warning-on-NULL-arg-passed-to-s-in.patch Normal file
View File

@ -0,0 +1,40 @@
From dac330136368a9b8d9ccf8227f56ea35de57a4d2 Mon Sep 17 00:00:00 2001
From: Paulo Alcantara <pc@manguebit.com>
Date: Fri, 8 Mar 2024 13:25:22 -0300
Subject: [PATCH] pam_cifscreds: fix warning on NULL arg passed to %s in
pam_syslog()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Fix the following compiler warning with -Wformat-overflow in
cifscreds_pam_update():
pam_cifscreds.c: In function cifscreds_pam_update:
pam_cifscreds.c:340:83: warning: %s directive argument is null
[-Wformat-overflow=]
340 | pam_syslog(ph, LOG_ERR, "error: Update credential key for %s: %s",
| ^~
Fixes: cbbcd6e71c0a ("cifscreds: create PAM module to insert credentials at login")
Signed-off-by: Paulo Alcantara (Red Hat) <pc@manguebit.com>
---
pam_cifscreds.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pam_cifscreds.c b/pam_cifscreds.c
index 5d99c2db3038..eb9851d52a7d 100644
--- a/pam_cifscreds.c
+++ b/pam_cifscreds.c
@@ -338,7 +338,7 @@ static int cifscreds_pam_update(pam_handle_t *ph, const char *user, const char *
key_serial_t key = key_add(currentaddress, user, password, keytype);
if (key <= 0) {
pam_syslog(ph, LOG_ERR, "error: Update credential key for %s: %s",
- currentaddress, strerror(errno));
+ (currentaddress ?: "(null)"), strerror(errno));
}
}
--
2.44.0