From 9a632c6ae251b3587200993969eb6750e81f1d84 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: May 16 2023 06:17:54 +0000 Subject: import cifs-utils-7.0-1.el8 --- diff --git a/.cifs-utils.metadata b/.cifs-utils.metadata index 9761765..411b239 100644 --- a/.cifs-utils.metadata +++ b/.cifs-utils.metadata @@ -1 +1 @@ -3440625e73a2e8ea58c63c61b46a61f5b7f95bac SOURCES/cifs-utils-6.8.tar.bz2 +9df055a73d89ed3d536828d0cea304c9e04139d4 SOURCES/cifs-utils-7.0.tar.bz2 diff --git a/.gitignore b/.gitignore index c38115c..c5bb369 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/cifs-utils-6.8.tar.bz2 +SOURCES/cifs-utils-7.0.tar.bz2 diff --git a/SOURCES/0001-Use-explicit-usr-bin-python3.patch b/SOURCES/0001-Use-explicit-usr-bin-python3.patch new file mode 100644 index 0000000..718c9c9 --- /dev/null +++ b/SOURCES/0001-Use-explicit-usr-bin-python3.patch @@ -0,0 +1,55 @@ +From 17162396d9ace9396c27826f1c62719186e29ae9 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Pavel=20Filipensk=C3=BD?= +Date: Fri, 20 Jan 2023 20:53:44 +0100 +Subject: [PATCH] Use explicit #!/usr/bin/python3 + +--- + checkopts | 2 +- + smb2-quota | 2 +- + smb2-secdesc | 2 +- + smbinfo | 2 +- + 4 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/checkopts b/checkopts +index 88e70b1..00c4cfd 100755 +--- a/checkopts ++++ b/checkopts +@@ -1,4 +1,4 @@ +-#!/usr/bin/env python3 ++#!/usr/bin/python3 + # + # Script to check for inconsistencies between documented mount options + # and implemented kernel options. +diff --git a/smb2-quota b/smb2-quota +index 6d0b8a3..49207c7 100755 +--- a/smb2-quota ++++ b/smb2-quota +@@ -1,4 +1,4 @@ +-#!/usr/bin/env python ++#!/usr/bin/python3 + # coding: utf-8 + # + # smb2-quota is a cmdline tool to display quota information for the +diff --git a/smb2-secdesc b/smb2-secdesc +index 5886091..534dd92 100755 +--- a/smb2-secdesc ++++ b/smb2-secdesc +@@ -1,4 +1,4 @@ +-#!/usr/bin/env python ++#!/usr/bin/python3 + # coding: utf-8 + + import array +diff --git a/smbinfo b/smbinfo +index 73c5bb3..766024e 100755 +--- a/smbinfo ++++ b/smbinfo +@@ -1,4 +1,4 @@ +-#!/usr/bin/env python3 ++#!/usr/bin/python3 + # -*- coding: utf-8 -*- + # + # smbinfo is a cmdline tool to query SMB-specific file and fs +-- +2.38.1 + diff --git a/SOURCES/0001-docs-cleanup-rst-formating.patch b/SOURCES/0001-docs-cleanup-rst-formating.patch deleted file mode 100644 index c0ed217..0000000 --- a/SOURCES/0001-docs-cleanup-rst-formating.patch +++ /dev/null @@ -1,1122 +0,0 @@ -From 2f36d879c3522fe423ffd14fb7e568cdc9df0b48 Mon Sep 17 00:00:00 2001 -From: Aurelien Aptel -Date: Tue, 15 May 2018 10:12:32 +0200 -Subject: [PATCH 01/36] docs: cleanup rst formating - -Signed-off-by: Aurelien Aptel -Reviewed-by: Steve French -Reviewed-by: Pavel Shilovsky -(cherry picked from commit 81dcfb24f54a5757f7c9fe08285bf527b8333506) -Signed-off-by: Sachin Prabhu ---- - cifs.idmap.rst.in | 71 ++++++------------- - cifs.upcall.rst.in | 200 ++++++++++++++++++++--------------------------------- - cifscreds.rst | 92 ++++++++---------------- - getcifsacl.rst.in | 40 +++-------- - idmapwb.rst.in | 19 +++-- - mount.cifs.rst | 9 ++- - pam_cifscreds.rst | 61 +++++----------- - setcifsacl.rst.in | 143 ++++++++++---------------------------- - 8 files changed, 201 insertions(+), 434 deletions(-) - -diff --git a/cifs.idmap.rst.in b/cifs.idmap.rst.in -index 91b585e..60d7f0a 100644 ---- a/cifs.idmap.rst.in -+++ b/cifs.idmap.rst.in -@@ -11,124 +11,93 @@ Userspace helper for mapping ids for Common Internet File System (CIFS) - SYNOPSIS - ******** - -- --cifs.idmap [--help|-h] [--timeout|-t] [--version|-v] {keyid} -- -+ cifs.idmap [--help|-h] [--timeout|-t] [--version|-v] {keyid} - - *********** - DESCRIPTION - *********** - -- - This tool is part of the cifs-utils suite. - --\ **cifs.idmap**\ is a userspace helper program for the linux CIFS client -+``cifs.idmap`` is a userspace helper program for the linux CIFS client - filesystem. There are a number of activities that the kernel cannot - easily do itself. This program is a callout program that does these - things for the kernel and then returns the result. - --\ **cifs.idmap**\ is generally intended to be run when the kernel calls -+``cifs.idmap`` is generally intended to be run when the kernel calls - request-key(8) for a particular key type. While it can be run - directly from the command-line, it is not generally intended to be run - that way. - --This program is only called if a share is mounted with the \ **cifsacl**\ -+This program is only called if a share is mounted with the ``cifsacl`` - mount option. The kernel will only upcall to do this conversion if - that mount option is specified. - --\ **cifs.idmap**\ relies on a plugin to handle the ID mapping. If it can't -+``cifs.idmap`` relies on a plugin to handle the ID mapping. If it can't - find the plugin then it will not work properly. The plugin (or a - symlink to it) must be at @pluginpath@. - --In the case where \ **cifs.idmap**\ or the plugin are unavailable, file -+In the case where ``cifs.idmap`` or the plugin are unavailable, file - objects in a mounted share are assigned uid and gid of the credentials - of the process that mounted the share. It is strongly recomemended to - use mount options of uid and gid to specify a default uid and gid to - map owner SIDs and group SIDs in this situation. - -- - ******* - OPTIONS - ******* - -+--help|-h -+ Print the usage message and exit. - -+--timeout|-t -+ Set the expiration timer, in seconds on the key. The default is 600 -+ seconds (10 minutes). Setting this to 0 will cause the key to never -+ expire. - --\ **--help|-h**\ -- -- Print the usage message and exit. -- -- -- --\ **--timeout|-t**\ -- -- Set the expiration timer, in seconds on the key. The default is 600 -- seconds (10 minutes). Setting this to 0 will cause the key to never -- expire. -- -- -- --\ **--version|-v**\ -- -- Print version number and exit. -- -- -- -+--version|-v -+ Print version number and exit. - - ************************ - CONFIGURATION FOR KEYCTL - ************************ - -- --\ **cifs.idmap**\ is designed to be called from the kernel via the -+``cifs.idmap`` is designed to be called from the kernel via the - request-key callout program. This requires that request-key be told --where and how to call this program. Currently \ **cifs.idmap**\ handles a --key type of: -+where and how to call this program. Currently ``cifs.idmap`` handles a -+key type of:: - -+ cifs.idmap - --\ **cifs.idmap**\ -- -- This keytype is for mapping a SID to either an uid or a gid -- -- -+This keytype is for mapping a SID to either an uid or a gid. - - To make this program useful for CIFS, you will need to set up entry for it in --request-key.conf(5). Here is an example of an entry for this key type: -- -- --.. code-block:: perl -+request-key.conf(5). Here is an example of an entry for this key type:: - - #OPERATION TYPE D C PROGRAM ARG1 ARG2... - #========= ============= = = ================================ - create cifs.idmap * * @sbindir@/cifs.idmap %k - -- - See request-key.conf(5) for more info on each field. - -- - ***** - NOTES - ***** - -- - Support for upcalls to cifs.idmap was initially introduced in the 3.0 - kernel. - -- - ******** - SEE ALSO - ******** - -- - request-key.conf(5), mount.cifs(8) - -- - ****** - AUTHOR - ****** - -- - Shirish Pargaonkar wrote the cifs.idmap program. - - The Linux CIFS Mailing list is the preferred place to ask questions - regarding these programs. -- -diff --git a/cifs.upcall.rst.in b/cifs.upcall.rst.in -index 8f4ee62..1b8df3f 100644 ---- a/cifs.upcall.rst.in -+++ b/cifs.upcall.rst.in -@@ -7,178 +7,131 @@ Userspace upcall helper for Common Internet File System (CIFS) - -------------------------------------------------------------- - :Manual section: 8 - -- - ******** - SYNOPSIS - ******** - --.. code-block:: perl -- -- cifs.upcall [--trust-dns|-t] [--version|-v] [--legacy-uid|-l] -- [--krb5conf=/path/to/krb5.conf|-k /path/to/krb5.conf] -- [--keytab=/path/to/keytab|-K /path/to/keytab] {keyid} -- -- -+ cifs.upcall [--trust-dns|-t] [--version|-v] [--legacy-uid|-l] -+ [--krb5conf=/path/to/krb5.conf|-k /path/to/krb5.conf] -+ [--keytab=/path/to/keytab|-K /path/to/keytab] {keyid} - - *********** - DESCRIPTION - *********** - -- - This tool is part of the cifs-utils suite. - --\ **cifs.upcall**\ is a userspace helper program for the linux CIFS client -+``cifs.upcall`` is a userspace helper program for the linux CIFS client - filesystem. There are a number of activities that the kernel cannot - easily do itself. This program is a callout program that does these - things for the kernel and then returns the result. - --\ **cifs.upcall**\ is generally intended to be run when the kernel calls -+``cifs.upcall`` is generally intended to be run when the kernel calls - request-key(8) for a particular key type. While it can be run - directly from the command-line, it's not generally intended to be run - that way. - -- - ******* - OPTIONS - ******* - -- -- --\ **-c**\ -- -- This option is deprecated and is currently ignored. -- -- -- --\ **--no-env-probe|-E**\ -- -- Normally, \ **cifs.upcall**\ will probe the environment variable space of -- the process that initiated the upcall in order to fetch the value of -- \ ``$KRB5CCNAME``\ . This can assist the program with finding credential -- caches in non-default locations. If this option is set, then the -- program won't do this and will rely on finding credcaches in the -- default locations specified in \ *krb5.conf*\ . Note that this is never -- performed when the uid is 0. The default credcache location is always -- used when the uid is 0, regardless of the environment variable setting -- in the process. -- -- -- --\ **--krb5conf|-k=/path/to/krb5.conf**\ -- -- This option allows administrators to set an alternate location for the -- \ *krb5.conf*\ file that \ **cifs.upcall**\ will use. -- -- -- --\ **--keytab=|-K=/path/to/keytab**\ -- -- This option allows administrators to specify a keytab file to be -- used. When a user has no credential cache already established, -- \ **cifs.upcall**\ will attempt to use this keytab to acquire them. The -- default is the system-wide keytab \ */etc/krb5.keytab*\ . -- -- -- --\ **--trust-dns|-t**\ -- -- With krb5 upcalls, the name used as the host portion of the service -- principal defaults to the hostname portion of the UNC. This option -- allows the upcall program to reverse resolve the network address of -- the server in order to get the hostname. -- -- This is less secure than not trusting DNS. When using this option, -- it's possible that an attacker could get control of DNS and trick the -- client into mounting a different server altogether. It's preferable to -- instead add server principals to the KDC for every possible hostname, -- but this option exists for cases where that isn't possible. The -- default is to not trust reverse hostname lookups in this fashion. -- -- -- --\ **--legacy-uid|-l**\ -- -- Traditionally, the kernel has sent only a single uid= parameter to the -- upcall for the SPNEGO upcall that's used to determine what user's -- credential cache to use. This parameter is affected by the \ **uid=**\ -- mount option, which also governs the ownership of files on the mount. -- -- Newer kernels send a creduid= option as well, which contains what uid -- it thinks actually owns the credentials that it's looking for. At -- mount time, this is generally set to the real uid of the user doing -- the mount. For multisession mounts, it's set to the fsuid of the mount -- user. Set this option if you want cifs.upcall to use the older \ **uid=**\ -- parameter instead of the creduid= parameter. -- -- -- --\ **--version|-v**\ -- -- Print version number and exit. -- -- -- -+-c -+ This option is deprecated and is currently ignored. -+ -+--no-env-probe|-E -+ Normally, ``cifs.upcall`` will probe the environment variable space of -+ the process that initiated the upcall in order to fetch the value of -+ ``$KRB5CCNAME``. This can assist the program with finding credential -+ caches in non-default locations. If this option is set, then the -+ program won't do this and will rely on finding credcaches in the -+ default locations specified in *krb5.conf*. Note that this is never -+ performed when the uid is 0. The default credcache location is always -+ used when the uid is 0, regardless of the environment variable setting -+ in the process. -+ -+--krb5conf|-k=/path/to/krb5.conf -+ This option allows administrators to set an alternate location for the -+ *krb5.conf* file that ``cifs.upcall`` will use. -+ -+--keytab=|-K=/path/to/keytab -+ This option allows administrators to specify a keytab file to be -+ used. When a user has no credential cache already established, -+ ``cifs.upcall`` will attempt to use this keytab to acquire them. The -+ default is the system-wide keytab */etc/krb5.keytab*. -+ -+--trust-dns|-t -+ With krb5 upcalls, the name used as the host portion of the service -+ principal defaults to the hostname portion of the UNC. This option -+ allows the upcall program to reverse resolve the network address of -+ the server in order to get the hostname. -+ -+ This is less secure than not trusting DNS. When using this option, -+ it's possible that an attacker could get control of DNS and trick the -+ client into mounting a different server altogether. It's preferable to -+ instead add server principals to the KDC for every possible hostname, -+ but this option exists for cases where that isn't possible. The -+ default is to not trust reverse hostname lookups in this fashion. -+ -+--legacy-uid|-l -+ Traditionally, the kernel has sent only a single uid= parameter to the -+ upcall for the SPNEGO upcall that's used to determine what user's -+ credential cache to use. This parameter is affected by the uid= -+ mount option, which also governs the ownership of files on the mount. -+ -+ Newer kernels send a creduid= option as well, which contains what uid -+ it thinks actually owns the credentials that it's looking for. At -+ mount time, this is generally set to the real uid of the user doing -+ the mount. For multisession mounts, it's set to the fsuid of the mount -+ user. Set this option if you want cifs.upcall to use the older uid= -+ parameter instead of the creduid= parameter. -+ -+--version|-v -+ Print version number and exit. - - ************************ - CONFIGURATION FOR KEYCTL - ************************ - -- --\ **cifs.upcall**\ is designed to be called from the kernel via the -+``cifs.upcall`` is designed to be called from the kernel via the - request-key callout program. This requires that request-key be told --where and how to call this program. The current \ **cifs.upcall**\ -+where and how to call this program. The current ``cifs.upcall`` - program handles two different key types: - -+cifs.spnego -+ This keytype is for retrieving kerberos session keys -+ -+dns_resolver -+ This key type is for resolving hostnames into IP addresses. Support -+ for this key type may eventually be deprecated (see below). -+ -+ To make this program useful for CIFS, you'll need to set up entries -+ for them in request-key.conf(5). Here's an example of an entry for -+ each key type:: - --\ **cifs.spnego**\ -- -- This keytype is for retrieving kerberos session keys -- -- -- --\ **dns_resolver**\ -- -- This key type is for resolving hostnames into IP addresses. Support -- for this key type may eventually be deprecated (see below). -- -- To make this program useful for CIFS, you'll need to set up entries -- for them in request-key.conf(5). Here's an example of an entry for -- each key type: -- -- -- .. code-block:: perl -- - #OPERATION TYPE D C PROGRAM ARG1 ARG2... - #========= ============= = = ================================ - create cifs.spnego * * @sbindir@/cifs.upcall %k - create dns_resolver * * @sbindir@/cifs.upcall %k -- -- -- See request-key.conf(5) for more info on each field. -- -- The keyutils package has also started including a dns_resolver -- handling program as well that is preferred over the one in -- \ **cifs.upcall.**\ If you are using a keyutils version equal to or -- greater than 1.5, you should use \ ``key.dns_resolver``\ to handle the -- \ ``dns_resolver``\ keytype instead of \ **cifs.upcall**\ . See -- key.dns_resolver(8) for more info. -- - -+ See request-key.conf(5) for more info on each field. - -+ The keyutils package has also started including a dns_resolver -+ handling program as well that is preferred over the one in -+ ``cifs.upcall``. If you are using a keyutils version equal to or -+ greater than 1.5, you should use ``key.dns_resolver`` to handle the -+ ``dns_resolver`` keytype instead of ``cifs.upcall``. See -+ key.dns_resolver(8) for more info. - - ******** - SEE ALSO - ******** - -- - request-key.conf(5), mount.cifs(8), key.dns_resolver(8) - -- - ****** - AUTHOR - ****** - -- - Igor Mammedov wrote the cifs.upcall program. - - Jeff Layton authored this manpage. -@@ -187,4 +140,3 @@ The maintainer of the Linux CIFS VFS is Steve French. - - The Linux CIFS Mailing list is the preferred place to ask questions - regarding these programs. -- -diff --git a/cifscreds.rst b/cifscreds.rst -index 5c2a195..a6676cb 100644 ---- a/cifscreds.rst -+++ b/cifscreds.rst -@@ -5,125 +5,91 @@ cifscreds - ----------------------------------------- - manage NTLM credentials in kernel keyring - ----------------------------------------- -- - :Manual section: 1 - - ******** - SYNOPSIS - ******** - -- --cifscreds add|clear|clearall|update [-u username] [-d] host|domain -- -+ cifscreds add|clear|clearall|update [-u username] [-d] host|domain - - *********** - DESCRIPTION - *********** - -- --The \ **cifscreds**\ program is a tool for managing credentials (username -+The ``cifscreds`` program is a tool for managing credentials (username - and password) for the purpose of establishing sessions in multiuser - mounts. - - When a cifs filesystem is mounted with the "multiuser" option, and does - not use krb5 authentication, it needs to be able to get the credentials --for each user from somewhere. The \ **cifscreds**\ program is the tool used -+for each user from somewhere. The ``cifscreds`` program is the tool used - to provide these credentials to the kernel. - - The first non-option argument to cifscreds is a command (see the --\ **COMMANDS**\ section below). The second non-option argument is a hostname -+`COMMANDS`_ section below). The second non-option argument is a hostname - or address, or an NT domain name. - -- - ******** - COMMANDS - ******** - -+add -+ Add credentials to the kernel to be used for connecting to the given -+ server, or servers in the given domain. - -+clear -+ Clear credentials for a particular host or domain from the kernel. - --\ **add**\ -- -- Add credentials to the kernel to be used for connecting to the given server, or servers in the given domain. -- -- -- --\ **clear**\ -- -- Clear credentials for a particular host or domain from the kernel. -- -- -- --\ **clearall**\ -- -- Clear all cifs credentials from the kernel. -- -- -- --\ **update**\ -- -- Update stored credentials in the kernel with a new username and -- password. -- -- -+clearall -+ Clear all cifs credentials from the kernel. - -+update -+ Update stored credentials in the kernel with a new username and -+ password. - - ******* - OPTIONS - ******* - -+-d, --domain -+ The provided host/domain argument is a NT domainname. - -+ Ordinarily the second argument provided to cifscreds is treated as a -+ hostname or IP address. This option causes the cifscreds program to -+ treat that argument as an NT domainname instead. - --\ **-d**\ , \ **--domain**\ -- -- The provided host/domain argument is a NT domainname. -- -- Ordinarily the second argument provided to cifscreds is treated as a -- hostname or IP address. This option causes the cifscreds program to -- treat that argument as an NT domainname instead. -- -- If there are not host specific credentials for the mounted server, then -- the kernel will next look for a set of domain credentials equivalent to -- the domain= option provided at mount time. -- -- -- --\ **-u**\ , \ **--username**\ -- -- Ordinarily, the username is derived from the unix username of the user -- adding the credentials. This option allows the user to substitute a -- different username. -- -- -+ If there are not host specific credentials for the mounted server, then -+ the kernel will next look for a set of domain credentials equivalent to -+ the domain= option provided at mount time. - -+-u, --username -+ Ordinarily, the username is derived from the unix username of the user -+ adding the credentials. This option allows the user to substitute a -+ different username. - - ***** - NOTES - ***** - -- - The cifscreds utility requires a kernel built with support for the --\ **login**\ key type. That key type was added in v3.3 in mainline Linux -+``login`` key type. That key type was added in v3.3 in mainline Linux - kernels. - --Since \ **cifscreds**\ adds keys to the session keyring, it is highly --recommended that one use \ **pam_keyinit**\ to ensure that a session keyring -+Since ``cifscreds`` adds keys to the session keyring, it is highly -+recommended that one use ``pam_keyinit`` to ensure that a session keyring - is established at login time. - -- - ******** - SEE ALSO - ******** - -- - pam_keyinit(8) - -- - ******* - AUTHORS - ******* - -- - The cifscreds program was originally developed by Igor Druzhinin - . This manpage and a redesign of the code was done - by Jeff Layton . -- -diff --git a/getcifsacl.rst.in b/getcifsacl.rst.in -index 42af258..21a10cd 100644 ---- a/getcifsacl.rst.in -+++ b/getcifsacl.rst.in -@@ -7,80 +7,60 @@ Userspace helper to display an ACL in a security descriptor for Common Internet - -------------------------------------------------------------------------------------------------- - :Manual section: 1 - -- - ******** - SYNOPSIS - ******** - -- --getcifsacl [-v|-r] {file system object} -- -+ getcifsacl [-v|-r] {file system object} - - *********** - DESCRIPTION - *********** - -- - This tool is part of the cifs-utils suite. - --getcifsacl is a userspace helper program for the Linux CIFS client -+``getcifsacl`` is a userspace helper program for the Linux CIFS client - file system. It is intended to display a security descriptor including - ACL for a file system object. - - This program uses a plugin to handle the mapping of SIDs to user and --group names. \ *@pluginpath@*\ should be a symlink that points to the -+group names. *@pluginpath@* should be a symlink that points to the - correct plugin to use. - - Fields of an ACE such as SID, type, flags, and mask are displayed --separated by /. Numeric values of type, flags, and mask are displayed -+separated by /. Numeric values of type, flags, and mask are displayed - in hexadecimal format. - -- - ******* - OPTIONS - ******* - -+-v -+ Print version number and exit. - -- --\ **-v**\ -- -- Print version number and exit. -- -- -- --\ **-r**\ -- -- Display a security descriptor in raw mode. Values such as type and -- flags are displayed in hexadecimal format, a SID is not mapped to a -- name. -- -- -- -+-r -+ Display a security descriptor in raw mode. Values such as type and -+ flags are displayed in hexadecimal format, a SID is not mapped to a -+ name. - - ***** - NOTES - ***** - -- - Kernel support for getcifsacl/setcifsacl utilities was initially - introduced in the 2.6.37 kernel. - -- - ******** - SEE ALSO - ******** - -- - mount.cifs(8), setcifsacl(1) - -- - ****** - AUTHOR - ****** - -- - Shirish Pargaonkar wrote the getcifsacl program. - - The Linux CIFS Mailing list is the preferred place to ask questions - regarding these programs. -- -diff --git a/idmapwb.rst.in b/idmapwb.rst.in -index 4d7fd62..c03e4ca 100644 ---- a/idmapwb.rst.in -+++ b/idmapwb.rst.in -@@ -7,31 +7,28 @@ winbind ID mapping plugin for cifs-utils - ---------------------------------------- - :Manual section: 8 - -- - *********** - DESCRIPTION - *********** - -- - This plugin allows the utilities in cifs-utils to work in conjuction with - the winbind facility of Samba suite. It handles several functions including - mapping UID and GID to SIDs and vice versa. - - Utilities are usually configured to use the correct plugin by creating a --symlink at @pluginpath@ that points to the correct plugin that you wish -+symlink at *@pluginpath@* that points to the correct plugin that you wish - to use. - --This plugin requires that \ **winbindd(8)**\ be properly configured and running. -+This plugin requires that winbindd(8) be properly configured and running. - -- --******************************************************************************* -+******** - SEE ALSO --******************************************************************************* --getcifsacl(1), setcifsacl(1), cifs.idmap(8), samba(7), smb.conf(5), winbindd(8) -- -+******** - -+getcifsacl(1), setcifsacl(1), cifs.idmap(8), samba(7), smb.conf(5), winbindd(8) - --***************************************************************** -+****** - AUTHOR --***************************************************************** -+****** -+ - idmapwb.so was written by Jeff Layton -diff --git a/mount.cifs.rst b/mount.cifs.rst -index a81c6c4..c0f0bdb 100644 ---- a/mount.cifs.rst -+++ b/mount.cifs.rst -@@ -47,7 +47,6 @@ unmounted (usually via the ``umount`` utility). - OPTIONS - ******* - -- - username=arg|user=arg - specifies the username to connect as. If this is not - given, then the environment variable USER is used. -@@ -84,9 +83,9 @@ credentials=filename|cred=filename - password=value - domain=value - -- This is preferred over having passwords in plaintext in a shared file, -- such as ``/etc/fstab`` . Be sure to protect any credentials file -- properly. -+ This is preferred over having passwords in plaintext in a shared file, -+ such as */etc/fstab* . Be sure to protect any credentials file -+ properly. - - uid=arg - sets the uid that will own all files or directories on the mounted -@@ -558,7 +557,7 @@ It's generally preferred to use forward slashes (/) as a delimiter in - service names. They are considered to be the "universal delimiter" - since they are generally not allowed to be embedded within path - components on Windows machines and the client can convert them to --backslashes (\) unconditionally. Conversely, backslash characters are -+backslashes (\\) unconditionally. Conversely, backslash characters are - allowed by POSIX to be part of a path component, and can't be - automatically converted in the same way. - -diff --git a/pam_cifscreds.rst b/pam_cifscreds.rst -index 8e8308c..4e89bfd 100644 ---- a/pam_cifscreds.rst -+++ b/pam_cifscreds.rst -@@ -7,110 +7,83 @@ PAM module to manage NTLM credentials in kernel keyring - ------------------------------------------------------- - :Manual section: 8 - -- - ******** - SYNOPSIS - ******** - -- - Edit the PAM configuration files for the systems that you want to --automatically register NTLM credentials for, e.g. /etc/pam.d/login, --and modify as follows: -- -- --.. code-block:: perl -+automatically register NTLM credentials for, e.g. */etc/pam.d/login*, -+and modify as follows:: - - ... - auth substack system-auth - +++ auth optional pam_cifscreds.so - auth include postlogin - ... -- -+ - ... - session include system-auth - +++ session optional pam_cifscreds.so domain=DOMAIN - session include postlogin - ... - -- - Change DOMAIN to the name of you Windows domain, or use host= as - described below. - -- - *********** - DESCRIPTION - *********** - -- --The \ **pam_cifscreds**\ PAM module is a tool for automatically adding -+The ``pam_cifscreds`` PAM module is a tool for automatically adding - credentials (username and password) for the purpose of establishing - sessions in multiuser mounts. - - When a cifs filesystem is mounted with the "multiuser" option, and does - not use krb5 authentication, it needs to be able to get the credentials --for each user from somewhere. The \ **pam_cifscreds**\ module can be used -+for each user from somewhere. The ``pam_cifscreds`` module can be used - to provide these credentials to the kernel automatically at login. - - In the session section of the PAM configuration file, the module can - either an NT domain name or a list of hostname or addresses. - -- - ******* - OPTIONS - ******* - -+``pam_cifscreds`` supports a couple options which can be set in the PAM -+configuration files. You must have one (and only one) of ``domain=`` or -+``host=``. - --\ **pam_cifscreds**\ supports a couple options which can be set in the PAM --configuration files. You must have one (and only one) of domain= or --host=. -- -- --\ **debug**\ -- -- Turns on some extra debug logging. -- -- -- --\ **domain**\ = -- -- Credentials will be added for the specified NT domain name. -- -- -- --\ **host**\ =[,...] -- -- Credentials will be added for the specified hostnames or IP addresses. -- -+debug -+ Turns on some extra debug logging. - -+domain= -+ Credentials will be added for the specified NT domain name. - -+host=[,...] -+ Credentials will be added for the specified hostnames or IP addresses. - - ***** - NOTES - ***** - -- - The pam_cifscreds PAM module requires a kernel built with support for --the \ **login**\ key type. That key type was added in v3.3 in mainline Linux -+the ``login`` key type. That key type was added in v3.3 in mainline Linux - kernels. - --Since \ **pam_cifscreds**\ adds keys to the session keyring, it is highly --recommended that one use \ **pam_keyinit**\ to ensure that a session keyring -+Since ``pam_cifscreds`` adds keys to the session keyring, it is highly -+recommended that one use ``pam_keyinit`` to ensure that a session keyring - is established at login time. - -- - ******** - SEE ALSO - ******** - -- - cifscreds(1), pam_keyinit(8) - -- - ****** - AUTHOR - ****** - -- - The pam_cifscreds PAM module was developed by Orion Poplawski - . -- -diff --git a/setcifsacl.rst.in b/setcifsacl.rst.in -index ea981e2..de9c758 100644 ---- a/setcifsacl.rst.in -+++ b/setcifsacl.rst.in -@@ -7,179 +7,110 @@ Userspace helper to alter an ACL in a security descriptor for Common Internet Fi - ------------------------------------------------------------------------------------------------ - :Manual section: 1 - -- - ******** - SYNOPSIS - ******** - -- --setcifsacl [-v|-a|-D|-M|-S] "{one or more ACEs}" {file system object} -- -+ setcifsacl [-v|-a|-D|-M|-S] "{one or more ACEs}" {file system object} - - *********** - DESCRIPTION - *********** - -- - This tool is part of the cifs-utils suite. - --\ **setcifsacl**\ is a userspace helper program for the Linux CIFS client --file system. It is intended to alter an ACL of a security descriptor --for a file system object. Whether a security descriptor to be set is -+``setcifsacl`` is a userspace helper program for the Linux CIFS client -+file system. It is intended to alter an ACL of a security descriptor -+for a file system object. Whether a security descriptor to be set is - applied or not is determined by the CIFS/SMB server. - - This program uses a plugin to handle the mapping of user and group --names to SIDs. ``@pluginpath@`` should be a symlink that points to the -+names to SIDs. *@pluginpath@* should be a symlink that points to the - correct plugin to use. - -- - ******* - OPTIONS - ******* - -+-h -+ Print usage message and exit. - -+-v -+ Print version number and exit. - --\ **-h**\ -- -- Print usage message and exit. -- -- -- --\ **-v**\ -- -- Print version number and exit. -- -+-a -+ Add one or more ACEs to an ACL of a security descriptor. An ACE is -+ added even if the same ACE exists in the ACL. - -+-D -+ Delete one or more ACEs from an ACL of a security descriptor. Entire -+ ACE has to match in an existing ACL for the listed ACEs to be deleted. - --\ **-a**\ -- -- Add one or more ACEs to an ACL of a security descriptor. An ACE is -- added even if the same ACE exists in the ACL. -- -+-M -+ Modify one or more ACEs from an ACL of a security descriptor. SID and -+ type are used to match for existing ACEs to be modified with the list -+ of ACEs specified. - -+-S -+ Set an ACL of security descriptor with the list of ACEs Existing ACL -+ is replaced entirely with the specified ACEs. - --\ **-D**\ -- -- Delete one or more ACEs from an ACL of a security descriptor. Entire -- ACE has to match in an existing ACL for the listed ACEs to be deleted. -- -- -- --\ **-M**\ -- -- Modify one or more ACEs from an ACL of a security descriptor. SID and -- type are used to match for existing ACEs to be modified with the list -- of ACEs specified. -- -- -- --\ **-S**\ -- -- Set an ACL of security descriptor with the list of ACEs Existing ACL -- is replaced entirely with the specified ACEs. -- -- Every ACE entry starts with "ACL:" One or more ACEs are specified -- within double quotes. Multiple ACEs are separated by a comma. -- -- Following fields of an ACE can be modified with possible values: -- -- -- \ **SID**\ - Either a name or a raw SID value. -- -- -- -- \ **type**\ - ALLOWED (0x0), DENIED (0x1), OBJECT_ALLOWED (0x5), OBJECT_DENIED (0x6) -- -- -- -- \ **flags**\ - OBJECT_INHERIT_FLAG (OI or 0x1), CONTAINER_INHERIT_FLAG (CI or 0x2), NO_PROPAGATE_INHERIT_FLAG (NI or -- 0x4), INHERIT_ONLY_FLAG (IO or 0x8), INHERITED_ACE_FLAG (IA or 0x10) -- or a combination/OR of these values. -- -- -- -- \ **mask**\ - Either one of FULL, CHANGE, READ, a combination of R W X D P O, or a hex value -- -- -- -+ Every ACE entry starts with "ACL:" One or more ACEs are specified -+ within double quotes. Multiple ACEs are separated by a comma. - -+ Following fields of an ACE can be modified with possible values: - -+ - ``SID`` - Either a name or a raw SID value. -+ - ``type`` - ALLOWED (0x0), DENIED (0x1), OBJECT_ALLOWED (0x5), OBJECT_DENIED (0x6) -+ - ``flags`` - OBJECT_INHERIT_FLAG (OI or 0x1), -+ CONTAINER_INHERIT_FLAG (CI or 0x2), NO_PROPAGATE_INHERIT_FLAG (NI -+ or 0x4), INHERIT_ONLY_FLAG (IO or 0x8), INHERITED_ACE_FLAG (IA or -+ 0x10) or a combination/OR of these values. -+ - ``mask`` - Either one of FULL, CHANGE, READ, a combination of R W X D P O, or a hex value. - - ******** - EXAMPLES - ******** - -- - Add an ACE - ========== - -- -- --.. code-block:: perl -- -- setcifsacl -a "ACL:CIFSTESTDOM\user2:DENIED/0x1/D" -- setcifsacl -a "ACL:CIFSTESTDOM\user1:ALLOWED/OI|CI|NI/D" -- -- -+ setcifsacl -a "ACL:CIFSTESTDOM\user2:DENIED/0x1/D" -+ setcifsacl -a "ACL:CIFSTESTDOM\user1:ALLOWED/OI|CI|NI/D" - - Delete an ACE - ============= - -- -- --.. code-block:: perl -- -- setcifsacl -D "ACL:S-1-1-0:0x1/OI/0x1201ff" -- -- -+ setcifsacl -D "ACL:S-1-1-0:0x1/OI/0x1201ff" - - Modify an ACE - ============= - -- -- --.. code-block:: perl -- -- setcifsacl -M "ACL:CIFSTESTDOM\user1:ALLOWED/0x1f/CHANGE" -- -- -+ setcifsacl -M "ACL:CIFSTESTDOM\user1:ALLOWED/0x1f/CHANGE" - - Set an ACL - ========== - -- -- --.. code-block:: perl -- -- setcifsacl -S "ACL:CIFSTESTDOM\Administrator:0x0/0x0/FULL,ACL:CIFSTESTDOM\user2:0x0/0x0/FULL" -- -- -- -+ setcifsacl -S "ACL:CIFSTESTDOM\Administrator:0x0/0x0/FULL,ACL:CIFSTESTDOM\user2:0x0/0x0/FULL" - - ***** - NOTES - ***** - -- - Kernel support for getcifsacl/setcifsacl utilities was initially - introduced in the 2.6.37 kernel. - -- - ******** - SEE ALSO - ******** - -- - mount.cifs(8), getcifsacl(1) - -- - ****** - AUTHOR - ****** - -- - Shirish Pargaonkar wrote the setcifsacl program. - - The Linux CIFS Mailing list is the preferred place to ask questions - regarding these programs. -- --- -1.8.3.1 - diff --git a/SOURCES/0002-mount.cifs.rst-document-new-no-handlecache-mount-opt.patch b/SOURCES/0002-mount.cifs.rst-document-new-no-handlecache-mount-opt.patch deleted file mode 100644 index 3ec0ede..0000000 --- a/SOURCES/0002-mount.cifs.rst-document-new-no-handlecache-mount-opt.patch +++ /dev/null @@ -1,39 +0,0 @@ -From f701927118c7c0833751e610c3fd45504c47ef08 Mon Sep 17 00:00:00 2001 -From: Aurelien Aptel -Date: Tue, 15 May 2018 10:40:48 +0200 -Subject: [PATCH 02/36] mount.cifs.rst: document new (no)handlecache mount - option - -Signed-off-by: Aurelien Aptel -Reviewed-by: Steve French -Reviewed-by: Pavel Shilovsky -(cherry picked from commit bfcbfaa27a6bcfea3d463e793feff5a983f344a5) -Signed-off-by: Sachin Prabhu ---- - mount.cifs.rst | 10 ++++++++++ - 1 file changed, 10 insertions(+) - -diff --git a/mount.cifs.rst b/mount.cifs.rst -index c0f0bdb..405c459 100644 ---- a/mount.cifs.rst -+++ b/mount.cifs.rst -@@ -237,6 +237,16 @@ cache=arg - The default in kernels prior to 3.7 was ``loose``. As of kernel 3.7 the - default is ``strict``. - -+handlecache -+ (default) In SMB2 and above, the client often has to open the root -+ of the share (empty path) in various places during mount, path -+ revalidation and the statfs(2) system call. This option cuts -+ redundant round trip traffic (opens and closes) by simply keeping -+ the directory handle for the root around once opened. -+ -+nohandlecache -+ Disable caching of the share root directory handle. -+ - directio - Do not do inode data caching on files opened on this mount. This - precludes mmaping files on this mount. In some cases with fast --- -1.8.3.1 - diff --git a/SOURCES/0003-manpage-update-mount.cifs-manpage-with-info-about-rd.patch b/SOURCES/0003-manpage-update-mount.cifs-manpage-with-info-about-rd.patch deleted file mode 100644 index 1facb72..0000000 --- a/SOURCES/0003-manpage-update-mount.cifs-manpage-with-info-about-rd.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 9caa0b96b49cb38b8ed7c4c05b3f517ae0313991 Mon Sep 17 00:00:00 2001 -From: Kenneth Dsouza -Date: Fri, 13 Jul 2018 23:49:59 +0530 -Subject: [PATCH 03/36] manpage: update mount.cifs manpage with info about rdma - option - -Signed-off-by: Kenneth Dsouza -(cherry picked from commit 03a3296c79f8195f94c43a3b4feb09df75d9b90e) -Signed-off-by: Sachin Prabhu ---- - mount.cifs.rst | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/mount.cifs.rst b/mount.cifs.rst -index 405c459..56c1bf9 100644 ---- a/mount.cifs.rst -+++ b/mount.cifs.rst -@@ -403,6 +403,11 @@ echo_interval=n - If this option is not given then the default value of 60 seconds is used. - The minimum tunable value is 1 second and maximum can go up to 600 seconds. - -+rdma -+ Use to connect to SMB Direct, only applicable when specified with -+ vers=3 or vers=3.x. -+ Here 3.x can be 3.0, 3.02 or 3.1.1. -+ - serverino - Use inode numbers (unique persistent file identifiers) returned by the - server instead of automatically generating temporary inode numbers on --- -1.8.3.1 - diff --git a/SOURCES/0004-checkopts-add-python-script-to-cross-check-mount-opt.patch b/SOURCES/0004-checkopts-add-python-script-to-cross-check-mount-opt.patch deleted file mode 100644 index cacafe4..0000000 --- a/SOURCES/0004-checkopts-add-python-script-to-cross-check-mount-opt.patch +++ /dev/null @@ -1,263 +0,0 @@ -From 0c846b0201e7d74186a10facfed222596a0d1d50 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Aur=C3=A9lien=20Aptel?= -Date: Tue, 10 Jul 2018 17:50:42 +0200 -Subject: [PATCH 04/36] checkopts: add python script to cross check mount - options - -Signed-off-by: Aurelien Aptel -(cherry picked from commit 97209a56d13b8736579a58cccf00d2da4e4a0e5a) -Signed-off-by: Sachin Prabhu ---- - checkopts | 240 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 240 insertions(+) - create mode 100755 checkopts - -diff --git a/checkopts b/checkopts -new file mode 100755 -index 0000000..26ca271 ---- /dev/null -+++ b/checkopts -@@ -0,0 +1,240 @@ -+#!/usr/bin/env python3 -+# -+# Script to check for inconsistencies between documented mount options -+# and implemented kernel options. -+# Copyright (C) 2018 Aurelien Aptel (aaptel@suse.com) -+# -+# This program is free software; you can redistribute it and/or modify -+# it under the terms of the GNU General Public License as published by -+# the Free Software Foundation; either version 3 of the License, or -+# (at your option) any later version. -+# -+# This program is distributed in the hope that it will be useful, -+# but WITHOUT ANY WARRANTY; without even the implied warranty of -+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+# GNU General Public License for more details. -+# -+# You should have received a copy of the GNU General Public License -+# along with this program. If not, see . -+ -+import os -+import sys -+import re -+import subprocess -+import argparse -+from pprint import pprint as P -+ -+def extract_canonical_opts(s): -+ """ -+ Return list of option names present in s. -+ e.g "opt1=a|opt2=d" => ["opt1", "opt2"]) -+ """ -+ opts = s.split("|") -+ res = [] -+ for o in opts: -+ x = o.split("=") -+ res.append(x[0]) -+ return res -+ -+def extract_kernel_opts(fn): -+ STATE_BASE = 0 -+ STATE_DEF = 1 -+ STATE_USE = 2 -+ STATE_EXIT = 3 -+ -+ state = STATE_BASE -+ fmt2enum = {} -+ enum2code = {} -+ code = '' -+ current_opt = '' -+ rx = RX() -+ -+ def code_add(s): -+ if current_opt != '': -+ if current_opt not in enum2code: -+ enum2code[current_opt] = '' -+ enum2code[current_opt] += s -+ -+ with open(fn) as f: -+ for s in f.readlines(): -+ if state == STATE_EXIT: -+ break -+ -+ elif state == STATE_BASE: -+ if rx.search(r'cifs_mount_option_tokens.*\{', s): -+ state = STATE_DEF -+ elif rx.search(r'^cifs_parse_mount_options', s): -+ state = STATE_USE -+ -+ elif state == STATE_DEF: -+ if rx.search(r'(Opt_[a-zA-Z0-9_]+)\s*,\s*"([^"]+)"', s): -+ fmt = rx.group(2) -+ opts = extract_canonical_opts(fmt) -+ assert(len(opts) == 1) -+ name = opts[0] -+ fmt2enum[name] = {'enum':rx.group(1), 'fmt':fmt} -+ elif rx.search(r'^};', s): -+ state = STATE_BASE -+ -+ elif state == STATE_USE: -+ if rx.search(r'^\s*case (Opt_[a-zA-Z0-9_]+)', s): -+ current_opt = rx.group(1) -+ elif current_opt != '' and rx.search(r'^\s*default:', s): -+ state = STATE_EXIT -+ else: -+ code_add(s) -+ return fmt2enum, enum2code -+ -+def chomp(s): -+ if s[-1] == '\n': -+ return s[:-1] -+ return s -+ -+def extract_man_opts(fn): -+ STATE_EXIT = 0 -+ STATE_BASE = 1 -+ STATE_OPT = 2 -+ -+ state = STATE_BASE -+ rx = RX() -+ opts = {} -+ -+ with open(fn) as f: -+ for s in f.readlines(): -+ if state == STATE_EXIT: -+ break -+ -+ elif state == STATE_BASE: -+ if rx.search(r'^OPTION', s): -+ state = STATE_OPT -+ -+ elif state == STATE_OPT: -+ if rx.search('^[a-z]', s) and len(s) < 50: -+ s = chomp(s) -+ names = extract_canonical_opts(s) -+ for name in names: -+ opts[name] = s -+ elif rx.search(r'^[A-Z]+', s): -+ state = STATE_EXIT -+ return opts -+ -+def format_code(s): -+ # remove common indent in the block -+ min_indent = None -+ for ln in s.split("\n"): -+ indent = 0 -+ for c in ln: -+ if c == '\t': indent += 1 -+ else: break -+ if min_indent is None: -+ min_indent = indent -+ elif indent > 0: -+ min_indent = min(indent, min_indent) -+ out = '' -+ lines = s.split("\n") -+ if lines[-1].strip() == '': -+ lines.pop() -+ for ln in lines: -+ out += "| %s\n" % ln[min_indent:] -+ return out -+ -+def sortedset(s): -+ return sorted(list(s), key=lambda x: re.sub('^no', '', x)) -+ -+def opt_neg(opt): -+ if opt.startswith("no"): -+ return opt[2:] -+ else: -+ return "no"+opt -+ -+def main(): -+ ap = argparse.ArgumentParser(description="Cross-check mount options from cifs.ko/man page") -+ ap.add_argument("cfile", help="path to connect.c") -+ ap.add_argument("rstfile", help="path to mount.cifs.rst") -+ args = ap.parse_args() -+ -+ fmt2enum, enum2code = extract_kernel_opts(args.cfile) -+ manopts = extract_man_opts(args.rstfile) -+ -+ kernel_opts_set = set(fmt2enum.keys()) -+ man_opts_set = set(manopts.keys()) -+ -+ def opt_alias_is_doc(o): -+ enum = fmt2enum[o]['enum'] -+ aliases = [] -+ for k,v in fmt2enum.items(): -+ if k != o and v['enum'] == enum: -+ if opt_is_doc(k): -+ return k -+ return None -+ -+ def opt_exists(o): -+ return o in fmt2enum -+ -+ def opt_is_doc(o): -+ return o in manopts -+ -+ -+ print('UNDOCUMENTED OPTIONS') -+ print('====================') -+ -+ undoc_opts = kernel_opts_set - man_opts_set -+ # group opts and their negations together -+ for opt in sortedset(undoc_opts): -+ fmt = fmt2enum[opt]['fmt'] -+ enum = fmt2enum[opt]['enum'] -+ code = format_code(enum2code[enum]) -+ neg = opt_neg(opt) -+ -+ if enum == 'Opt_ignore': -+ print("# skipping %s (Opt_ignore)\n"%opt) -+ continue -+ -+ if opt_exists(neg) and opt_is_doc(neg): -+ print("# skipping %s (%s is documented)\n"%(opt, neg)) -+ continue -+ -+ alias = opt_alias_is_doc(opt) -+ if alias: -+ print("# skipping %s (alias %s is documented)\n"%(opt, alias)) -+ continue -+ -+ print('OPTION %s ("%s" -> %s):\n%s'%(opt, fmt, enum, code)) -+ -+ print('') -+ print('DOCUMENTED BUT NON-EXISTING OPTIONS') -+ print('===================================') -+ -+ unex_opts = man_opts_set - kernel_opts_set -+ # group opts and their negations together -+ for opt in sortedset(unex_opts): -+ fmt = manopts[opt] -+ print('OPTION %s ("%s")' % (opt, fmt)) -+ -+ -+ print('') -+ print('NEGATIVE OPTIONS WITHOUT POSITIVE') -+ print('=================================') -+ -+ for opt in sortedset(kernel_opts_set): -+ if not opt.startswith('no'): -+ continue -+ -+ neg = opt[2:] -+ if not opt_exists(neg): -+ print("OPTION %s exists but not %s"%(opt,neg)) -+ -+# little helper to test AND store result at the same time so you can -+# do if/elsif easily instead of nesting them when you need to do -+# captures -+class RX: -+ def __init__(self): -+ pass -+ def search(self, rx, s, flags=0): -+ self.r = re.search(rx, s, flags) -+ return self.r -+ def group(self, n): -+ return self.r.group(n) -+ -+if __name__ == '__main__': -+ main() --- -1.8.3.1 - diff --git a/SOURCES/0005-mount.cifs.rst-document-missing-options-correct-wron.patch b/SOURCES/0005-mount.cifs.rst-document-missing-options-correct-wron.patch deleted file mode 100644 index 1ef5802..0000000 --- a/SOURCES/0005-mount.cifs.rst-document-missing-options-correct-wron.patch +++ /dev/null @@ -1,221 +0,0 @@ -From e1e36b41e779d241cc1ff0e2f6f90b630b1e3d14 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Aur=C3=A9lien=20Aptel?= -Date: Tue, 10 Jul 2018 17:50:43 +0200 -Subject: [PATCH 05/36] mount.cifs.rst: document missing options, correct wrong - ones - -Signed-off-by: Aurelien Aptel -(cherry picked from commit 7325a01abc529d68756bae90cf23233392626939) -Signed-off-by: Sachin Prabhu ---- - mount.cifs.rst | 111 ++++++++++++++++++++++++++++++++++++++++----------------- - 1 file changed, 79 insertions(+), 32 deletions(-) - -diff --git a/mount.cifs.rst b/mount.cifs.rst -index 56c1bf9..13b3a1e 100644 ---- a/mount.cifs.rst -+++ b/mount.cifs.rst -@@ -123,6 +123,11 @@ forcegid - of the gid= option. See the section on `FILE AND DIRECTORY OWNERSHIP - AND PERMISSIONS`_ below for more information. - -+idsfromsid -+ Extract uid/gid from special SID instead of mapping it. See the -+ section on `FILE AND DIRECTORY OWNERSHIP AND PERMISSIONS`_ below for -+ more information. -+ - port=arg - sets the port number on which the client will attempt to contact the - CIFS server. If this value is specified, look for an existing -@@ -133,8 +138,9 @@ port=arg - try to connect on port 445 first and then port 139 if that - fails. Return an error if both fail. - --servernetbiosname=arg -- Specify the server netbios name (RFC1001 name) to use when attempting -+ -+netbiosname=arg -+ Specify the client netbios name (RFC1001 name) to use when attempting - to setup a session to the server. Although rarely needed for mounting - to newer servers, this option is needed for mounting to some older - servers (such as OS/2 or Windows 98 and Windows ME) since when -@@ -143,7 +149,8 @@ servernetbiosname=arg - characters long and is usually uppercased. - - servern=arg -- Synonym for ``servernetbiosname`` -+ Similarl to ``netbiosname`` except it specifies the netbios name of -+ the server instead of the client. - - netbiosname=arg - When mounting to servers via port 139, specifies the RFC1001 source -@@ -166,6 +173,10 @@ ip=arg|addr=arg - domain=arg|dom=arg|workgroup=arg - sets the domain (workgroup) of the user. - -+domainauto -+ When using NTLMv2 authentification and not providing a domain via -+ ``domain``, guess the domain from the server NTLM challenge. -+ - guest - don't prompt for a password. - -@@ -237,6 +248,9 @@ cache=arg - The default in kernels prior to 3.7 was ``loose``. As of kernel 3.7 the - default is ``strict``. - -+nostrictsync -+ Do not flush to the server on fsync(). -+ - handlecache - (default) In SMB2 and above, the client often has to open the root - of the share (empty path) in various places during mount, path -@@ -247,32 +261,6 @@ handlecache - nohandlecache - Disable caching of the share root directory handle. - --directio -- Do not do inode data caching on files opened on this mount. This -- precludes mmaping files on this mount. In some cases with fast -- networks and little or no caching benefits on the client (e.g. when -- the application is doing large sequential reads bigger than page size -- without rereading the same data) this can provide better performance -- than the default behavior which caches reads (readahead) and writes -- (writebehind) through the local Linux client pagecache if oplock -- (caching token) is granted and held. Note that direct allows write -- operations larger than page size to be sent to the server. On some -- kernels this requires the cifs.ko module to be built with the -- ``CIFS_EXPERIMENTAL`` configure option. -- -- This option is will be deprecated in 3.7. Users should use -- ``cache=none`` instead on more recent kernels. -- --strictcache -- Use for switching on strict cache mode. In this mode the client reads -- from the cache all the time it has *Oplock Level II* , otherwise - -- read from the server. As for write - the client stores a data in the -- cache in *Exclusive Oplock* case, otherwise - write directly to the -- server. -- -- This option is will be deprecated in 3.7. Users should use -- ``cache=strict`` instead on more recent kernels. -- - rwpidforward - Forward pid of a process who opened a file to any read or write - operation on that file. This prevent applications like wine(1) from -@@ -283,7 +271,7 @@ mapchars - including the colon, question mark, pipe, asterik, greater than and - less than characters) to the remap range (above 0xF000), which also - allows the CIFS client to recognize files created with such characters -- by Windows's POSIX emulation. This can also be useful when mounting to -+ by Windows's Services for Mac. This can also be useful when mounting to - most versions of Samba (which also forbids creating and opening files - whose names contain any of these seven characters). This has no effect - if the server does not support Unicode on the wire. Please note that -@@ -293,6 +281,10 @@ mapchars - nomapchars - (default) Do not translate any of these seven characters. - -+mapposix -+ Translate reserved characters similarly to ``mapchars`` but use the -+ mapping from Microsoft "Services For Unix". -+ - intr - currently unimplemented. - -@@ -370,12 +362,42 @@ seal - Request encryption at the SMB layer. Encryption is only supported in - SMBv3 and above. The encryption algorithm used is AES-128-CCM. - -+rdma -+ Connect directly to the server using SMB Direct via a RDMA adapter. -+ -+resilienthandles -+ Enable resilient handles. If the server supports it, keep opened -+ files across reconenctions. Requires SMB2.1. -+ -+noresilienthandles -+ (default) Disable resilient handles. -+ -+persistenthandles -+ Enable persistent handles. If the server supports it, keep opened -+ files across reconnections. Persistent handles are also valid across -+ servers in a cluser and have stronger guarantees than resilient -+ handles. Requires SMB3 or above. -+ -+nopersistenthandles -+ (default) Disable persistent handles. -+ -+snapshot=time -+ Mount a specific snapshot of the remote share. ``time`` must be a -+ positive integer identifying the snapshot requested. -+ - nobrl - Do not send byte range lock requests to the server. This is necessary - for certain applications that break with cifs style mandatory byte - range locks (and most cifs servers do not yet support requesting - advisory byte range locks). - -+forcemandatorylock -+ Do not use POSIX locks even when available via unix -+ extensions. Always use cifs style mandatory locks. -+ -+locallease -+ Check cache leases locally instead of querying the server. -+ - sfu - When the CIFS Unix Extensions are not negotiated, attempt to create - device files and fifos in a format compatible with Services for Unix -@@ -431,8 +453,12 @@ noserverino - - See section `INODE NUMBERS`_ for more information. - --nounix -- Disable the CIFS Unix Extensions for this mount. This can be useful in -+unix|linux -+ (default) Enable Unix Extensions for this mount. Requires CIFS -+ (vers=1.0) or SMB3.1.1 (vers=3.1.1) and a server supporting them. -+ -+nounix|nolinux -+ Disable the Unix Extensions for this mount. This can be useful in - order to turn off multiple settings at once. This includes POSIX acls, - POSIX locks, POSIX paths, symlink support and retrieving - uids/gids/mode from the server. This can also be useful to work around -@@ -444,6 +470,23 @@ nouser_xattr - Do not allow getfattr/setfattr to get/set xattrs, even if server would - support it otherwise. The default is for xattr support to be enabled. - -+nodfs -+ Do not follow Distributed FileSystem referals. IO on a file not -+ stored on the server will fail instead of connecting to the target -+ server transparently. -+ -+noautotune -+ Use fixed size for kernel recv/send socket buffers. -+ -+nosharesock -+ Do not try to reuse sockets if the system is already connected to -+ the server via an existing mount point. This will make the client -+ always make a new connection to the server no matter what he is -+ already connected to. -+ -+noblocksend -+ Send data on the socket using non blocking operations (MSG_DONTWAIT flag). -+ - rsize=bytes - Maximum amount of data that the kernel will request in a read request - in bytes. Prior to kernel 3.2.0, the default was 16k, and the maximum -@@ -472,6 +515,10 @@ wsize=bytes - this value isn't specified or it's greater or equal than the existing - one. - -+max_credits=n -+ Maximum credits the SMB2 client can have. Default is 32000. Must be -+ set to a number between 20 and 60000. -+ - fsc - Enable local disk caching using FS-Cache for CIFS. This option could - be useful to improve performance on a slow link, heavily loaded server --- -1.8.3.1 - diff --git a/SOURCES/0006-checkopts-report-duplicated-options-in-man-page.patch b/SOURCES/0006-checkopts-report-duplicated-options-in-man-page.patch deleted file mode 100644 index fc2af65..0000000 --- a/SOURCES/0006-checkopts-report-duplicated-options-in-man-page.patch +++ /dev/null @@ -1,69 +0,0 @@ -From 5cff08c4ac6bcb43ac2bc371db189a88c53c8326 Mon Sep 17 00:00:00 2001 -From: Aurelien Aptel -Date: Wed, 8 Aug 2018 11:38:15 +0200 -Subject: [PATCH 06/36] checkopts: report duplicated options in man page - -Signed-off-by: Aurelien Aptel -(cherry picked from commit 77b028c11fee787d1235a08fd06c8b60d20eb9c0) -Signed-off-by: Sachin Prabhu ---- - checkopts | 19 ++++++++++++++++--- - 1 file changed, 16 insertions(+), 3 deletions(-) - -diff --git a/checkopts b/checkopts -index 26ca271..88e70b1 100755 ---- a/checkopts -+++ b/checkopts -@@ -98,9 +98,12 @@ def extract_man_opts(fn): - state = STATE_BASE - rx = RX() - opts = {} -+ ln = 0 - - with open(fn) as f: - for s in f.readlines(): -+ ln += 1 -+ - if state == STATE_EXIT: - break - -@@ -113,7 +116,9 @@ def extract_man_opts(fn): - s = chomp(s) - names = extract_canonical_opts(s) - for name in names: -- opts[name] = s -+ if name not in opts: -+ opts[name] = [] -+ opts[name].append({'ln':ln, 'fmt':s}) - elif rx.search(r'^[A-Z]+', s): - state = STATE_EXIT - return opts -@@ -174,6 +179,14 @@ def main(): - def opt_is_doc(o): - return o in manopts - -+ print('DUPLICATED DOC OPTIONS') -+ print('======================') -+ -+ for opt in sortedset(man_opts_set): -+ if len(manopts[opt]) > 1: -+ lines = ", ".join([str(x['ln']) for x in manopts[opt]]) -+ print("OPTION %-20.20s (lines %s)"%(opt, lines)) -+ print() - - print('UNDOCUMENTED OPTIONS') - print('====================') -@@ -208,8 +221,8 @@ def main(): - unex_opts = man_opts_set - kernel_opts_set - # group opts and their negations together - for opt in sortedset(unex_opts): -- fmt = manopts[opt] -- print('OPTION %s ("%s")' % (opt, fmt)) -+ man = manopts[opt][0] -+ print('OPTION %s ("%s") line %d' % (opt, man['fmt'], man['ln'])) - - - print('') --- -1.8.3.1 - diff --git a/SOURCES/0007-mount.cifs.rst-more-cleanups.patch b/SOURCES/0007-mount.cifs.rst-more-cleanups.patch deleted file mode 100644 index 1c9c302..0000000 --- a/SOURCES/0007-mount.cifs.rst-more-cleanups.patch +++ /dev/null @@ -1,161 +0,0 @@ -From 4641bf62ceab8ed86e55c422f0dc7819972f14b6 Mon Sep 17 00:00:00 2001 -From: Aurelien Aptel -Date: Wed, 8 Aug 2018 11:38:16 +0200 -Subject: [PATCH 07/36] mount.cifs.rst: more cleanups - -* remove duplicates (netbiosname, rdma) -* remove snapshot -* document nostrictsync, domain, domainauto better -* point to vers= when talking about version requirements -* typos - -Signed-off-by: Aurelien Aptel -(cherry picked from commit 06503ef4490a3dde4e8297cf1c5cb336ba43aafa) -Signed-off-by: Sachin Prabhu ---- - mount.cifs.rst | 61 ++++++++++++++++++++++++++++------------------------------ - 1 file changed, 29 insertions(+), 32 deletions(-) - -diff --git a/mount.cifs.rst b/mount.cifs.rst -index 13b3a1e..3504477 100644 ---- a/mount.cifs.rst -+++ b/mount.cifs.rst -@@ -138,25 +138,20 @@ port=arg - try to connect on port 445 first and then port 139 if that - fails. Return an error if both fail. - -- - netbiosname=arg -- Specify the client netbios name (RFC1001 name) to use when attempting -- to setup a session to the server. Although rarely needed for mounting -+ When mounting to servers via port 139, specifies the RFC1001 source -+ name to use to represent the client netbios machine during the netbios -+ session initialization. -+ -+servern=arg -+ Similar to ``netbiosname`` except it specifies the netbios name of -+ the server instead of the client. Although rarely needed for mounting - to newer servers, this option is needed for mounting to some older - servers (such as OS/2 or Windows 98 and Windows ME) since when - connecting over port 139 they, unlike most newer servers, do not - support a default server name. A server name can be up to 15 - characters long and is usually uppercased. - --servern=arg -- Similarl to ``netbiosname`` except it specifies the netbios name of -- the server instead of the client. -- --netbiosname=arg -- When mounting to servers via port 139, specifies the RFC1001 source -- name to use to represent the client netbios machine name when doing -- the RFC1001 netbios session initialize. -- - file_mode=arg - If the server does not support the CIFS Unix extensions this overrides - the default file mode. -@@ -171,11 +166,14 @@ ip=arg|addr=arg - rarely needs to be specified by the user. - - domain=arg|dom=arg|workgroup=arg -- sets the domain (workgroup) of the user. -+ Sets the domain (workgroup) of the user. If no domains are given, -+ the empty domain will be used. Use ``domainauto`` to automatically -+ guess the domain of the server you are connecting to. - - domainauto -- When using NTLMv2 authentification and not providing a domain via -+ When using NTLM authentication and not providing a domain via - ``domain``, guess the domain from the server NTLM challenge. -+ This behavior used to be the default on kernels older than 2.6.36. - - guest - don't prompt for a password. -@@ -249,7 +247,14 @@ cache=arg - default is ``strict``. - - nostrictsync -- Do not flush to the server on fsync(). -+ Do not ask the server to flush on fsync(). -+ Some servers perform non-buffered writes by default in which case -+ flushing is redundant. In workloads where a client is performing a -+ lot of small write + fsync combinations and where network latency is -+ much higher than the server latency, this brings a 2x performance -+ improvement. -+ This option is also a good candidate in scenarios where we want -+ performance over consistency. - - handlecache - (default) In SMB2 and above, the client often has to open the root -@@ -359,15 +364,16 @@ sec=arg - automatically if it's enabled in */proc/fs/cifs/SecurityFlags*. - - seal -- Request encryption at the SMB layer. Encryption is only supported in -- SMBv3 and above. The encryption algorithm used is AES-128-CCM. -+ Request encryption at the SMB layer. The encryption algorithm used -+ is AES-128-CCM. Requires SMB3 or above (see ``vers``). - - rdma -- Connect directly to the server using SMB Direct via a RDMA adapter. -+ Connect directly to the server using SMB Direct via a RDMA -+ adapter. Requires SMB3 or above (see ``vers``). - - resilienthandles - Enable resilient handles. If the server supports it, keep opened -- files across reconenctions. Requires SMB2.1. -+ files across reconnections. Requires SMB2.1 (see ``vers``). - - noresilienthandles - (default) Disable resilient handles. -@@ -375,16 +381,12 @@ noresilienthandles - persistenthandles - Enable persistent handles. If the server supports it, keep opened - files across reconnections. Persistent handles are also valid across -- servers in a cluser and have stronger guarantees than resilient -- handles. Requires SMB3 or above. -+ servers in a cluster and have stronger guarantees than resilient -+ handles. Requires SMB3 or above (see ``vers``). - - nopersistenthandles - (default) Disable persistent handles. - --snapshot=time -- Mount a specific snapshot of the remote share. ``time`` must be a -- positive integer identifying the snapshot requested. -- - nobrl - Do not send byte range lock requests to the server. This is necessary - for certain applications that break with cifs style mandatory byte -@@ -396,7 +398,7 @@ forcemandatorylock - extensions. Always use cifs style mandatory locks. - - locallease -- Check cache leases locally instead of querying the server. -+ Check cached leases locally instead of querying the server. - - sfu - When the CIFS Unix Extensions are not negotiated, attempt to create -@@ -425,11 +427,6 @@ echo_interval=n - If this option is not given then the default value of 60 seconds is used. - The minimum tunable value is 1 second and maximum can go up to 600 seconds. - --rdma -- Use to connect to SMB Direct, only applicable when specified with -- vers=3 or vers=3.x. -- Here 3.x can be 3.0, 3.02 or 3.1.1. -- - serverino - Use inode numbers (unique persistent file identifiers) returned by the - server instead of automatically generating temporary inode numbers on -@@ -471,7 +468,7 @@ nouser_xattr - support it otherwise. The default is for xattr support to be enabled. - - nodfs -- Do not follow Distributed FileSystem referals. IO on a file not -+ Do not follow Distributed FileSystem referrals. IO on a file not - stored on the server will fail instead of connecting to the target - server transparently. - --- -1.8.3.1 - diff --git a/SOURCES/0008-mount.cifs.rst-document-vers-3-mount-option.patch b/SOURCES/0008-mount.cifs.rst-document-vers-3-mount-option.patch deleted file mode 100644 index 6621492..0000000 --- a/SOURCES/0008-mount.cifs.rst-document-vers-3-mount-option.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 3d47c844a7b69a1c9f96289e44d92343653d05f4 Mon Sep 17 00:00:00 2001 -From: Pavel Shilovsky -Date: Fri, 17 Aug 2018 11:08:58 -0700 -Subject: [PATCH 08/36] mount.cifs.rst: document vers=3 mount option - -Signed-off-by: Pavel Shilovsky -(cherry picked from commit 439cd76f72a2dd3c65fd7d30ece460cde6b9675d) -Signed-off-by: Sachin Prabhu ---- - mount.cifs.rst | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/mount.cifs.rst b/mount.cifs.rst -index 3504477..6587e16 100644 ---- a/mount.cifs.rst -+++ b/mount.cifs.rst -@@ -592,6 +592,7 @@ vers=arg - - 2.1 - The SMBv2.1 protocol that was introduced in Microsoft Windows 7 and Windows Server 2008R2. - - 3.0 - The SMBv3.0 protocol that was introduced in Microsoft Windows 8 and Windows Server 2012. - - 3.1.1 or 3.11 - The SMBv3.1.1 protocol that was introduced in Microsoft Windows Server 2016. -+ - 3 - The SMBv3.0 protocol version and above. - - Note too that while this option governs the protocol version used, not - all features of each version are available. --- -1.8.3.1 - diff --git a/SOURCES/0009-mount.cifs.rst-document-vers-3.02-mount-option.patch b/SOURCES/0009-mount.cifs.rst-document-vers-3.02-mount-option.patch deleted file mode 100644 index 96a8077..0000000 --- a/SOURCES/0009-mount.cifs.rst-document-vers-3.02-mount-option.patch +++ /dev/null @@ -1,27 +0,0 @@ -From ac92f498e11b61def574fe858e6346bf8f2bad25 Mon Sep 17 00:00:00 2001 -From: Pavel Shilovsky -Date: Fri, 17 Aug 2018 11:13:45 -0700 -Subject: [PATCH 09/36] mount.cifs.rst: document vers=3.02 mount option - -Signed-off-by: Pavel Shilovsky -(cherry picked from commit 3c7e8c3663f50c2d2df6158cc4d22c4fccdc8ae8) -Signed-off-by: Sachin Prabhu ---- - mount.cifs.rst | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/mount.cifs.rst b/mount.cifs.rst -index 6587e16..a0faf7f 100644 ---- a/mount.cifs.rst -+++ b/mount.cifs.rst -@@ -591,6 +591,7 @@ vers=arg - different dialect (2.000) that is not supported. - - 2.1 - The SMBv2.1 protocol that was introduced in Microsoft Windows 7 and Windows Server 2008R2. - - 3.0 - The SMBv3.0 protocol that was introduced in Microsoft Windows 8 and Windows Server 2012. -+ - 3.02 - The SMBv3.0.2 protocol that was introduced in Microsoft Windows 8.1 and Windows Server 2012R2. - - 3.1.1 or 3.11 - The SMBv3.1.1 protocol that was introduced in Microsoft Windows Server 2016. - - 3 - The SMBv3.0 protocol version and above. - --- -1.8.3.1 - diff --git a/SOURCES/0010-cifs-Allow-DNS-resolver-key-to-expire.patch b/SOURCES/0010-cifs-Allow-DNS-resolver-key-to-expire.patch deleted file mode 100644 index f621411..0000000 --- a/SOURCES/0010-cifs-Allow-DNS-resolver-key-to-expire.patch +++ /dev/null @@ -1,216 +0,0 @@ -From bc41dbe55098629101fbf286755e123c9a2b6b77 Mon Sep 17 00:00:00 2001 -From: Paulo Alcantara -Date: Wed, 13 Feb 2019 16:09:41 -0200 -Subject: [PATCH 10/36] cifs: Allow DNS resolver key to expire - -This patch introduces a new '--expire' option that allows the user to -set a timeout value for the dns resolver key -- which is typically -useful for hostnames that may get their ip addresses changed under -long running mounts. - -The default timeout value is set to 10 minutes. - -Signed-off-by: Paulo Alcantara -(cherry picked from commit b101af793c8415f298072d06841a278df0368bc3) -Signed-off-by: Sachin Prabhu ---- - cifs.upcall.c | 82 +++++++++++++++++++++++++++++++++++++++--------------- - cifs.upcall.rst.in | 5 +++- - 2 files changed, 64 insertions(+), 23 deletions(-) - -diff --git a/cifs.upcall.c b/cifs.upcall.c -index 89563fd..c92ee62 100644 ---- a/cifs.upcall.c -+++ b/cifs.upcall.c -@@ -63,6 +63,8 @@ - static krb5_context context; - static const char *prog = "cifs.upcall"; - -+#define DNS_RESOLVER_DEFAULT_TIMEOUT 600 /* 10 minutes */ -+ - typedef enum _sectype { - NONE = 0, - KRB5, -@@ -749,19 +751,48 @@ decode_key_description(const char *desc, struct decoded_args *arg) - return retval; - } - --static int cifs_resolver(const key_serial_t key, const char *key_descr) -+static int setup_key(const key_serial_t key, const void *data, size_t datalen) -+{ -+ int rc; -+ -+ rc = keyctl_instantiate(key, data, datalen, 0); -+ if (rc) { -+ switch (errno) { -+ case ENOMEM: -+ case EDQUOT: -+ rc = keyctl_clear(key); -+ if (rc) { -+ syslog(LOG_ERR, "%s: keyctl_clear: %s", -+ __func__, strerror(errno)); -+ return rc; -+ } -+ rc = keyctl_instantiate(key, data, datalen, 0); -+ break; -+ default: -+ ; -+ } -+ } -+ if (rc) { -+ syslog(LOG_ERR, "%s: keyctl_instantiate: %s", -+ __func__, strerror(errno)); -+ } -+ return rc; -+} -+ -+static int cifs_resolver(const key_serial_t key, const char *key_descr, -+ const char *key_buf, unsigned expire_time) - { - int c; - struct addrinfo *addr; - char ip[INET6_ADDRSTRLEN]; - void *p; -- const char *keyend = key_descr; -+ const char *keyend = key_buf; - /* skip next 4 ';' delimiters to get to description */ - for (c = 1; c <= 4; c++) { - keyend = index(keyend + 1, ';'); - if (!keyend) { - syslog(LOG_ERR, "invalid key description: %s", -- key_descr); -+ key_buf); - return 1; - } - } -@@ -787,15 +818,21 @@ static int cifs_resolver(const key_serial_t key, const char *key_descr) - return 1; - } - -- /* setup key */ -- c = keyctl_instantiate(key, ip, strlen(ip) + 1, 0); -- if (c == -1) { -- syslog(LOG_ERR, "%s: keyctl_instantiate: %s", __func__, -+ /* needed for keyctl_set_timeout() */ -+ request_key("keyring", key_descr, NULL, KEY_SPEC_THREAD_KEYRING); -+ -+ c = setup_key(key, ip, strlen(ip) + 1); -+ if (c) { -+ freeaddrinfo(addr); -+ return 1; -+ } -+ c = keyctl_set_timeout(key, expire_time); -+ if (c) { -+ syslog(LOG_ERR, "%s: keyctl_set_timeout: %s", __func__, - strerror(errno)); - freeaddrinfo(addr); - return 1; - } -- - freeaddrinfo(addr); - return 0; - } -@@ -864,7 +901,7 @@ lowercase_string(char *c) - - static void usage(void) - { -- fprintf(stderr, "Usage: %s [ -K /path/to/keytab] [-k /path/to/krb5.conf] [-E] [-t] [-v] [-l] key_serial\n", prog); -+ fprintf(stderr, "Usage: %s [ -K /path/to/keytab] [-k /path/to/krb5.conf] [-E] [-t] [-v] [-l] [-e nsecs] key_serial\n", prog); - } - - static const struct option long_options[] = { -@@ -874,6 +911,7 @@ static const struct option long_options[] = { - {"trust-dns", 0, NULL, 't'}, - {"keytab", 1, NULL, 'K'}, - {"version", 0, NULL, 'v'}, -+ {"expire", 1, NULL, 'e'}, - {NULL, 0, NULL, 0} - }; - -@@ -897,13 +935,15 @@ int main(const int argc, char *const argv[]) - char *env_cachename = NULL; - krb5_ccache ccache = NULL; - struct passwd *pw; -+ unsigned expire_time = DNS_RESOLVER_DEFAULT_TIMEOUT; -+ const char *key_descr = NULL; - - hostbuf[0] = '\0'; - memset(&arg, 0, sizeof(arg)); - - openlog(prog, 0, LOG_DAEMON); - -- while ((c = getopt_long(argc, argv, "cEk:K:ltv", long_options, NULL)) != -1) { -+ while ((c = getopt_long(argc, argv, "cEk:K:ltve:", long_options, NULL)) != -1) { - switch (c) { - case 'c': - /* legacy option -- skip it */ -@@ -931,6 +971,9 @@ int main(const int argc, char *const argv[]) - rc = 0; - printf("version: %s\n", VERSION); - goto out; -+ case 'e': -+ expire_time = strtoul(optarg, NULL, 10); -+ break; - default: - syslog(LOG_ERR, "unknown option: %c", c); - goto out; -@@ -965,9 +1008,12 @@ int main(const int argc, char *const argv[]) - - syslog(LOG_DEBUG, "key description: %s", buf); - -- if ((strncmp(buf, "cifs.resolver", sizeof("cifs.resolver") - 1) == 0) || -- (strncmp(buf, "dns_resolver", sizeof("dns_resolver") - 1) == 0)) { -- rc = cifs_resolver(key, buf); -+ if (strncmp(buf, "cifs.resolver", sizeof("cifs.resolver") - 1) == 0) -+ key_descr = ".cifs.resolver"; -+ else if (strncmp(buf, "dns_resolver", sizeof("dns_resolver") - 1) == 0) -+ key_descr = ".dns_resolver"; -+ if (key_descr) { -+ rc = cifs_resolver(key, key_descr, buf, expire_time); - goto out; - } - -@@ -1193,16 +1239,8 @@ retry_new_hostname: - memcpy(&(keydata->data) + keydata->sesskey_len, - secblob.data, secblob.length); - -- /* setup key */ -- rc = keyctl_instantiate(key, keydata, datalen, 0); -- if (rc == -1) { -- syslog(LOG_ERR, "keyctl_instantiate: %s", strerror(errno)); -- goto out; -- } -+ rc = setup_key(key, keydata, datalen); - -- /* BB: maybe we need use timeout for key: for example no more then -- * ticket lifietime? */ -- /* keyctl_set_timeout( key, 60); */ - out: - /* - * on error, negatively instantiate the key ourselves so that we can -diff --git a/cifs.upcall.rst.in b/cifs.upcall.rst.in -index 1b8df3f..08ce324 100644 ---- a/cifs.upcall.rst.in -+++ b/cifs.upcall.rst.in -@@ -13,7 +13,7 @@ SYNOPSIS - - cifs.upcall [--trust-dns|-t] [--version|-v] [--legacy-uid|-l] - [--krb5conf=/path/to/krb5.conf|-k /path/to/krb5.conf] -- [--keytab=/path/to/keytab|-K /path/to/keytab] {keyid} -+ [--keytab=/path/to/keytab|-K /path/to/keytab] [--expire|-e nsecs] {keyid} - - *********** - DESCRIPTION -@@ -85,6 +85,9 @@ OPTIONS - user. Set this option if you want cifs.upcall to use the older uid= - parameter instead of the creduid= parameter. - -+--expire|-e -+ Override default timeout value (600 seconds) for ``dns_resolver`` key. -+ - --version|-v - Print version number and exit. - --- -1.8.3.1 - diff --git a/SOURCES/0011-mount.cifs-be-more-verbose-and-helpful-regarding-mou.patch b/SOURCES/0011-mount.cifs-be-more-verbose-and-helpful-regarding-mou.patch deleted file mode 100644 index 803e431..0000000 --- a/SOURCES/0011-mount.cifs-be-more-verbose-and-helpful-regarding-mou.patch +++ /dev/null @@ -1,53 +0,0 @@ -From 368b0d656eaa0c529743d582a36a46d994b260dd Mon Sep 17 00:00:00 2001 -From: Aurelien Aptel -Date: Thu, 14 Feb 2019 12:15:44 +0100 -Subject: [PATCH 11/36] mount.cifs: be more verbose and helpful regarding mount - errors - -Signed-off-by: Aurelien Aptel -(cherry picked from commit 3a00449ea2560c1f160ca5e69a48a5078bfa1194) -Signed-off-by: Sachin Prabhu ---- - mount.cifs.c | 12 +++++++++++- - 1 file changed, 11 insertions(+), 1 deletion(-) - -diff --git a/mount.cifs.c b/mount.cifs.c -index ae7a899..9370f2e 100644 ---- a/mount.cifs.c -+++ b/mount.cifs.c -@@ -2099,6 +2099,10 @@ mount_retry: - switch (errno) { - case ECONNREFUSED: - case EHOSTUNREACH: -+ if (currentaddress) { -+ fprintf(stderr, "mount error(%d): could not connect to %s", -+ errno, currentaddress); -+ } - currentaddress = nextaddress; - if (currentaddress) { - nextaddress = strchr(currentaddress, ','); -@@ -2110,6 +2114,12 @@ mount_retry: - fprintf(stderr, - "mount error: %s filesystem not supported by the system\n", cifs_fstype); - break; -+ case EHOSTDOWN: -+ fprintf(stderr, -+ "mount error: Server abruptly closed the connection.\n" -+ "This can happen if the server does not support the SMB version you are trying to use.\n" -+ "The default SMB version recently changed from SMB1 to SMB2.1 and above. Try mounting with vers=1.0.\n"); -+ break; - case ENXIO: - if (!already_uppercased && - uppercase_string(parsed_info->host) && -@@ -2126,7 +2136,7 @@ mount_retry: - strerror(errno)); - fprintf(stderr, - "Refer to the %s(8) manual page (e.g. man " -- "%s)\n", thisprogram, thisprogram); -+ "%s) and kernel log messages (dmesg)\n", thisprogram, thisprogram); - rc = EX_FAIL; - goto mount_exit; - } --- -1.8.3.1 - diff --git a/SOURCES/0012-Update-mount.cifs-with-vers-default-mount-option-and.patch b/SOURCES/0012-Update-mount.cifs-with-vers-default-mount-option-and.patch deleted file mode 100644 index f5f222a..0000000 --- a/SOURCES/0012-Update-mount.cifs-with-vers-default-mount-option-and.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 478e60f01a37928a5cece9407bf66a1b731d2363 Mon Sep 17 00:00:00 2001 -From: Kenneth D'souza -Date: Fri, 15 Feb 2019 07:52:48 +0530 -Subject: [PATCH 12/36] Update mount.cifs with vers=default mount option and - SMBv3.0.2 - -Add vers=3.0.2 as a valid option for SMBv3.0.2 and explain behavior -of vers=default. - -Signed-off-by: Kenneth D'souza -(cherry picked from commit d93cabc638195b5a4274c2650477456f81651e75) - -Signed-off-by: Sachin Prabhu ---- - mount.cifs.rst | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) - -diff --git a/mount.cifs.rst b/mount.cifs.rst -index a0faf7f..2ad7f59 100644 ---- a/mount.cifs.rst -+++ b/mount.cifs.rst -@@ -591,9 +591,13 @@ vers=arg - different dialect (2.000) that is not supported. - - 2.1 - The SMBv2.1 protocol that was introduced in Microsoft Windows 7 and Windows Server 2008R2. - - 3.0 - The SMBv3.0 protocol that was introduced in Microsoft Windows 8 and Windows Server 2012. -- - 3.02 - The SMBv3.0.2 protocol that was introduced in Microsoft Windows 8.1 and Windows Server 2012R2. -+ - 3.02 or 3.0.2 - The SMBv3.0.2 protocol that was introduced in Microsoft Windows 8.1 and Windows Server 2012R2. - - 3.1.1 or 3.11 - The SMBv3.1.1 protocol that was introduced in Microsoft Windows Server 2016. - - 3 - The SMBv3.0 protocol version and above. -+ - default - Tries to negotiate the highest SMB2+ version supported by both the client and server. -+ -+ If no dialect is specified on mount vers=default is used. -+ To check ``Dialect`` refer to /proc/fs/cifs/DebugData - - Note too that while this option governs the protocol version used, not - all features of each version are available. --- -1.8.3.1 - diff --git a/SOURCES/0013-mount.cifs.rst-update-vers-3.1.1-option-description.patch b/SOURCES/0013-mount.cifs.rst-update-vers-3.1.1-option-description.patch deleted file mode 100644 index 8dd160f..0000000 --- a/SOURCES/0013-mount.cifs.rst-update-vers-3.1.1-option-description.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 87d529be482436e809dd6280d6d1cc977fd2d453 Mon Sep 17 00:00:00 2001 -From: Pavel Shilovsky -Date: Fri, 15 Feb 2019 12:03:44 -0800 -Subject: [PATCH 13/36] mount.cifs.rst: update vers=3.1.1 option description - -Signed-off-by: Pavel Shilovsky -(cherry picked from commit b3f78f6dc200f61418d3d6c256ec116c3137ffee) - -Signed-off-by: Sachin Prabhu ---- - mount.cifs.rst | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/mount.cifs.rst b/mount.cifs.rst -index 2ad7f59..f64d1f1 100644 ---- a/mount.cifs.rst -+++ b/mount.cifs.rst -@@ -592,7 +592,7 @@ vers=arg - - 2.1 - The SMBv2.1 protocol that was introduced in Microsoft Windows 7 and Windows Server 2008R2. - - 3.0 - The SMBv3.0 protocol that was introduced in Microsoft Windows 8 and Windows Server 2012. - - 3.02 or 3.0.2 - The SMBv3.0.2 protocol that was introduced in Microsoft Windows 8.1 and Windows Server 2012R2. -- - 3.1.1 or 3.11 - The SMBv3.1.1 protocol that was introduced in Microsoft Windows Server 2016. -+ - 3.1.1 or 3.11 - The SMBv3.1.1 protocol that was introduced in Microsoft Windows 10 and Windows Server 2016. - - 3 - The SMBv3.0 protocol version and above. - - default - Tries to negotiate the highest SMB2+ version supported by both the client and server. - --- -1.8.3.1 - diff --git a/SOURCES/0014-getcifsacl-Do-not-go-to-parse_sec_desc-if-getxattr-f.patch b/SOURCES/0014-getcifsacl-Do-not-go-to-parse_sec_desc-if-getxattr-f.patch deleted file mode 100644 index e37c2b4..0000000 --- a/SOURCES/0014-getcifsacl-Do-not-go-to-parse_sec_desc-if-getxattr-f.patch +++ /dev/null @@ -1,38 +0,0 @@ -From cb086a53b73901cf0dfc957915ff454a30f333b3 Mon Sep 17 00:00:00 2001 -From: Kenneth D'souza -Date: Tue, 19 Feb 2019 07:13:43 +0530 -Subject: [PATCH 14/36] getcifsacl: Do not go to parse_sec_desc if getxattr - fails. - -Add more to the error message by printing the filename and error. - -Signed-off-by: Kenneth D'souza -Reviewed-by: Steve French -(cherry picked from commit 670f416d2c0d07a4d9ff469eb797e5bef624d863) -Signed-off-by: Sachin Prabhu ---- - getcifsacl.c | 8 ++++++-- - 1 file changed, 6 insertions(+), 2 deletions(-) - -diff --git a/getcifsacl.c b/getcifsacl.c -index f08cdea..aaf15fa 100644 ---- a/getcifsacl.c -+++ b/getcifsacl.c -@@ -398,8 +398,12 @@ cifsacl: - free(attrval); - bufsize += BUFSIZE; - goto cifsacl; -- } else -- printf("getxattr error: %d\n", errno); -+ } else { -+ fprintf(stderr, "getxattr failed on %s: %s\n", filename, strerror(errno) ); -+ free(attrval); -+ ret = -1; -+ goto out; -+ } - } - - parse_sec_desc((struct cifs_ntsd *)attrval, attrlen, raw); --- -1.8.3.1 - diff --git a/SOURCES/0015-getcifsacl-Improve-help-usage-and-add-h-option.patch b/SOURCES/0015-getcifsacl-Improve-help-usage-and-add-h-option.patch deleted file mode 100644 index 9305693..0000000 --- a/SOURCES/0015-getcifsacl-Improve-help-usage-and-add-h-option.patch +++ /dev/null @@ -1,82 +0,0 @@ -From efff67c46ffeb0de69259e6c5cb9c4f6b82a860a Mon Sep 17 00:00:00 2001 -From: Kenneth D'souza -Date: Thu, 21 Feb 2019 10:39:25 +0530 -Subject: [PATCH 15/36] getcifsacl: Improve help usage and add -h option. - -Call getcifsacl_usage only for -h and default case. -For others error out with appropriate message. - -Signed-off-by: Kenneth D'souza -(cherry picked from commit ea9b99cf17a949edbe368301881a353d27018847) -Signed-off-by: Sachin Prabhu ---- - getcifsacl.c | 27 ++++++++++++++++++--------- - 1 file changed, 18 insertions(+), 9 deletions(-) - -diff --git a/getcifsacl.c b/getcifsacl.c -index aaf15fa..fc78881 100644 ---- a/getcifsacl.c -+++ b/getcifsacl.c -@@ -40,6 +40,7 @@ - - static void *plugin_handle; - static bool plugin_loaded; -+static char *execname; - - static void - print_each_ace_mask(uint32_t mask) -@@ -331,6 +332,8 @@ getcifsacl_usage(const char *prog) - prog); - fprintf(stderr, "Usage: %s [option] \n", prog); - fprintf(stderr, "Valid options:\n"); -+ fprintf(stderr, "\t-h Display this help text\n"); -+ fprintf(stderr, "\n"); - fprintf(stderr, "\t-v Version of the program\n"); - fprintf(stderr, "\n"); - fprintf(stderr, "\t-r Display raw values of the ACE fields\n"); -@@ -345,8 +348,15 @@ main(const int argc, char *const argv[]) - ssize_t attrlen; - size_t bufsize = BUFSIZE; - char *filename, *attrval; -+ execname = basename(argv[0]); -+ -+ if (argc < 2) { -+ fprintf(stderr, "%s: you must specify a filename.\n", execname); -+ printf("Try `getcifsacl -h' for more information.\n"); -+ goto out; -+ } - -- while ((c = getopt_long(argc, argv, "r:v", NULL, NULL)) != -1) { -+ while ((c = getopt_long(argc, argv, "rhv", NULL, NULL)) != -1) { - switch (c) { - case 'v': - printf("Version: %s\n", VERSION); -@@ -355,18 +365,17 @@ main(const int argc, char *const argv[]) - raw = true; - break; - default: -- break; -+ getcifsacl_usage(execname); -+ goto out; - } - } - -- if (raw && argc == 3) -- filename = argv[2]; -- else if (argc == 2) -- filename = argv[1]; -- else { -- getcifsacl_usage(basename(argv[0])); -+ if (optind >= argc) { -+ printf("you must specify a filename after options.\n"); -+ printf("Usage: getcifsacl [option] \n"); - goto out; -- } -+ } else -+ filename = argv[optind]; - - if (!raw && !plugin_loaded) { - ret = init_plugin(&plugin_handle); --- -1.8.3.1 - diff --git a/SOURCES/0016-setcifsacl-fix-adding-ACE-when-owner-sid-in-unexpect.patch b/SOURCES/0016-setcifsacl-fix-adding-ACE-when-owner-sid-in-unexpect.patch deleted file mode 100644 index b613ddb..0000000 --- a/SOURCES/0016-setcifsacl-fix-adding-ACE-when-owner-sid-in-unexpect.patch +++ /dev/null @@ -1,63 +0,0 @@ -From 5053ec60ea609bbb5499e8359681fe998c3d4d68 Mon Sep 17 00:00:00 2001 -From: Steve French -Date: Fri, 1 Mar 2019 23:11:25 -0600 -Subject: [PATCH 16/36] setcifsacl: fix adding ACE when owner sid in unexpected - location - -If owner information is after the ACEs instead of before (e.g. Azure servers) in the ACL query -then we would get "invalid argument" returned on setcifsacl -a (adding an ACE). - -This fixes that. - -Signed-off-by: Steve French -(cherry picked from commit 0feb1a80f3777f4c244b46958aa9f730de9e18b6) -Signed-off-by: Sachin Prabhu ---- - setcifsacl.c | 29 ++++++++++++++++++++++++----- - 1 file changed, 24 insertions(+), 5 deletions(-) - -diff --git a/setcifsacl.c b/setcifsacl.c -index ba34403..1b98c37 100644 ---- a/setcifsacl.c -+++ b/setcifsacl.c -@@ -106,13 +106,32 @@ copy_sec_desc(const struct cifs_ntsd *pntsd, struct cifs_ntsd *pnntsd, - - /* copy owner sid */ - owner_sid_ptr = (struct cifs_sid *)((char *)pntsd + osidsoffset); -- nowner_sid_ptr = (struct cifs_sid *)((char *)pnntsd + osidsoffset); -- size = copy_cifs_sid(nowner_sid_ptr, owner_sid_ptr); -- bufsize += size; -+ group_sid_ptr = (struct cifs_sid *)((char *)pntsd + gsidsoffset); -+ /* -+ * some servers like Azure return the owner and group SIDs at end rather -+ * than at the beginning of the ACL so don't want to overwrite the last ACEs -+ */ -+ if (dacloffset <= osidsoffset) { -+ /* owners placed at end of ACL */ -+ nowner_sid_ptr = (struct cifs_sid *)((char *)pnntsd + dacloffset + size); -+ pnntsd->osidoffset = dacloffset + size; -+ size = copy_cifs_sid(nowner_sid_ptr, owner_sid_ptr); -+ bufsize += size; -+ /* put group SID after owner SID */ -+ ngroup_sid_ptr = (struct cifs_sid *)((char *)nowner_sid_ptr + size); -+ pnntsd->gsidoffset = pnntsd->osidoffset + size; -+ } else { -+ /* -+ * Most servers put the owner information at the beginning, -+ * before the ACL -+ */ -+ nowner_sid_ptr = (struct cifs_sid *)((char *)pnntsd + osidsoffset); -+ size = copy_cifs_sid(nowner_sid_ptr, owner_sid_ptr); -+ bufsize += size; -+ ngroup_sid_ptr = (struct cifs_sid *)((char *)pnntsd + gsidsoffset); -+ } - - /* copy group sid */ -- group_sid_ptr = (struct cifs_sid *)((char *)pntsd + gsidsoffset); -- ngroup_sid_ptr = (struct cifs_sid *)((char *)pnntsd + gsidsoffset); - size = copy_cifs_sid(ngroup_sid_ptr, group_sid_ptr); - bufsize += size; - --- -1.8.3.1 - diff --git a/SOURCES/0017-cifs.upcall-fix-a-compiler-warning.patch b/SOURCES/0017-cifs.upcall-fix-a-compiler-warning.patch deleted file mode 100644 index ed78516..0000000 --- a/SOURCES/0017-cifs.upcall-fix-a-compiler-warning.patch +++ /dev/null @@ -1,27 +0,0 @@ -From e762faa6943c90e6b593c13b3962af16cdf20d2c Mon Sep 17 00:00:00 2001 -From: Pavel Shilovsky -Date: Sat, 16 Mar 2019 12:34:13 -0700 -Subject: [PATCH 17/36] cifs.upcall: fix a compiler warning - -Signed-off-by: Pavel Shilovsky -(cherry picked from commit 2244e109ae30aeb0a21deaa591f6e11fa2039e7d) -Signed-off-by: Sachin Prabhu ---- - cifs.upcall.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/cifs.upcall.c b/cifs.upcall.c -index c92ee62..1559434 100644 ---- a/cifs.upcall.c -+++ b/cifs.upcall.c -@@ -126,6 +126,7 @@ drop_all_capabilities(void) - static int - trim_capabilities(bool unused) - { -+ (void)unused; - return 0; - } - --- -1.8.3.1 - diff --git a/SOURCES/0018-mount.cifs-Add-various-missing-parms-from-the-help-t.patch b/SOURCES/0018-mount.cifs-Add-various-missing-parms-from-the-help-t.patch deleted file mode 100644 index 3787770..0000000 --- a/SOURCES/0018-mount.cifs-Add-various-missing-parms-from-the-help-t.patch +++ /dev/null @@ -1,55 +0,0 @@ -From 3c6a5d30cb3eb3f2f12415c1797b8f7802652b17 Mon Sep 17 00:00:00 2001 -From: Steve French -Date: Tue, 2 Apr 2019 21:18:27 -0500 -Subject: [PATCH 18/36] mount.cifs Add various missing parms from the help text - -When you type mount.cifs --help there were more than 40 mount parms -missing. Add 12 of the more common ones to what is displayed by help. - -Signed-off-by: Steve French -Reviewed-by: Paulo Alcantara -(cherry picked from commit 83c6472020afc3db0c63b65e7b67d65a61f3a12e) -Signed-off-by: Sachin Prabhu ---- - mount.cifs.c | 14 +++++++++++--- - 1 file changed, 11 insertions(+), 3 deletions(-) - -diff --git a/mount.cifs.c b/mount.cifs.c -index 9370f2e..d921fed 100644 ---- a/mount.cifs.c -+++ b/mount.cifs.c -@@ -269,20 +269,28 @@ static int mount_usage(FILE * stream) - fprintf(stream, - "\n\tmapchars,nomapchars,nolock,servernetbiosname="); - fprintf(stream, -- "\n\tdirectio,nounix,cifsacl,sec=,sign,seal,fsc"); -+ "\n\tdirectio,nounix,cifsacl,sec=,sign,seal,fsc,"); -+ fprintf(stream, -+ "\n\tsnapshot=