Commit message (Collapse)AuthorAgeFilesLines
* mount.cifs.rst: document new (no)handlecache mount optionHEADmasterAurelien Aptel2018-07-101-0/+10
| | | | | | Signed-off-by: Aurelien Aptel <aaptel@suse.com> Reviewed-by: Steve French <smfrench@gmail.com> Reviewed-by: Pavel Shilovsky <piastryyy@gmail.com>
* docs: cleanup rst formatingAurelien Aptel2018-07-108-434/+201
| | | | | | Signed-off-by: Aurelien Aptel <aaptel@suse.com> Reviewed-by: Steve French <smfrench@gmail.com> Reviewed-by: Pavel Shilovsky <piastryyy@gmail.com>
* cifs-utils: bump version to 6.8cifs-utils-6.8Pavel Shilovsky2018-03-091-1/+1
| | | | Signed-off-by: Pavel Shilovsky <pshilov@microsoft.com>
* update mount.cifs manpage with info about echo_interval option.Kenneth Dsouza2018-03-091-0/+9
| | | | | | | Adds information regarding reconnection time. Acked-by: Sachin Prabhu <sprabhu@redhat.com> Signed-off-by: Kenneth D'souza <kdsouza@redhat.com>
* cifscreds: check optind before accessing argv[optind]Ronnie Sahlberg2018-03-091-0/+3
| | | | | | | | | | Redhat bugzilla: 1278543 This fixes a segfault for some incorrect usage, for example cifscreds -u test Reviewed-by: Steve French <smfrench@gmail.com> Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com>
* manpage: update mount.cifs manpage with info about incomplete optionsZhang Xianwei2018-03-091-5/+5
| | | | | | | This commit a1f3acd40b265f134a97a739a6898b3958d206b9 modified mount parameters, but not updated mount.cifs manpage. Fix it. Signed-off-by: Zhang Xianwei <zhang.xianwei8@zte.com.cn>
* manpage: update mount.cifs manpage with info about default version being mountedJeff Layton2017-10-291-2/+6
| | | | | Reviewed-by: Pavel Shilovsky <pshilov@microsoft.com> Signed-off-by: Jeff Layton <jlayton@samba.org>
* doc: convert pod files to rstJeff Layton2017-10-2318-1605/+1769
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Aurelien did a big conversion of raw troff files into .pod docs in a recent patch. That worked out pretty well, but I have some reservations about using POD as a canonical format. While it does make it pretty simple to write manpages, it's sort of an obscure format, and is heavily associated with perl. Meanwhile, the kernel is slowly moving to using ReStructured Text as its documentation format. Given the simplicity of the cifs-utils manpages, I think we're better suited to using rst as a canonical format, rather than pod. This patch converts all of the .pod files in the code to .rst files, and fixes the Makefile and autoconf to use the correct tools to turn those into manpages. The conversion was done with the pod2rst script, with some by-hand modifications at the end to clean up the formatting and add the manual section numbers. It's not perfect and could probably use a second pass to clean up the warts in the formatting, but the content is all intact and it should be readable. Finally, convert the makefile rules to use standard SUFFIX rules instead of the non-portable GNU make % style extension rules. We don't really expect anyone to use anything other than GNU make here, but this silences an automake warning. Signed-off-by: Aurelien Aptel <aaptel@suse.com> Signed-off-by: Jeff Layton <jlayton@samba.org>
* man: generate all man pages from POD files when buidlingAurelien Aptel2017-10-0317-1853/+1431
| | | | | | | | | | | | | | | | | | | | | | Move all man pages to easily editable POD files and generate troff source when building. Previous .in troff file are still preprocessed before final generation to use configured path (.pod.in -> .pod -> troff). All temporary files (.pod.in and troff sources) are properly deleted on clean. Remove all troff file, no need to keep generated copies under source control. This commit does not change the content of the man pages but makes future editing easier. Adds a new --enable-man/--disable-man configure option to control the generation and installation of man pages. The option is automatically enabled if the system supports it. Explicitly enabling it will make the configure script fail if pod2man is not installed. Signed-off-by: Aurelien Aptel <aaptel@suse.com>
* cifs: setcifsacl - Send the actual (security descriptor) buffer size instead ↵Shirish Pargaonkar2017-08-301-22/+39
| | | | | | | | | | | | | | | | | of the pre-allocated size Some SMB servers such as HDS HNAS (Hitachi NAS) return error NT Status: STATUS_INVALID_SECURITY_DESCR (0xc0000079) during set cifs acl operation. This happens due to mismatch in the size of actual security descriptor being set versus the size of the security descriptor stated in the request. Instead of sending allocated buffer size of a security descriptor, send the actual size of the security descriptor during set cifs acl operation. Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
* mount.cifs: add fallthrough comments on fmask/dmask option casesJeff Layton2017-08-271-0/+2
| | | | | | ...to silence a couple of compiler warnings. Signed-off-by: Jeff Layton <jlayton@samba.org>
* mount.cifs: document SMBv3.1.1 and new seal optionAurelien Aptel2017-04-222-1/+17
| | | | Signed-off-by: Aurelien Aptel <aaptel@suse.com>
* manpage: correct typos and spelling mistakesAurelien Aptel2017-03-161-9/+9
| | | | Signed-off-by: Aurelien Aptel <aaptel@suse.com>
* mount.cifs: Remove data_blob.h includeThomas Witt2017-03-161-1/+0
| | | | | | | | data_blob.h includes talloc.h from libtalloc, but that is only marked as a dependency for cifs.upcall. No symbols from that header are used by cifs.mount, so remove it to avoid the libtalloc dependency Signed-off-by: Thomas Witt <pyromaniac@exherbo.org>
* cifs-utils: bump version to 6.7cifs-utils-6.7Jeff Layton2017-03-021-1/+1
| | | | Signed-off-by: Jeff Layton <jlayton@samba.org>
* cifs.upcall: use a MEMORY: ccache when instantiating from a keytabJeff Layton2017-02-281-2/+2
| | | | | | | | | | Using a more permanent ccache is potentially problematic when we're instantiating a new one. We might be operating under different creds than expected. Just use a MEMORY: ccache since we don't need it to last longer than the life of the upcall anyway. Reported-and-Tested-by: Chad William Seys <cwseys@physics.wisc.edu> Signed-off-by: Jeff Layton <jlayton@samba.org>
* cifs.upcall: don't do env scraping when uid is 0Jeff Layton2017-02-242-2/+13
| | | | | | | | | | | | | | Setuid programs triggering upcalls could trick the program here. Also, the d_automount method is done with credentials overridden so if you can end up with mismatched creds and env vars due to that as well. It's a hack, but the only recourse I can see is to avoid doing this when the uid is 0. That means we can't rely on finding root credcaches in alternate locations using $KRB5CCNAME, but I think that's the best we can do. Reported-and-Tested-by: Chad William Seys <cwseys@physics.wisc.edu> Signed-off-by: Jeff Layton <jlayton@samba.org>
* cifs.upcall: unset $KRB5CCNAME when creating new credcache from keytabJeff Layton2017-02-241-0/+6
| | | | | | | | | We don't want to trust $KRB5CCNAME when creating or updating a new credcache since we could be operating under the wrong credentials. Always create new credcaches in the default location instead. Reported-by: Chad William Seys <cwseys@physics.wisc.edu> Signed-off-by: Jeff Layton <jlayton@samba.org>
* data_blob: Eliminate _PUBLIC_Jeff Layton2017-02-242-10/+6
| | | | | | It's defined to nothing anyway. Signed-off-by: Jeff Layton <jlayton@samba.org>
* treewide: Eliminate SAFE_FREEJeff Layton2017-02-242-23/+15
| | | | | | | | It just frees and then zeroes out the pointer. That's of dubious value in the places where it's currently being used. Just use free() instead. Signed-off-by: Jeff Layton <jlayton@samba.org>
* replace.h: remove itJeff Layton2017-02-242-675/+1
| | | | | | Nothing uses it now. Signed-off-by: Jeff Layton <jlayton@samba.org>
* cifs.upcall: remove need for replace.hJeff Layton2017-02-241-3/+19
| | | | | | Take just what we need from replace.h and move it to cifs.upcall.c. Signed-off-by: Jeff Layton <jlayton@samba.org>
* spengo.c/asn1.c: remove need for replace.hJeff Layton2017-02-242-2/+2
| | | | | Just need stdbool.h instead. Signed-off-by: Jeff Layton <jlayton@samba.org>
* data_blob: remove need for replace.hJeff Layton2017-02-241-1/+4
| | | | | | We only need ZERO_STRUCT there. Signed-off-by: Jeff Layton <jlayton@samba.org>
* cifs.upcall: trim even more capabilitiesJeff Layton2017-02-161-9/+8
| | | | | | | | | | We really only need CAP_DAC_READ_SEARCH, not CAP_DAC_OVERRIDE, and only when we are going to probe the environ file. Also, fix the non-libcap-ng trim_capabilities prototype. Reviewed-by: Simo Sorce <simo@redhat.com> Signed-off-by: Jeff Layton <jlayton@samba.org>
* cifs.upcall: allow scraping of KRB5CCNAME out of initiating task's ↵Jeff Layton2017-02-152-7/+152
| | | | | | | | | | | | | | | | | | | | | | | | | | | | /proc/<pid>/environ file Chad reported that he was seeing a regression in cifs-utils-6.6. Prior to that, cifs.upcall was able to find credcaches in non-default FILE: locations, but with the rework of that code, that ability was lost. Unfortunately, the krb5 library design doesn't really take into account the fact that we might need to find a credcache in a process that isn't descended from the session. When the kernel does an upcall, it passes several bits of info about the task that initiated the upcall. One of those things is the PID (the tgid, in particular). We can use that info to reach into the /proc/<pid>/environ file for the process, and grab whatever value of $KRB5CCNAME is there. Then, after switching credentials, set $KRB5CCNAME in the environment to the same value before opening the credcache, to hint to the krb5 libs where they ought to look. This new behavior is on by default, but can be disabled by having request-key pass a '-E' flag to cifs.upcall. Reported-by: Chad William Seys <cwseys@physics.wisc.edu> Signed-off-by: Jeff Layton <jlayton@samba.org>
* cifs.upcall: drop capabilities early in programJeff Layton2017-02-152-1/+65
| | | | | | | | Much of cifs.upcall can and should be run without elevated privileges. On entry into the program, drop as many capabilities as we can get away with, and then always drop any remaining caps after calling setuid(). Signed-off-by: Jeff Layton <jlayton@samba.org>
* cifs.upcall: switch group IDs when handling an upcallJeff Layton2017-02-141-0/+37
| | | | | | | | | | | | Currently, we leave the group ID alone, but in a later patch we'll be changing cifs.upcall to scrape $KRB5CCNAME out of the originating process. At that point, we want to be a little more careful with the process credentials we'll be using. After we get the uid, do a getpwuid and grab the default gid for the user. Then use setgid to set it before calling setuid. Signed-off-by: Jeff Layton <jlayton@samba.org>
* cifs.upcall: convert two flags from int to boolJeff Layton2017-02-141-4/+5
| | | | Signed-off-by: Jeff Layton <jlayton@samba.org>
* manpage: document mfsymlinks in the mount.cifs man pageSachin Prabhu2017-01-041-0/+5
| | | | | | Information from the cifs README in the kernel sources is used. Signed-off-by: Sachin Prabhu <sprabhu@redhat.com>
* mount.cifs: Remove unneeded stdbool header includeGermano Percossi2016-11-271-1/+0
| | | | Signed-off-by: Germano Percossi <germano.percossi@citrix.com>
* mount.cifs: Fixed command line parsing and aligned with kernelGermano Percossi2016-11-271-35/+47
| | | | | | | | | | | | | | | | | | | | | | | The way token matching was done was consuming the parameters namespace quickly. For example, anything starting with "dom" was interpreted with domain, while it could have been a completely different word. The same is true even for "ro". Moreover, many perfectly valid options like "addr" where not accepted. The cifs kernel module is very strict when it comes to names: 'dom' and 'domain' are valid while 'domai' is not, so the userspace tool needs to comply otherwise it becomes very difficult to come up with new names for options. Now, checking is strict and as close as possible to kernel. When it is not, it is just to avoid breaking compatibility with some users. However, workg has been removed because it is too lazy and undocumented. The only variable left without strict checking is 'x-' because the intent is to ignore anything starting in that way Signed-off-by: Germano Percossi <germano.percossi@citrix.com>
* mount.cifs: Accept empty domains on the command lineGermano Percossi2016-11-271-3/+12
| | | | | | | | | | | | | | | | If we do not allow empty domains on the command line we are preventing the kernel module from taking different actions if the domain has not been specified at all or just passed empty. In fact, with this fix the cifs module behaves differently once an empty domain is passed: the find_domain_name function is not invoked when an empty domain is passed. It is possible to pass both 'domain=' or 'domain=""' even though the kernel module will accept the former only when associated with the sloppy option. Signed-off-by: Germano Percossi <germano.percossi@citrix.com>
* mount.cifs: Removed extra comma in front of domainGermano Percossi2016-11-271-1/+1
| | | | Signed-off-by: Germano Percossi <germano.percossi@citrix.com>
* cifs-utils: bump version to 6.6.1 for pre-release buildsJeff Layton2016-11-271-1/+1
| | | | Signed-off-by: Jeff Layton <jlayton@samba.org>
* autoconf: set version to 6.6cifs-utils-6.6Jeff Layton2016-09-011-1/+1
| | | | Signed-off-by: Jeff Layton <jlayton@samba.org>
* cifs.upcall: stop passing around ccache name stringsJeff Layton2016-08-241-57/+41
| | | | | | | Instead, get a ccache handle and pass that around. That way we can keep the cache open until the program is complete as well. Signed-off-by: Jeff Layton <jlayton@samba.org>
* cifs.upcall: make get_tgt_time take a ccache argJeff Layton2016-08-241-11/+10
| | | | | | | ...instead of dealing with the ccname. Push resolution of the cache into the caller. Signed-off-by: Jeff Layton <jlayton@samba.org>
* cifs.upcall: remove KRB5_TC_OPENCLOSEJeff Layton2016-08-241-6/+0
| | | | | | | | | The header file says that this is deprecated, and all of the info I've seen about it mentioned that it was for performance more than correctness. It dates back to the original code dump from Igor, so I think we're safe to just drop it at this point. Signed-off-by: Jeff Layton <jlayton@samba.org>
* cifs.upcall: make the krb5_context a static global variableJeff Layton2016-08-221-45/+16
| | | | | | | There's no need to keep initing a new context for every function. Just do it once and reuse as needed. Signed-off-by: Jeff Layton <jlayton@samba.org>
* cifs.upcall: use krb5 routines to get default ccnameJeff Layton2016-08-211-121/+27
| | | | | | | | | Currently we end up groveling around in /tmp, trying to guess what the credcache will be. Instead, just get the default ccname for the user, and then see if it has a valid tgt. If it doesn't then we try to use the keytab to init the credcache before proceeding. Signed-off-by: Jeff Layton <jlayton@samba.org>
* aclocal: fix typo in idmap.m4Jeff Layton2016-07-121-1/+1
| | | | | | We really don't want to do the same check twice. Signed-off-by: Jeff Layton <jlayton@samba.org>
* autoconf: set package version to 6.5.1 for interim buildsJeff Layton2016-07-121-1/+1
| | | | Signed-off-by: Jeff Layton <jlayton@samba.org>
* autoconf: set version to 6.5cifs-utils-6.5Jeff Layton2016-02-221-1/+1
| | | | Signed-off-by: Jeff Layton <jlayton@samba.org>
* autoconf: Use $(DEFS) when building idmapwb.so and pam_cifscreds.soSachin Prabhu2016-01-201-2/+2
| | | | | | | | | We should pass the macros defined in $(DEFS) when building idmapwb.so and pam_cifscreds.so. The autoconf process sets the macro HAVE_CONFIG_H using the $(DEFS) variable. This macro has to be defined to allow the source files to include config.h Signed-off-by: Sachin Prabhu <sprabhu@redhat.com>
* mount.cifs: ignore x-* mount optionsKarel Zak2016-01-071-0/+2
| | | | | | | | | | | | | | | | | | x-* prefix is used for userspace mount options and it's pretty commonly used to extend fstab configuration in systemd world (e.g. x-systemd.automount). These options is necessary to ignored. The command mount(8) does not pass x-* mount options to mount.<type> helpers, but in some use-cases it's possible that the cifs helper reads mount options from fstab or users directly call mount.cifs and copy & past mount options, etc. This patch marks all options prefixed by "x-" as OPT_IGNORE to make things more robust for end-users. We already uses the same concept for _netdev. Signed-off-by: Karel Zak <kzak@redhat.com> Signed-off-by: Jeff Layton <jlayton@samba.org>
* manpage: clarify use of backupuid and backupgid in mount.cifs.8Uri Simchoni2016-01-071-3/+3
| | | | | | | | Assert that backup intent shall only be attempted if the user matches the backupuid or backupgid parameter. Signed-off-by: Uri Simchoni <uri@samba.org> Signed-off-by: Jeff Layton <jlayton@samba.org>
* mtab.c: include <paths.h> for _PATH_MOUNTEDFelix Janda2014-12-081-0/+1
| | | | Signed-off-by: Felix Janda <felix.janda@posteo.de>
* autoconf: set version to 6.4.1 for interim buildsJeff Layton2014-12-081-1/+1
| | | | Signed-off-by: Jeff Layton <jlayton@samba.org>
* autoconf: set version to 6.4cifs-utils-6.4Jeff Layton2014-07-111-1/+1
| | | | Signed-off-by: Jeff Layton <jlayton@samba.org>