diff --git a/.cifs-utils.metadata b/.cifs-utils.metadata new file mode 100644 index 0000000..b0eb8bc --- /dev/null +++ b/.cifs-utils.metadata @@ -0,0 +1 @@ +4d920f66d0ee039c75eb852886a8982b51e5ed50 SOURCES/cifs-utils-6.2.tar.bz2 diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..bc28d4d --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/cifs-utils-6.2.tar.bz2 diff --git a/SOURCES/0001-asn1-fix-use-after-free-in-asn1_write.patch b/SOURCES/0001-asn1-fix-use-after-free-in-asn1_write.patch new file mode 100644 index 0000000..ff9be39 --- /dev/null +++ b/SOURCES/0001-asn1-fix-use-after-free-in-asn1_write.patch @@ -0,0 +1,30 @@ +From 3aa83995d7c0ef632fe0af3d032e48691a5ce781 Mon Sep 17 00:00:00 2001 +From: Jeff Layton +Date: Sun, 13 Oct 2013 21:07:28 -0400 +Subject: [PATCH] asn1: fix use-after-free in asn1_write + +If the talloc_realloc() fails, asn1_write calls talloc_free on the +context and then immediately dereferences the pointer. + +Fix this by skipping the talloc_free here. Let the caller handle it. + +Signed-off-by: Jeff Layton +--- + asn1.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/asn1.c b/asn1.c +index ea50a23..4c0e480 100644 +--- a/asn1.c ++++ b/asn1.c +@@ -47,7 +47,6 @@ bool asn1_write(struct asn1_data *data, const void *p, int len) + uint8_t *newp; + newp = talloc_realloc(data, data->data, uint8_t, data->ofs+len); + if (!newp) { +- asn1_free(data); + data->has_error = true; + return false; + } +-- +1.8.3.1 + diff --git a/SOURCES/0001-autoconf-Use-DEFS-when-building-idmapwb.so.patch b/SOURCES/0001-autoconf-Use-DEFS-when-building-idmapwb.so.patch new file mode 100644 index 0000000..e119db8 --- /dev/null +++ b/SOURCES/0001-autoconf-Use-DEFS-when-building-idmapwb.so.patch @@ -0,0 +1,40 @@ +From c9f1860e0de31cc4e1e1fa70ef7842fbbee62878 Mon Sep 17 00:00:00 2001 +From: Sachin Prabhu +Date: Thu, 30 Jun 2016 15:47:39 +0100 +Subject: [PATCH] autoconf: Use $(DEFS) when building idmapwb.so + +Partial backport of upstream +7b2b35586d10c04f501222701c3382455a07ff9e + +We do not backport changes to the pam_cifscreds.so module as that is not +included in the RHEL 7 cifs-utils package. + +Original Summary: +We should pass the macros defined in $(DEFS) when building idmapwb.so +and pam_cifscreds.so. The autoconf process sets the macro HAVE_CONFIG_H +using the $(DEFS) variable. This macro has to be defined to allow the +source files to include config.h + +Resolves: bz 1289454 + +Signed-off-by: Sachin Prabhu +--- + Makefile.am | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Makefile.am b/Makefile.am +index 6407520..1c97f45 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -84,7 +84,7 @@ plugin_PROGRAMS = idmapwb.so + man_MANS += idmapwb.8 + + idmapwb.so: idmapwb.c +- $(CC) $(CFLAGS) $(AM_CFLAGS) $(WBCLIENT_CFLAGS) $(LDFLAGS) -shared -fpic -o $@ $+ $(WBCLIENT_LIBS) ++ $(CC) $(DEFS) $(CFLAGS) $(AM_CFLAGS) $(WBCLIENT_CFLAGS) $(LDFLAGS) -shared -fpic -o $@ $+ $(WBCLIENT_LIBS) + + idmapwb.8: idmapwb.8.in + $(SED) 's,[@]pluginpath@,$(pluginpath),' $(srcdir)/$@.in > $@-t && mv $@-t $@ +-- +2.5.5 + diff --git a/SOURCES/0001-autoconf-fix-link-of-libwbclient.patch b/SOURCES/0001-autoconf-fix-link-of-libwbclient.patch new file mode 100644 index 0000000..0fd100b --- /dev/null +++ b/SOURCES/0001-autoconf-fix-link-of-libwbclient.patch @@ -0,0 +1,38 @@ +From 38fdc7aff2991fd43f0b98fb0bacbc574477449c Mon Sep 17 00:00:00 2001 +From: Jeff Layton +Date: Sat, 7 Dec 2013 08:54:59 -0500 +Subject: [PATCH 1/5] autoconf: fix link of libwbclient + +It's currently getting added to $LIBS and being linked into places that +we don't need it. + +Signed-off-by: Jeff Layton +(cherry picked from commit 2152ccc3d61e5248c70360020a0aa279a24f852c) +Signed-off-by: Sachin Prabhu +--- + aclocal/idmap.m4 | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/aclocal/idmap.m4 b/aclocal/idmap.m4 +index c5727f6..3ccdae3 100644 +--- a/aclocal/idmap.m4 ++++ b/aclocal/idmap.m4 +@@ -21,6 +21,7 @@ fi + + if test $enable_cifsacl != "no" -o $enable_cifsacl != "no"; then + ac_wbc_save_LDFLAGS="$LDFLAGS" ++ ac_wbc_save_LIBS="$LIBS" + LDFLAGS="$LDFLAGS $WBCLIENT_LIBS" + AC_CHECK_LIB(wbclient, wbcSidsToUnixIds, , [ + if test "$enable_cifsidmap" = "yes"; then +@@ -37,6 +38,7 @@ if test $enable_cifsacl != "no" -o $enable_cifsacl != "no"; then + fi + ]) + LDFLAGS=$ac_wbc_save_LDFLAGS ++ LIBS=$ac_wbc_save_LIBS + fi + + if test $enable_cifsacl != "no"; then +-- +2.5.5 + diff --git a/SOURCES/0001-cifs-use-krb5_kt_default-to-determine-default-keytab.patch b/SOURCES/0001-cifs-use-krb5_kt_default-to-determine-default-keytab.patch new file mode 100644 index 0000000..33ca920 --- /dev/null +++ b/SOURCES/0001-cifs-use-krb5_kt_default-to-determine-default-keytab.patch @@ -0,0 +1,58 @@ +From d32db5e1e2c32f0634a26de277fd91daf47ce32d Mon Sep 17 00:00:00 2001 +From: Jeff Layton +Date: Mon, 7 Apr 2014 14:35:17 -0400 +Subject: [PATCH] cifs: use krb5_kt_default() to determine default keytab + location + +...don't assume that it's in /etc/krb5.keytab. + +Reported-by: Konstantin Lepikhov +Signed-off-by: Jeff Layton +(cherry picked from commit a016e18969d10e3c777f35fe21b1c1f8c1d70880) +Signed-off-by: Sachin Prabhu +--- + cifs.upcall.c | 13 +++++++++---- + 1 file changed, 9 insertions(+), 4 deletions(-) + +diff --git a/cifs.upcall.c b/cifs.upcall.c +index cc65824..e8544c2 100644 +--- a/cifs.upcall.c ++++ b/cifs.upcall.c +@@ -55,7 +55,6 @@ + #define CIFS_DEFAULT_KRB5_DIR "/tmp" + #define CIFS_DEFAULT_KRB5_USER_DIR "/run/user/%U" + #define CIFS_DEFAULT_KRB5_PREFIX "krb5cc" +-#define CIFS_DEFAULT_KRB5_KEYTAB "/etc/krb5.keytab" + + #define MAX_CCNAME_LEN PATH_MAX + 5 + +@@ -205,9 +204,15 @@ init_cc_from_keytab(const char *keytab_name, const char *user) + goto icfk_cleanup; + } + +- ret = krb5_kt_resolve(context, keytab_name, &keytab); ++ if (keytab_name) ++ ret = krb5_kt_resolve(context, keytab_name, &keytab); ++ else ++ ret = krb5_kt_default(context, &keytab); ++ + if (ret) { +- syslog(LOG_DEBUG, "krb5_kt_resolve: %d", (int)ret); ++ syslog(LOG_DEBUG, "%s: %d", ++ keytab_name ? "krb5_kt_resolve" : "krb5_kt_default", ++ (int)ret); + goto icfk_cleanup; + } + +@@ -841,7 +846,7 @@ int main(const int argc, char *const argv[]) + struct decoded_args arg; + const char *oid; + uid_t uid; +- char *keytab_name = CIFS_DEFAULT_KRB5_KEYTAB; ++ char *keytab_name = NULL; + time_t best_time = 0; + + hostbuf[0] = '\0'; +-- +1.9.3 + diff --git a/SOURCES/0001-get-setcifsacl-fix-bad-bit-shifts.patch b/SOURCES/0001-get-setcifsacl-fix-bad-bit-shifts.patch new file mode 100644 index 0000000..0e7a6f7 --- /dev/null +++ b/SOURCES/0001-get-setcifsacl-fix-bad-bit-shifts.patch @@ -0,0 +1,50 @@ +From 99d2a5a4517216a63cfdeef3ee30656938b3a98e Mon Sep 17 00:00:00 2001 +From: Jeff Layton +Date: Tue, 8 Oct 2013 21:07:24 -0400 +Subject: [PATCH] get/setcifsacl: fix bad bit-shifts +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +A Coverity scan turned up this warning: + +1. cifs-utils-6.2/setcifsacl.c:578:result_independent_of_operands – "(x & 0xff0000000000ULL) >> 48" is 0 regardless of the values of its operands. This occurs as the operand of assignment. + +...which is entirely true. That shift should be 40 bits, not 48. Also +fix a similar bug in getcifsacl.c. + +Signed-off-by: Jeff Layton +--- + getcifsacl.c | 2 +- + setcifsacl.c | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/getcifsacl.c b/getcifsacl.c +index b8998ef..33f36b4 100644 +--- a/getcifsacl.c ++++ b/getcifsacl.c +@@ -198,7 +198,7 @@ print_sid_raw: + id_auth_val += (unsigned long long)csid->authority[3] << 16; + id_auth_val += (unsigned long long)csid->authority[2] << 24; + id_auth_val += (unsigned long long)csid->authority[1] << 32; +- id_auth_val += (unsigned long long)csid->authority[0] << 48; ++ id_auth_val += (unsigned long long)csid->authority[0] << 40; + + /* + * MS-DTYP states that if the authority is >= 2^32, then it should be +diff --git a/setcifsacl.c b/setcifsacl.c +index ce708eb..7eeeaa6 100644 +--- a/setcifsacl.c ++++ b/setcifsacl.c +@@ -575,7 +575,7 @@ raw_str_to_sid(const char *str, struct cifs_sid *csid) + csid->authority[3] = (x & 0x000000ff0000ULL) >> 16; + csid->authority[2] = (x & 0x0000ff000000ULL) >> 24; + csid->authority[1] = (x & 0x00ff00000000ULL) >> 32; +- csid->authority[0] = (x & 0xff0000000000ULL) >> 48; ++ csid->authority[0] = (x & 0xff0000000000ULL) >> 40; + + /* now read the the subauthorities and store as __le32 vals */ + p = q + 1; +-- +1.8.3.1 + diff --git a/SOURCES/0002-getcifsacl-remove-some-dead-code.patch b/SOURCES/0002-getcifsacl-remove-some-dead-code.patch new file mode 100644 index 0000000..ceee8bf --- /dev/null +++ b/SOURCES/0002-getcifsacl-remove-some-dead-code.patch @@ -0,0 +1,38 @@ +From 930b724e784c28bd1b3024f7fc6ca24cdac82a4d Mon Sep 17 00:00:00 2001 +From: Jeff Layton +Date: Wed, 9 Oct 2013 08:14:21 -0400 +Subject: [PATCH] getcifsacl: remove some dead code + +Coverity says: + +Error: DEADCODE (CWE-561): [#def5] +cifs-utils-6.2/getcifsacl.c:101: assignment: Assigning: "mflags" = "false". +cifs-utils-6.2/getcifsacl.c:109: const: At condition "mflags", the value of "mflags" must be equal to 0. +cifs-utils-6.2/getcifsacl.c:109: dead_error_condition: The condition "mflags" cannot be true. +cifs-utils-6.2/getcifsacl.c:110: dead_error_line: Execution cannot reach this statement "printf("|");". + +Acked-by: Shirish Pargaonkar +Signed-off-by: Jeff Layton +--- + getcifsacl.c | 5 +---- + 1 file changed, 1 insertion(+), 4 deletions(-) + +diff --git a/getcifsacl.c b/getcifsacl.c +index 33f36b4..f08cdea 100644 +--- a/getcifsacl.c ++++ b/getcifsacl.c +@@ -106,10 +106,7 @@ print_ace_flags(uint8_t flags, int raw) + } + + if (flags & OBJECT_INHERIT_FLAG) { +- if (mflags) +- printf("|"); +- else +- mflags = true; ++ mflags = true; + printf("OI"); + } + if (flags & CONTAINER_INHERIT_FLAG) { +-- +1.8.3.1 + diff --git a/SOURCES/0002-mount.cifs-on-2nd-try-mount.cifs-must-also-uppercase.patch b/SOURCES/0002-mount.cifs-on-2nd-try-mount.cifs-must-also-uppercase.patch new file mode 100644 index 0000000..9c4e052 --- /dev/null +++ b/SOURCES/0002-mount.cifs-on-2nd-try-mount.cifs-must-also-uppercase.patch @@ -0,0 +1,37 @@ +From 79b96cd5ed49095ee2b2d7219b5dfa3746505458 Mon Sep 17 00:00:00 2001 +From: Guenter Kukkukk +Date: Tue, 1 Jul 2014 17:43:55 +0200 +Subject: [PATCH 2/5] mount.cifs: on 2nd try mount.cifs must also uppercase + "orig_dev" + +Recent kernels now ignore "unc=..." mount option. mount.cifs, when +getting errno=ENXIO, retries the mount with uppercased hostname, +sharename and prefixpath in the "unc=..." mount option, which is ignored +now in the kernel. Used e.g. during OS/2 mounts, which fail now. + +Also uppercase the now used "orig_dev" parameter. + +Signed-off-by: Guenter Kukkukk +(cherry picked from commit 43fd65ba0fca85a86a79e84bb2bc42b531d858e6) +Signed-off-by: Sachin Prabhu +--- + mount.cifs.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/mount.cifs.c b/mount.cifs.c +index 497665d..3535096 100644 +--- a/mount.cifs.c ++++ b/mount.cifs.c +@@ -2097,7 +2097,8 @@ mount_retry: + if (!already_uppercased && + uppercase_string(parsed_info->host) && + uppercase_string(parsed_info->share) && +- uppercase_string(parsed_info->prefix)) { ++ uppercase_string(parsed_info->prefix) && ++ uppercase_string(orig_dev)) { + fprintf(stderr, + "Retrying with upper case share name\n"); + already_uppercased = 1; +-- +2.5.5 + diff --git a/SOURCES/0003-asn1-remove-some-usused-functions.patch b/SOURCES/0003-asn1-remove-some-usused-functions.patch new file mode 100644 index 0000000..5c357cd --- /dev/null +++ b/SOURCES/0003-asn1-remove-some-usused-functions.patch @@ -0,0 +1,718 @@ +From e877c21f5e2394c8325955c645f214b8868317c8 Mon Sep 17 00:00:00 2001 +From: Jeff Layton +Date: Wed, 9 Oct 2013 08:17:49 -0400 +Subject: [PATCH] asn1: remove some usused functions + +This cuts 30k out of the cifs.upcall binary on my x86_64 box. + +Signed-off-by: Jeff Layton +--- + asn1.c | 638 ----------------------------------------------------------------- + asn1.h | 37 ---- + 2 files changed, 675 deletions(-) + +diff --git a/asn1.c b/asn1.c +index a00c474..ea50a23 100644 +--- a/asn1.c ++++ b/asn1.c +@@ -140,83 +140,6 @@ bool asn1_pop_tag(struct asn1_data *data) + return true; + } + +-/* "i" is the one's complement representation, as is the normal result of an +- * implicit signed->unsigned conversion */ +- +-static bool push_int_bigendian(struct asn1_data *data, unsigned int i, bool negative) +-{ +- uint8_t lowest = i & 0xFF; +- +- i = i >> 8; +- if (i != 0) +- if (!push_int_bigendian(data, i, negative)) +- return false; +- +- if (data->nesting->start+1 == data->ofs) { +- +- /* We did not write anything yet, looking at the highest +- * valued byte */ +- +- if (negative) { +- /* Don't write leading 0xff's */ +- if (lowest == 0xFF) +- return true; +- +- if ((lowest & 0x80) == 0) { +- /* The only exception for a leading 0xff is if +- * the highest bit is 0, which would indicate +- * a positive value */ +- if (!asn1_write_uint8(data, 0xff)) +- return false; +- } +- } else { +- if (lowest & 0x80) { +- /* The highest bit of a positive integer is 1, +- * this would indicate a negative number. Push +- * a 0 to indicate a positive one */ +- if (!asn1_write_uint8(data, 0)) +- return false; +- } +- } +- } +- +- return asn1_write_uint8(data, lowest); +-} +- +-/* write an Integer without the tag framing. Needed for example for the LDAP +- * Abandon Operation */ +- +-bool asn1_write_implicit_Integer(struct asn1_data *data, int i) +-{ +- if (i == -1) { +- /* -1 is special as it consists of all-0xff bytes. In +- push_int_bigendian this is the only case that is not +- properly handled, as all 0xff bytes would be handled as +- leading ones to be ignored. */ +- return asn1_write_uint8(data, 0xff); +- } else { +- return push_int_bigendian(data, i, i<0); +- } +-} +- +- +-/* write an integer */ +-bool asn1_write_Integer(struct asn1_data *data, int i) +-{ +- if (!asn1_push_tag(data, ASN1_INTEGER)) return false; +- if (!asn1_write_implicit_Integer(data, i)) return false; +- return asn1_pop_tag(data); +-} +- +-/* write a BIT STRING */ +-bool asn1_write_BitString(struct asn1_data *data, const void *p, size_t length, uint8_t padding) +-{ +- if (!asn1_push_tag(data, ASN1_BIT_STRING)) return false; +- if (!asn1_write_uint8(data, padding)) return false; +- if (!asn1_write(data, p, length)) return false; +- return asn1_pop_tag(data); +-} +- + bool ber_write_OID_String(TALLOC_CTX *mem_ctx, DATA_BLOB *blob, const char *OID) + { + unsigned int v, v2; +@@ -291,564 +214,3 @@ bool asn1_write_OctetString(struct asn1_data *data, const void *p, size_t length + return !data->has_error; + } + +-/* write a LDAP string */ +-bool asn1_write_LDAPString(struct asn1_data *data, const char *s) +-{ +- asn1_write(data, s, strlen(s)); +- return !data->has_error; +-} +- +-/* write a LDAP string from a DATA_BLOB */ +-bool asn1_write_DATA_BLOB_LDAPString(struct asn1_data *data, const DATA_BLOB *s) +-{ +- asn1_write(data, s->data, s->length); +- return !data->has_error; +-} +- +-/* write a general string */ +-bool asn1_write_GeneralString(struct asn1_data *data, const char *s) +-{ +- asn1_push_tag(data, ASN1_GENERAL_STRING); +- asn1_write_LDAPString(data, s); +- asn1_pop_tag(data); +- return !data->has_error; +-} +- +-bool asn1_write_ContextSimple(struct asn1_data *data, uint8_t num, DATA_BLOB *blob) +-{ +- asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(num)); +- asn1_write(data, blob->data, blob->length); +- asn1_pop_tag(data); +- return !data->has_error; +-} +- +-/* write a BOOLEAN */ +-bool asn1_write_BOOLEAN(struct asn1_data *data, bool v) +-{ +- asn1_push_tag(data, ASN1_BOOLEAN); +- asn1_write_uint8(data, v ? 0xFF : 0); +- asn1_pop_tag(data); +- return !data->has_error; +-} +- +-bool asn1_read_BOOLEAN(struct asn1_data *data, bool *v) +-{ +- uint8_t tmp = 0; +- asn1_start_tag(data, ASN1_BOOLEAN); +- asn1_read_uint8(data, &tmp); +- if (tmp == 0xFF) { +- *v = true; +- } else { +- *v = false; +- } +- asn1_end_tag(data); +- return !data->has_error; +-} +- +-/* write a BOOLEAN in a simple context */ +-bool asn1_write_BOOLEAN_context(struct asn1_data *data, bool v, int context) +-{ +- asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(context)); +- asn1_write_uint8(data, v ? 0xFF : 0); +- asn1_pop_tag(data); +- return !data->has_error; +-} +- +-bool asn1_read_BOOLEAN_context(struct asn1_data *data, bool *v, int context) +-{ +- uint8_t tmp = 0; +- asn1_start_tag(data, ASN1_CONTEXT_SIMPLE(context)); +- asn1_read_uint8(data, &tmp); +- if (tmp == 0xFF) { +- *v = true; +- } else { +- *v = false; +- } +- asn1_end_tag(data); +- return !data->has_error; +-} +- +-/* check a BOOLEAN */ +-bool asn1_check_BOOLEAN(struct asn1_data *data, bool v) +-{ +- uint8_t b = 0; +- +- asn1_read_uint8(data, &b); +- if (b != ASN1_BOOLEAN) { +- data->has_error = true; +- return false; +- } +- asn1_read_uint8(data, &b); +- if (b != v) { +- data->has_error = true; +- return false; +- } +- return !data->has_error; +-} +- +- +-/* load a struct asn1_data structure with a lump of data, ready to be parsed */ +-bool asn1_load(struct asn1_data *data, DATA_BLOB blob) +-{ +- ZERO_STRUCTP(data); +- data->data = (uint8_t *)talloc_memdup(data, blob.data, blob.length); +- if (!data->data) { +- data->has_error = true; +- return false; +- } +- data->length = blob.length; +- return true; +-} +- +-/* Peek into an ASN1 buffer, not advancing the pointer */ +-bool asn1_peek(struct asn1_data *data, void *p, int len) +-{ +- if (data->has_error) +- return false; +- +- if (len < 0 || data->ofs + len < data->ofs || data->ofs + len < len) +- return false; +- +- if ((size_t)data->ofs + len > data->length) { +- /* we need to mark the buffer as consumed, so the caller knows +- this was an out of data error, and not a decode error */ +- data->ofs = data->length; +- return false; +- } +- +- memcpy(p, data->data + data->ofs, len); +- return true; +-} +- +-/* read from a ASN1 buffer, advancing the buffer pointer */ +-bool asn1_read(struct asn1_data *data, void *p, int len) +-{ +- if (!asn1_peek(data, p, len)) { +- data->has_error = true; +- return false; +- } +- +- data->ofs += len; +- return true; +-} +- +-/* read a uint8_t from a ASN1 buffer */ +-bool asn1_read_uint8(struct asn1_data *data, uint8_t *v) +-{ +- return asn1_read(data, v, 1); +-} +- +-bool asn1_peek_uint8(struct asn1_data *data, uint8_t *v) +-{ +- return asn1_peek(data, v, 1); +-} +- +-bool asn1_peek_tag(struct asn1_data *data, uint8_t tag) +-{ +- uint8_t b; +- +- if (asn1_tag_remaining(data) <= 0) { +- return false; +- } +- +- if (!asn1_peek_uint8(data, &b)) +- return false; +- +- return (b == tag); +-} +- +-/* start reading a nested asn1 structure */ +-bool asn1_start_tag(struct asn1_data *data, uint8_t tag) +-{ +- uint8_t b; +- struct nesting *nesting; +- +- if (!asn1_read_uint8(data, &b)) +- return false; +- +- if (b != tag) { +- data->has_error = true; +- return false; +- } +- nesting = talloc(data, struct nesting); +- if (!nesting) { +- data->has_error = true; +- return false; +- } +- +- if (!asn1_read_uint8(data, &b)) { +- return false; +- } +- +- if (b & 0x80) { +- int n = b & 0x7f; +- if (!asn1_read_uint8(data, &b)) +- return false; +- nesting->taglen = b; +- while (n > 1) { +- if (!asn1_read_uint8(data, &b)) +- return false; +- nesting->taglen = (nesting->taglen << 8) | b; +- n--; +- } +- } else { +- nesting->taglen = b; +- } +- nesting->start = data->ofs; +- nesting->next = data->nesting; +- data->nesting = nesting; +- if (asn1_tag_remaining(data) == -1) { +- return false; +- } +- return !data->has_error; +-} +- +-/* stop reading a tag */ +-bool asn1_end_tag(struct asn1_data *data) +-{ +- struct nesting *nesting; +- +- /* make sure we read it all */ +- if (asn1_tag_remaining(data) != 0) { +- data->has_error = true; +- return false; +- } +- +- nesting = data->nesting; +- +- if (!nesting) { +- data->has_error = true; +- return false; +- } +- +- data->nesting = nesting->next; +- talloc_free(nesting); +- return true; +-} +- +-/* work out how many bytes are left in this nested tag */ +-int asn1_tag_remaining(struct asn1_data *data) +-{ +- int remaining; +- if (data->has_error) { +- return -1; +- } +- +- if (!data->nesting) { +- data->has_error = true; +- return -1; +- } +- remaining = data->nesting->taglen - (data->ofs - data->nesting->start); +- if (remaining < 0) { +- data->has_error = true; +- return -1; +- } +- if ((size_t)remaining > data->length - data->ofs) { +- data->has_error = true; +- return -1; +- } +- return remaining; +-} +- +-/** +- * Internal implementation for reading binary OIDs +- * Reading is done as far in the buffer as valid OID +- * till buffer ends or not valid sub-identifier is found. +- */ +-static bool _ber_read_OID_String_impl(TALLOC_CTX *mem_ctx, DATA_BLOB blob, +- const char **OID, size_t *bytes_eaten) +-{ +- unsigned int i; +- uint8_t *b; +- unsigned int v; +- char *tmp_oid = NULL; +- +- if (blob.length < 2) return false; +- +- b = blob.data; +- +- tmp_oid = talloc_asprintf(mem_ctx, "%u", b[0]/40); +- if (!tmp_oid) goto nomem; +- tmp_oid = talloc_asprintf_append_buffer(tmp_oid, ".%u", b[0]%40); +- if (!tmp_oid) goto nomem; +- +- for(i = 1, v = 0; i < blob.length; i++) { +- v = (v<<7) | (b[i]&0x7f); +- if ( ! (b[i] & 0x80)) { +- tmp_oid = talloc_asprintf_append_buffer(tmp_oid, ".%u", v); +- v = 0; +- if (bytes_eaten) +- *bytes_eaten = i+1; +- } +- if (!tmp_oid) goto nomem; +- } +- +- *OID = tmp_oid; +- return true; +- +-nomem: +- return false; +-} +- +-/* read an object ID from a data blob */ +-bool ber_read_OID_String(TALLOC_CTX *mem_ctx, DATA_BLOB blob, const char **OID) +-{ +- size_t bytes_eaten = 0; +- +- if (!_ber_read_OID_String_impl(mem_ctx, blob, OID, &bytes_eaten)) +- return false; +- +- return (bytes_eaten == blob.length); +-} +- +-/* read an object ID from a ASN1 buffer */ +-bool asn1_read_OID(struct asn1_data *data, TALLOC_CTX *mem_ctx, const char **OID) +-{ +- DATA_BLOB blob; +- int len; +- +- if (!asn1_start_tag(data, ASN1_OID)) return false; +- +- len = asn1_tag_remaining(data); +- if (len < 0) { +- data->has_error = true; +- return false; +- } +- +- blob = data_blob(NULL, len); +- if (!blob.data) { +- data->has_error = true; +- return false; +- } +- +- asn1_read(data, blob.data, len); +- asn1_end_tag(data); +- if (data->has_error) { +- data_blob_free(&blob); +- return false; +- } +- +- if (!ber_read_OID_String(mem_ctx, blob, OID)) { +- data->has_error = true; +- data_blob_free(&blob); +- return false; +- } +- +- data_blob_free(&blob); +- return true; +-} +- +-/* check that the next object ID is correct */ +-bool asn1_check_OID(struct asn1_data *data, const char *OID) +-{ +- const char *id; +- +- if (!asn1_read_OID(data, data, &id)) return false; +- +- if (strcmp(id, OID) != 0) { +- talloc_free(discard_const(id)); +- data->has_error = true; +- return false; +- } +- talloc_free(discard_const(id)); +- return true; +-} +- +-/* read a LDAPString from a ASN1 buffer */ +-bool asn1_read_LDAPString(struct asn1_data *data, TALLOC_CTX *mem_ctx, char **s) +-{ +- int len; +- len = asn1_tag_remaining(data); +- if (len < 0) { +- data->has_error = true; +- return false; +- } +- *s = talloc_array(mem_ctx, char, len+1); +- if (! *s) { +- data->has_error = true; +- return false; +- } +- asn1_read(data, *s, len); +- (*s)[len] = 0; +- return !data->has_error; +-} +- +- +-/* read a GeneralString from a ASN1 buffer */ +-bool asn1_read_GeneralString(struct asn1_data *data, TALLOC_CTX *mem_ctx, char **s) +-{ +- if (!asn1_start_tag(data, ASN1_GENERAL_STRING)) return false; +- if (!asn1_read_LDAPString(data, mem_ctx, s)) return false; +- return asn1_end_tag(data); +-} +- +- +-/* read a octet string blob */ +-bool asn1_read_OctetString(struct asn1_data *data, TALLOC_CTX *mem_ctx, DATA_BLOB *blob) +-{ +- int len; +- ZERO_STRUCTP(blob); +- if (!asn1_start_tag(data, ASN1_OCTET_STRING)) return false; +- len = asn1_tag_remaining(data); +- if (len < 0) { +- data->has_error = true; +- return false; +- } +- *blob = data_blob_talloc(mem_ctx, NULL, len+1); +- if (!blob->data) { +- data->has_error = true; +- return false; +- } +- asn1_read(data, blob->data, len); +- asn1_end_tag(data); +- blob->length--; +- blob->data[len] = 0; +- +- if (data->has_error) { +- data_blob_free(blob); +- *blob = data_blob_null; +- return false; +- } +- return true; +-} +- +-bool asn1_read_ContextSimple(struct asn1_data *data, uint8_t num, DATA_BLOB *blob) +-{ +- int len; +- ZERO_STRUCTP(blob); +- if (!asn1_start_tag(data, ASN1_CONTEXT_SIMPLE(num))) return false; +- len = asn1_tag_remaining(data); +- if (len < 0) { +- data->has_error = true; +- return false; +- } +- *blob = data_blob(NULL, len); +- if ((len != 0) && (!blob->data)) { +- data->has_error = true; +- return false; +- } +- asn1_read(data, blob->data, len); +- asn1_end_tag(data); +- return !data->has_error; +-} +- +-/* read an integer without tag*/ +-bool asn1_read_implicit_Integer(struct asn1_data *data, int *i) +-{ +- uint8_t b; +- *i = 0; +- +- while (!data->has_error && asn1_tag_remaining(data)>0) { +- if (!asn1_read_uint8(data, &b)) return false; +- *i = (*i << 8) + b; +- } +- return !data->has_error; +- +-} +- +-/* read an integer */ +-bool asn1_read_Integer(struct asn1_data *data, int *i) +-{ +- *i = 0; +- +- if (!asn1_start_tag(data, ASN1_INTEGER)) return false; +- if (!asn1_read_implicit_Integer(data, i)) return false; +- return asn1_end_tag(data); +-} +- +-/* read a BIT STRING */ +-bool asn1_read_BitString(struct asn1_data *data, TALLOC_CTX *mem_ctx, DATA_BLOB *blob, uint8_t *padding) +-{ +- int len; +- ZERO_STRUCTP(blob); +- if (!asn1_start_tag(data, ASN1_BIT_STRING)) return false; +- len = asn1_tag_remaining(data); +- if (len < 0) { +- data->has_error = true; +- return false; +- } +- if (!asn1_read_uint8(data, padding)) return false; +- +- *blob = data_blob_talloc(mem_ctx, NULL, len); +- if (!blob->data) { +- data->has_error = true; +- return false; +- } +- if (asn1_read(data, blob->data, len - 1)) { +- blob->length--; +- blob->data[len] = 0; +- asn1_end_tag(data); +- } +- +- if (data->has_error) { +- data_blob_free(blob); +- *blob = data_blob_null; +- *padding = 0; +- return false; +- } +- return true; +-} +- +-/* read an integer */ +-bool asn1_read_enumerated(struct asn1_data *data, int *v) +-{ +- *v = 0; +- +- if (!asn1_start_tag(data, ASN1_ENUMERATED)) return false; +- while (!data->has_error && asn1_tag_remaining(data)>0) { +- uint8_t b; +- asn1_read_uint8(data, &b); +- *v = (*v << 8) + b; +- } +- return asn1_end_tag(data); +-} +- +-/* check a enumerated value is correct */ +-bool asn1_check_enumerated(struct asn1_data *data, int v) +-{ +- uint8_t b; +- if (!asn1_start_tag(data, ASN1_ENUMERATED)) return false; +- asn1_read_uint8(data, &b); +- asn1_end_tag(data); +- +- if (v != b) +- data->has_error = false; +- +- return !data->has_error; +-} +- +-/* write an enumerated value to the stream */ +-bool asn1_write_enumerated(struct asn1_data *data, uint8_t v) +-{ +- if (!asn1_push_tag(data, ASN1_ENUMERATED)) return false; +- asn1_write_uint8(data, v); +- asn1_pop_tag(data); +- return !data->has_error; +-} +- +-/* +- Get us the data just written without copying +-*/ +-bool asn1_blob(const struct asn1_data *asn1, DATA_BLOB *blob) +-{ +- if (asn1->has_error) { +- return false; +- } +- if (asn1->nesting != NULL) { +- return false; +- } +- blob->data = asn1->data; +- blob->length = asn1->length; +- return true; +-} +- +-/* +- Fill in an asn1 struct without making a copy +-*/ +-void asn1_load_nocopy(struct asn1_data *data, uint8_t *buf, size_t len) +-{ +- ZERO_STRUCTP(data); +- data->data = buf; +- data->length = len; +-} +- +diff --git a/asn1.h b/asn1.h +index 615041f..a773885 100644 +--- a/asn1.h ++++ b/asn1.h +@@ -58,44 +58,7 @@ bool asn1_write(struct asn1_data *data, const void *p, int len); + bool asn1_write_uint8(struct asn1_data *data, uint8_t v); + bool asn1_push_tag(struct asn1_data *data, uint8_t tag); + bool asn1_pop_tag(struct asn1_data *data); +-bool asn1_write_implicit_Integer(struct asn1_data *data, int i); +-bool asn1_write_Integer(struct asn1_data *data, int i); +-bool asn1_write_BitString(struct asn1_data *data, const void *p, size_t length, uint8_t padding); + bool ber_write_OID_String(TALLOC_CTX *mem_ctx, DATA_BLOB *blob, const char *OID); + bool asn1_write_OID(struct asn1_data *data, const char *OID); + bool asn1_write_OctetString(struct asn1_data *data, const void *p, size_t length); +-bool asn1_write_LDAPString(struct asn1_data *data, const char *s); +-bool asn1_write_DATA_BLOB_LDAPString(struct asn1_data *data, const DATA_BLOB *s); +-bool asn1_write_GeneralString(struct asn1_data *data, const char *s); +-bool asn1_write_ContextSimple(struct asn1_data *data, uint8_t num, DATA_BLOB *blob); +-bool asn1_write_BOOLEAN(struct asn1_data *data, bool v); +-bool asn1_read_BOOLEAN(struct asn1_data *data, bool *v); +-bool asn1_check_BOOLEAN(struct asn1_data *data, bool v); +-bool asn1_write_BOOLEAN_context(struct asn1_data *data, bool v, int context); +-bool asn1_read_BOOLEAN_context(struct asn1_data *data, bool *v, int context); +-bool asn1_load(struct asn1_data *data, DATA_BLOB blob); +-bool asn1_peek(struct asn1_data *data, void *p, int len); +-bool asn1_read(struct asn1_data *data, void *p, int len); +-bool asn1_read_uint8(struct asn1_data *data, uint8_t *v); +-bool asn1_peek_uint8(struct asn1_data *data, uint8_t *v); +-bool asn1_peek_tag(struct asn1_data *data, uint8_t tag); +-bool asn1_start_tag(struct asn1_data *data, uint8_t tag); +-bool asn1_end_tag(struct asn1_data *data); +-int asn1_tag_remaining(struct asn1_data *data); +-bool ber_read_OID_String(TALLOC_CTX *mem_ctx, DATA_BLOB blob, const char **OID); +-bool asn1_read_OID(struct asn1_data *data, TALLOC_CTX *mem_ctx, const char **OID); +-bool asn1_check_OID(struct asn1_data *data, const char *OID); +-bool asn1_read_LDAPString(struct asn1_data *data, TALLOC_CTX *mem_ctx, char **s); +-bool asn1_read_GeneralString(struct asn1_data *data, TALLOC_CTX *mem_ctx, char **s); +-bool asn1_read_OctetString(struct asn1_data *data, TALLOC_CTX *mem_ctx, DATA_BLOB *blob); +-bool asn1_read_ContextSimple(struct asn1_data *data, uint8_t num, DATA_BLOB *blob); +-bool asn1_read_implicit_Integer(struct asn1_data *data, int *i); +-bool asn1_read_Integer(struct asn1_data *data, int *i); +-bool asn1_read_BitString(struct asn1_data *data, TALLOC_CTX *mem_ctx, DATA_BLOB *blob, uint8_t *padding); +-bool asn1_read_enumerated(struct asn1_data *data, int *v); +-bool asn1_check_enumerated(struct asn1_data *data, int v); +-bool asn1_write_enumerated(struct asn1_data *data, uint8_t v); +-bool asn1_blob(const struct asn1_data *asn1, DATA_BLOB *blob); +-void asn1_load_nocopy(struct asn1_data *data, uint8_t *buf, size_t len); +- + #endif /* _ASN_1_H */ +-- +1.8.3.1 + diff --git a/SOURCES/0003-mtab.c-include-paths.h-for-_PATH_MOUNTED.patch b/SOURCES/0003-mtab.c-include-paths.h-for-_PATH_MOUNTED.patch new file mode 100644 index 0000000..b8f910f --- /dev/null +++ b/SOURCES/0003-mtab.c-include-paths.h-for-_PATH_MOUNTED.patch @@ -0,0 +1,27 @@ +From d21be1c7ef96bad7aa2a38791def4f562a8f56a8 Mon Sep 17 00:00:00 2001 +From: Felix Janda +Date: Fri, 5 Dec 2014 23:19:29 +0100 +Subject: [PATCH 3/5] mtab.c: include for _PATH_MOUNTED + +Signed-off-by: Felix Janda +(cherry picked from commit 6603cef0f06c450196a1bca06bb143d8fcda5651) +Signed-off-by: Sachin Prabhu +--- + mtab.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/mtab.c b/mtab.c +index 7b365b3..a662a3c 100644 +--- a/mtab.c ++++ b/mtab.c +@@ -38,6 +38,7 @@ + #include + #include + #include ++#include + #include "mount.h" + #include "config.h" + +-- +2.5.5 + diff --git a/SOURCES/0004-data_blob-clean-out-unused-functions.patch b/SOURCES/0004-data_blob-clean-out-unused-functions.patch new file mode 100644 index 0000000..a33a0b3 --- /dev/null +++ b/SOURCES/0004-data_blob-clean-out-unused-functions.patch @@ -0,0 +1,276 @@ +From 9f1c0722a3e20047bcffe3a43f229e891da8c01b Mon Sep 17 00:00:00 2001 +From: Jeff Layton +Date: Wed, 9 Oct 2013 09:05:22 -0400 +Subject: [PATCH] data_blob: clean out unused functions + +Cut another 6k or so out of the cifs.upcall binary. + +Signed-off-by: Jeff Layton +--- + data_blob.c | 168 ------------------------------------------------------------ + data_blob.h | 62 ---------------------- + 2 files changed, 230 deletions(-) + +diff --git a/data_blob.c b/data_blob.c +index 16c78ce..834d810 100644 +--- a/data_blob.c ++++ b/data_blob.c +@@ -71,18 +71,6 @@ _PUBLIC_ DATA_BLOB data_blob_talloc_named(TALLOC_CTX *mem_ctx, const void *p, si + } + + /** +- construct a zero data blob, using supplied TALLOC_CTX. +- use this sparingly as it initialises data - better to initialise +- yourself if you want specific data in the blob +-**/ +-_PUBLIC_ DATA_BLOB data_blob_talloc_zero(TALLOC_CTX *mem_ctx, size_t length) +-{ +- DATA_BLOB blob = data_blob_talloc(mem_ctx, NULL, length); +- data_blob_clear(&blob); +- return blob; +-} +- +-/** + free a data blob + **/ + _PUBLIC_ void data_blob_free(DATA_BLOB *d) +@@ -94,159 +82,3 @@ _PUBLIC_ void data_blob_free(DATA_BLOB *d) + } + } + +-/** +-clear a DATA_BLOB's contents +-**/ +-_PUBLIC_ void data_blob_clear(DATA_BLOB *d) +-{ +- if (d->data) { +- memset(d->data, 0, d->length); +- } +-} +- +-/** +-free a data blob and clear its contents +-**/ +-_PUBLIC_ void data_blob_clear_free(DATA_BLOB *d) +-{ +- data_blob_clear(d); +- data_blob_free(d); +-} +- +- +-/** +-check if two data blobs are equal +-**/ +-_PUBLIC_ int data_blob_cmp(const DATA_BLOB *d1, const DATA_BLOB *d2) +-{ +- int ret; +- if (d1->data == NULL && d2->data != NULL) { +- return -1; +- } +- if (d1->data != NULL && d2->data == NULL) { +- return 1; +- } +- if (d1->data == d2->data) { +- return d1->length - d2->length; +- } +- ret = memcmp(d1->data, d2->data, MIN(d1->length, d2->length)); +- if (ret == 0) { +- return d1->length - d2->length; +- } +- return ret; +-} +- +-/** +-print the data_blob as hex string +-**/ +-_PUBLIC_ char *data_blob_hex_string_lower(TALLOC_CTX *mem_ctx, const DATA_BLOB *blob) +-{ +- unsigned int i; +- char *hex_string; +- +- hex_string = talloc_array(mem_ctx, char, (blob->length*2)+1); +- if (!hex_string) { +- return NULL; +- } +- +- /* this must be lowercase or w2k8 cannot join a samba domain, +- as this routine is used to encode extended DNs and windows +- only accepts lowercase hexadecimal numbers */ +- for (i = 0; i < blob->length; i++) +- slprintf(&hex_string[i*2], 3, "%02x", blob->data[i]); +- +- hex_string[(blob->length*2)] = '\0'; +- return hex_string; +-} +- +-_PUBLIC_ char *data_blob_hex_string_upper(TALLOC_CTX *mem_ctx, const DATA_BLOB *blob) +-{ +- unsigned int i; +- char *hex_string; +- +- hex_string = talloc_array(mem_ctx, char, (blob->length*2)+1); +- if (!hex_string) { +- return NULL; +- } +- +- for (i = 0; i < blob->length; i++) +- slprintf(&hex_string[i*2], 3, "%02X", blob->data[i]); +- +- hex_string[(blob->length*2)] = '\0'; +- return hex_string; +-} +- +-/** +- useful for constructing data blobs in test suites, while +- avoiding const warnings +-**/ +-_PUBLIC_ DATA_BLOB data_blob_string_const(const char *str) +-{ +- DATA_BLOB blob; +- blob.data = discard_const_p(uint8_t, str); +- blob.length = str ? strlen(str) : 0; +- return blob; +-} +- +-/** +- useful for constructing data blobs in test suites, while +- avoiding const warnings +-**/ +-_PUBLIC_ DATA_BLOB data_blob_string_const_null(const char *str) +-{ +- DATA_BLOB blob; +- blob.data = discard_const_p(uint8_t, str); +- blob.length = str ? strlen(str)+1 : 0; +- return blob; +-} +- +-/** +- * Create a new data blob from const data +- */ +- +-_PUBLIC_ DATA_BLOB data_blob_const(const void *p, size_t length) +-{ +- DATA_BLOB blob; +- blob.data = discard_const_p(uint8_t, p); +- blob.length = length; +- return blob; +-} +- +- +-/** +- realloc a data_blob +-**/ +-_PUBLIC_ bool data_blob_realloc(TALLOC_CTX *mem_ctx, DATA_BLOB *blob, size_t length) +-{ +- blob->data = talloc_realloc(mem_ctx, blob->data, uint8_t, length); +- if (blob->data == NULL) +- return false; +- blob->length = length; +- return true; +-} +- +- +-/** +- append some data to a data blob +-**/ +-_PUBLIC_ bool data_blob_append(TALLOC_CTX *mem_ctx, DATA_BLOB *blob, +- const void *p, size_t length) +-{ +- size_t old_len = blob->length; +- size_t new_len = old_len + length; +- if (new_len < length || new_len < old_len) { +- return false; +- } +- +- if ((const uint8_t *)p + length < (const uint8_t *)p) { +- return false; +- } +- +- if (!data_blob_realloc(mem_ctx, blob, new_len)) { +- return false; +- } +- +- memcpy(blob->data + old_len, p, length); +- return true; +-} +- +diff --git a/data_blob.h b/data_blob.h +index 83e6cd5..ccdf30d 100644 +--- a/data_blob.h ++++ b/data_blob.h +@@ -61,72 +61,10 @@ _PUBLIC_ DATA_BLOB data_blob_named(const void *p, size_t length, const char *nam + _PUBLIC_ DATA_BLOB data_blob_talloc_named(TALLOC_CTX *mem_ctx, const void *p, size_t length, const char *name); + + /** +- construct a zero data blob, using supplied TALLOC_CTX. +- use this sparingly as it initialises data - better to initialise +- yourself if you want specific data in the blob +-**/ +-_PUBLIC_ DATA_BLOB data_blob_talloc_zero(TALLOC_CTX *mem_ctx, size_t length); +- +-/** + free a data blob + **/ + _PUBLIC_ void data_blob_free(DATA_BLOB *d); + +-/** +-clear a DATA_BLOB's contents +-**/ +-_PUBLIC_ void data_blob_clear(DATA_BLOB *d); +- +-/** +-free a data blob and clear its contents +-**/ +-_PUBLIC_ void data_blob_clear_free(DATA_BLOB *d); +- +-/** +-check if two data blobs are equal +-**/ +-_PUBLIC_ int data_blob_cmp(const DATA_BLOB *d1, const DATA_BLOB *d2); +- +-/** +-print the data_blob as hex string +-**/ +-_PUBLIC_ char *data_blob_hex_string_upper(TALLOC_CTX *mem_ctx, const DATA_BLOB *blob); +- +-/** +-print the data_blob as hex string +-**/ +-_PUBLIC_ char *data_blob_hex_string_lower(TALLOC_CTX *mem_ctx, const DATA_BLOB *blob); +- +-/** +- useful for constructing data blobs in test suites, while +- avoiding const warnings +-**/ +-_PUBLIC_ DATA_BLOB data_blob_string_const(const char *str); +- +-/** +- useful for constructing data blobs in test suites, while +- avoiding const warnings +- +- includes the terminating null character (as opposed to data_blo_string_const) +-**/ +-_PUBLIC_ DATA_BLOB data_blob_string_const_null(const char *str); +- +-/** +- * Create a new data blob from const data +- */ +-_PUBLIC_ DATA_BLOB data_blob_const(const void *p, size_t length); +- +-/** +- realloc a data_blob +-**/ +-_PUBLIC_ bool data_blob_realloc(TALLOC_CTX *mem_ctx, DATA_BLOB *blob, size_t length); +- +-/** +- append some data to a data blob +-**/ +-_PUBLIC_ bool data_blob_append(TALLOC_CTX *mem_ctx, DATA_BLOB *blob, +- const void *p, size_t length); +- + extern const DATA_BLOB data_blob_null; + + #endif /* _SAMBA_DATABLOB_H_ */ +-- +1.8.3.1 + diff --git a/SOURCES/0004-manpage-clarify-use-of-backupuid-and-backupgid-in-mo.patch b/SOURCES/0004-manpage-clarify-use-of-backupuid-and-backupgid-in-mo.patch new file mode 100644 index 0000000..8e0b2a3 --- /dev/null +++ b/SOURCES/0004-manpage-clarify-use-of-backupuid-and-backupgid-in-mo.patch @@ -0,0 +1,50 @@ +From b54e00beddd4343e746c7ead585ef607dbf48cff Mon Sep 17 00:00:00 2001 +From: Uri Simchoni +Date: Thu, 19 Nov 2015 21:48:15 +0200 +Subject: [PATCH 4/5] manpage: clarify use of backupuid and backupgid in + mount.cifs.8 + +Assert that backup intent shall only be attempted if the user matches +the backupuid or backupgid parameter. + +Signed-off-by: Uri Simchoni +Signed-off-by: Jeff Layton +(cherry picked from commit dd13ac8a25d409a0d3d068b5b2b96f921f2613f2) +Signed-off-by: Sachin Prabhu +--- + mount.cifs.8 | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/mount.cifs.8 b/mount.cifs.8 +index 2643145..af6b097 100644 +--- a/mount.cifs.8 ++++ b/mount.cifs.8 +@@ -310,14 +310,14 @@ for more information\&. + .PP + backupuid=\fIarg\fR + .RS 4 +-Restrict access to files with the backup intent to a user. Either a name or an id must be provided as an argument, there are no default values. ++File access by this user shall be done with the backup intent flag set. Either a name or an id must be provided as an argument, there are no default values. + .sp + See section \fIACCESSING FILES WITH BACKUP INTENT\fR for more details + .RE + .PP + backupgid=\fIarg\fR + .RS 4 +-Restrict access to files with the backup intent to a group. Either a name or an id must be provided as an argument, there are no default values. ++File access by users who are members of this group shall be done with the backup intent flag set. Either a name or an id must be provided as an argument, there are no default values. + .sp + See section \fIACCESSING FILES WITH BACKUP INTENT\fR for more details + .RE +@@ -767,7 +767,7 @@ But the user testuser, if it becomes part of the group Backup Operators, can ope + Any user on the client side who can authenticate as such a user on the server, + can access the files with the backup intent. But it is desirable and preferable for security reasons amongst many, to restrict this special right. + +-The mount option backupuid is used to restrict this special right to a user which is specified by either a name or an id. The mount option backupgid is used to restrict this special right to the users in a group which is specified by either a name or an id. These two mount options can be used together. ++The mount option backupuid is used to restrict this special right to a user which is specified by either a name or an id. The mount option backupgid is used to restrict this special right to the users in a group which is specified by either a name or an id. Only users maching either backupuid or backupgid shall attempt to access files with backup intent. These two mount options can be used together. + .SH "FILE AND DIRECTORY OWNERSHIP AND PERMISSIONS" + .PP + The core CIFS protocol does not provide unix ownership information or mode for files and directories\&. Because of this, files and directories will generally appear to be owned by whatever values the uid= or gid= options are set, and will have permissions set to the default file_mode and dir_mode for the mount\&. Attempting to change these values via chmod/chown will return success but have no effect\&. +-- +2.5.5 + diff --git a/SOURCES/0005-mount.cifs-fix-bad-free-of-string-returned-by-dirnam.patch b/SOURCES/0005-mount.cifs-fix-bad-free-of-string-returned-by-dirnam.patch new file mode 100644 index 0000000..2573e02 --- /dev/null +++ b/SOURCES/0005-mount.cifs-fix-bad-free-of-string-returned-by-dirnam.patch @@ -0,0 +1,100 @@ +From 7e2e95d0c84bd6960c46f1fa1c8227c50dd7a4b3 Mon Sep 17 00:00:00 2001 +From: Jeff Layton +Date: Thu, 10 Oct 2013 22:05:05 -0400 +Subject: [PATCH] mount.cifs: fix bad free() of string returned by dirname() + +Coverity says: + + Error: CPPCHECK_WARNING: [#def10] + cifs-utils-6.2/mount.cifs.c:1518: error[memleakOnRealloc]: Common realloc mistake: 'mtabdir' nulled but not freed upon failure + +del_mtab has a number of bugs in handling of allocated memory: + +a) the return value of strdup() is not checked + +b) It calls realloc() on a pointer that wasn't returned by an allocation + function (e.g. malloc, calloc, etc.) + +c) If realloc() fails, it doesn't call free() on the original memory + returned by strdup() + +Fix all of these bugs and add newlines to the end of the error messages +in del_mtab. + +Signed-off-by: Jeff Layton +--- + mount.cifs.c | 29 ++++++++++++++++++----------- + 1 file changed, 18 insertions(+), 11 deletions(-) + +diff --git a/mount.cifs.c b/mount.cifs.c +index 7206dcb..497665d 100644 +--- a/mount.cifs.c ++++ b/mount.cifs.c +@@ -1508,23 +1508,29 @@ add_mtab_exit: + static int + del_mtab(char *mountpoint) + { +- int tmprc, rc = 0; ++ int len, tmprc, rc = 0; + FILE *mnttmp, *mntmtab; + struct mntent *mountent; +- char *mtabfile, *mtabdir, *mtabtmpfile; ++ char *mtabfile, *mtabdir, *mtabtmpfile = NULL; + + mtabfile = strdup(MOUNTED); +- mtabdir = dirname(mtabfile); +- mtabdir = realloc(mtabdir, strlen(mtabdir) + strlen(MNT_TMP_FILE) + 2); +- if (!mtabdir) { +- fprintf(stderr, "del_mtab: cannot determine current mtab path"); ++ if (!mtabfile) { ++ fprintf(stderr, "del_mtab: cannot strdup MOUNTED\n"); + rc = EX_FILEIO; + goto del_mtab_exit; + } + +- mtabtmpfile = strcat(mtabdir, MNT_TMP_FILE); ++ mtabdir = dirname(mtabfile); ++ len = strlen(mtabdir) + strlen(MNT_TMP_FILE); ++ mtabtmpfile = malloc(len + 1); + if (!mtabtmpfile) { +- fprintf(stderr, "del_mtab: cannot allocate memory to tmp file"); ++ fprintf(stderr, "del_mtab: cannot allocate memory to tmp file\n"); ++ rc = EX_FILEIO; ++ goto del_mtab_exit; ++ } ++ ++ if (sprintf(mtabtmpfile, "%s%s", mtabdir, MNT_TMP_FILE) != len) { ++ fprintf(stderr, "del_mtab: error writing new string\n"); + rc = EX_FILEIO; + goto del_mtab_exit; + } +@@ -1532,14 +1538,14 @@ del_mtab(char *mountpoint) + atexit(unlock_mtab); + rc = lock_mtab(); + if (rc) { +- fprintf(stderr, "del_mtab: cannot lock mtab"); ++ fprintf(stderr, "del_mtab: cannot lock mtab\n"); + rc = EX_FILEIO; + goto del_mtab_exit; + } + + mtabtmpfile = mktemp(mtabtmpfile); + if (!mtabtmpfile) { +- fprintf(stderr, "del_mtab: cannot setup tmp file destination"); ++ fprintf(stderr, "del_mtab: cannot setup tmp file destination\n"); + rc = EX_FILEIO; + goto del_mtab_exit; + } +@@ -1587,7 +1593,8 @@ del_mtab(char *mountpoint) + + del_mtab_exit: + unlock_mtab(); +- free(mtabdir); ++ free(mtabtmpfile); ++ free(mtabfile); + return rc; + + del_mtab_error: +-- +1.8.3.1 + diff --git a/SOURCES/0005-mount.cifs-ignore-x-mount-options.patch b/SOURCES/0005-mount.cifs-ignore-x-mount-options.patch new file mode 100644 index 0000000..5aa0a09 --- /dev/null +++ b/SOURCES/0005-mount.cifs-ignore-x-mount-options.patch @@ -0,0 +1,42 @@ +From cf3af6ab831129e7f8e50eb00d9a4120e297cf7a Mon Sep 17 00:00:00 2001 +From: Karel Zak +Date: Thu, 7 Jan 2016 11:02:49 +0100 +Subject: [PATCH 5/5] mount.cifs: ignore x-* mount options + +x-* prefix is used for userspace mount options and it's pretty +commonly used to extend fstab configuration in systemd world (e.g. +x-systemd.automount). These options is necessary to ignored. + +The command mount(8) does not pass x-* mount options to mount. +helpers, but in some use-cases it's possible that the cifs helper reads +mount options from fstab or users directly call mount.cifs and copy & past +mount options, etc. + +This patch marks all options prefixed by "x-" as OPT_IGNORE to make +things more robust for end-users. We already uses the same concept for +_netdev. + +Signed-off-by: Karel Zak +Signed-off-by: Jeff Layton +(cherry picked from commit be5046ae3fabca17f19672f7b4019efb6a869298) +Signed-off-by: Sachin Prabhu +--- + mount.cifs.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/mount.cifs.c b/mount.cifs.c +index 3535096..5c5734f 100644 +--- a/mount.cifs.c ++++ b/mount.cifs.c +@@ -756,6 +756,8 @@ static int parse_opt_token(const char *token) + return OPT_BKUPGID; + if (strncmp(token, "nofail", 6) == 0) + return OPT_NOFAIL; ++ if (strncmp(token, "x-", 2) == 0) ++ return OPT_IGNORE; + + return OPT_ERROR; + } +-- +2.5.5 + diff --git a/SOURCES/0007-aclocal-fix-typo-in-idmap.m4.patch b/SOURCES/0007-aclocal-fix-typo-in-idmap.m4.patch new file mode 100644 index 0000000..8ef8633 --- /dev/null +++ b/SOURCES/0007-aclocal-fix-typo-in-idmap.m4.patch @@ -0,0 +1,33 @@ +From 2c907f120c77166e44e645e46a8fa1218f25bb5d Mon Sep 17 00:00:00 2001 +From: Jeff Layton +Date: Tue, 12 Jul 2016 16:53:25 -0400 +Subject: [PATCH 07/12] aclocal: fix typo in idmap.m4 + +We really don't want to do the same check twice. + +Signed-off-by: Jeff Layton +(cherry picked from commit bbbf7133aec555c5d27ee3163d6045ecfc4673d9) + +Resolves bz: 1427337 + +Signed-off-by: Sachin Prabhu +--- + aclocal/idmap.m4 | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/aclocal/idmap.m4 b/aclocal/idmap.m4 +index 3ccdae3..4e16a46 100644 +--- a/aclocal/idmap.m4 ++++ b/aclocal/idmap.m4 +@@ -19,7 +19,7 @@ if test $enable_cifsidmap != "no" -o $enable_cifsacl != "no"; then + ]) + fi + +-if test $enable_cifsacl != "no" -o $enable_cifsacl != "no"; then ++if test $enable_cifsidmap != "no" -o $enable_cifsacl != "no"; then + ac_wbc_save_LDFLAGS="$LDFLAGS" + ac_wbc_save_LIBS="$LIBS" + LDFLAGS="$LDFLAGS $WBCLIENT_LIBS" +-- +2.9.3 + diff --git a/SOURCES/0008-mount.cifs-Removed-extra-comma-in-front-of-domain.patch b/SOURCES/0008-mount.cifs-Removed-extra-comma-in-front-of-domain.patch new file mode 100644 index 0000000..4da6e3a --- /dev/null +++ b/SOURCES/0008-mount.cifs-Removed-extra-comma-in-front-of-domain.patch @@ -0,0 +1,31 @@ +From 19ca816d222899e38e2b74b15ace16669050e475 Mon Sep 17 00:00:00 2001 +From: Germano Percossi +Date: Fri, 18 Nov 2016 18:54:49 +0000 +Subject: [PATCH 08/12] mount.cifs: Removed extra comma in front of domain + +Signed-off-by: Germano Percossi +(cherry picked from commit 76da9405575d484b33eb4e56466366c8dbe87046) + +Resolves bz: 1427337 + +Signed-off-by: Sachin Prabhu +--- + mount.cifs.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/mount.cifs.c b/mount.cifs.c +index 5c5734f..ebb4260 100644 +--- a/mount.cifs.c ++++ b/mount.cifs.c +@@ -1808,7 +1808,7 @@ assemble_mountinfo(struct parsed_mount_info *parsed_info, + if (*parsed_info->options) + strlcat(parsed_info->options, ",", + sizeof(parsed_info->options)); +- strlcat(parsed_info->options, ",domain=", ++ strlcat(parsed_info->options, "domain=", + sizeof(parsed_info->options)); + strlcat(parsed_info->options, parsed_info->domain, + sizeof(parsed_info->options)); +-- +2.9.3 + diff --git a/SOURCES/0009-mount.cifs-Accept-empty-domains-on-the-command-line.patch b/SOURCES/0009-mount.cifs-Accept-empty-domains-on-the-command-line.patch new file mode 100644 index 0000000..a146979 --- /dev/null +++ b/SOURCES/0009-mount.cifs-Accept-empty-domains-on-the-command-line.patch @@ -0,0 +1,70 @@ +From 61ef4ecfa58f28ab7c98bac7ae2a4b826d843204 Mon Sep 17 00:00:00 2001 +From: Germano Percossi +Date: Fri, 18 Nov 2016 18:54:50 +0000 +Subject: [PATCH 09/12] mount.cifs: Accept empty domains on the command line + +If we do not allow empty domains on the command line we are preventing +the kernel module from taking different actions if the domain has not +been specified at all or just passed empty. + +In fact, with this fix the cifs module behaves differently once an empty +domain is passed: the find_domain_name function is not invoked when an +empty domain is passed. + +It is possible to pass both 'domain=' or 'domain=""' even though the +kernel module will accept the former only when associated with the +sloppy option. + +Signed-off-by: Germano Percossi +(cherry picked from commit 57e4e22de7ea79f56471e7eb8cec9db926087f8d) + +Resolves bz: 1427337 + +Signed-off-by: Sachin Prabhu +--- + mount.cifs.c | 15 ++++++++++++--- + 1 file changed, 12 insertions(+), 3 deletions(-) + +diff --git a/mount.cifs.c b/mount.cifs.c +index ebb4260..88a3618 100644 +--- a/mount.cifs.c ++++ b/mount.cifs.c +@@ -189,6 +189,7 @@ struct parsed_mount_info { + unsigned int nomtab:1; + unsigned int verboseflag:1; + unsigned int nofail:1; ++ unsigned int got_domain:1; + }; + + static const char *thisprogram; +@@ -904,9 +905,14 @@ parse_options(const char *data, struct parsed_mount_info *parsed_info) + + /* dom || workgroup */ + case OPT_DOM: +- if (!value || !*value) { +- fprintf(stderr, "CIFS: invalid domain name\n"); +- return EX_USAGE; ++ if (!value) { ++ /* ++ * An empty domain has been passed ++ */ ++ /* not necessary but better safe than.. */ ++ parsed_info->domain[0] = '\0'; ++ parsed_info->got_domain = 1; ++ goto nocopy; + } + if (strnlen(value, sizeof(parsed_info->domain)) >= + sizeof(parsed_info->domain)) { +@@ -1812,6 +1818,9 @@ assemble_mountinfo(struct parsed_mount_info *parsed_info, + sizeof(parsed_info->options)); + strlcat(parsed_info->options, parsed_info->domain, + sizeof(parsed_info->options)); ++ } else if (parsed_info->got_domain) { ++ strlcat(parsed_info->options, ",domain=", ++ sizeof(parsed_info->options)); + } + + assemble_exit: +-- +2.9.3 + diff --git a/SOURCES/0010-mount.cifs-Fixed-command-line-parsing-and-aligned-wi.patch b/SOURCES/0010-mount.cifs-Fixed-command-line-parsing-and-aligned-wi.patch new file mode 100644 index 0000000..b57b924 --- /dev/null +++ b/SOURCES/0010-mount.cifs-Fixed-command-line-parsing-and-aligned-wi.patch @@ -0,0 +1,163 @@ +From 1f82a2588ac4c8975de0ebe52ad84393b8420e5b Mon Sep 17 00:00:00 2001 +From: Germano Percossi +Date: Fri, 18 Nov 2016 18:54:51 +0000 +Subject: [PATCH 10/12] mount.cifs: Fixed command line parsing and aligned with + kernel + +The way token matching was done was consuming the parameters namespace +quickly. For example, anything starting with "dom" was interpreted with +domain, while it could have been a completely different word. The same +is true even for "ro". + +Moreover, many perfectly valid options like "addr" where not accepted. + +The cifs kernel module is very strict when it comes to names: 'dom' and +'domain' are valid while 'domai' is not, so the userspace tool needs to +comply otherwise it becomes very difficult to come up with new names for +options. + +Now, checking is strict and as close as possible to kernel. When it is +not, it is just to avoid breaking compatibility with some users. +However, workg has been removed because it is too lazy and undocumented. + +The only variable left without strict checking is 'x-' because the +intent is to ignore anything starting in that way + +Signed-off-by: Germano Percossi +(cherry picked from commit a1f3acd40b265f134a97a739a6898b3958d206b9) + +Resolves bz: 1427337 + +Signed-off-by: Sachin Prabhu +--- + mount.cifs.c | 82 ++++++++++++++++++++++++++++++++++-------------------------- + 1 file changed, 47 insertions(+), 35 deletions(-) + +diff --git a/mount.cifs.c b/mount.cifs.c +index 88a3618..6eb0e6b 100644 +--- a/mount.cifs.c ++++ b/mount.cifs.c +@@ -689,73 +689,85 @@ static int parse_opt_token(const char *token) + if (token == NULL) + return OPT_ERROR; + +- if (strncmp(token, "users", 5) == 0) ++ /* ++ * token is NULL terminated and contains exactly the ++ * keyword so we can match exactly ++ */ ++ if (strcmp(token, "users") == 0) + return OPT_USERS; +- if (strncmp(token, "user_xattr", 10) == 0) ++ if (strcmp(token, "user_xattr") == 0) + return OPT_USER_XATTR; +- if (strncmp(token, "user", 4) == 0) ++ if (strcmp(token, "user") == 0 || ++ strcmp(token, "username") == 0) + return OPT_USER; +- if (strncmp(token, "pass", 4) == 0) ++ if (strcmp(token, "pass") == 0 || ++ strcmp(token, "password") == 0) + return OPT_PASS; +- if (strncmp(token, "sec", 3) == 0) ++ if (strcmp(token, "sec") == 0) + return OPT_SEC; +- if (strncmp(token, "ip", 2) == 0) ++ if (strcmp(token, "ip") == 0 || ++ strcmp(token, "addr") == 0) + return OPT_IP; +- if (strncmp(token, "unc", 3) == 0 || +- strncmp(token, "target", 6) == 0 || +- strncmp(token, "path", 4) == 0) ++ if (strcmp(token, "unc") == 0 || ++ strcmp(token, "target") == 0 || ++ strcmp(token, "path") == 0) + return OPT_UNC; +- if (strncmp(token, "dom", 3) == 0 || strncmp(token, "workg", 5) == 0) ++ if (strcmp(token, "dom") == 0 || ++ strcmp(token, "domain") == 0 || ++ strcmp(token, "workgroup") == 0) + return OPT_DOM; +- if (strncmp(token, "cred", 4) == 0) ++ if (strcmp(token, "cred") == 0 || /* undocumented */ ++ strcmp(token, "credentials") == 0) + return OPT_CRED; +- if (strncmp(token, "uid", 3) == 0) ++ if (strcmp(token, "uid") == 0) + return OPT_UID; +- if (strncmp(token, "cruid", 5) == 0) ++ if (strcmp(token, "cruid") == 0) + return OPT_CRUID; +- if (strncmp(token, "gid", 3) == 0) ++ if (strcmp(token, "gid") == 0) + return OPT_GID; +- if (strncmp(token, "fmask", 5) == 0) ++ if (strcmp(token, "fmask") == 0) + return OPT_FMASK; +- if (strncmp(token, "file_mode", 9) == 0) ++ if (strcmp(token, "file_mode") == 0) + return OPT_FILE_MODE; +- if (strncmp(token, "dmask", 5) == 0) ++ if (strcmp(token, "dmask") == 0) + return OPT_DMASK; +- if (strncmp(token, "dir_mode", 4) == 0 || strncmp(token, "dirm", 4) == 0) ++ if (strcmp(token, "dir_mode") == 0 || ++ strcmp(token, "dirm") == 0) + return OPT_DIR_MODE; +- if (strncmp(token, "nosuid", 6) == 0) ++ if (strcmp(token, "nosuid") == 0) + return OPT_NO_SUID; +- if (strncmp(token, "suid", 4) == 0) ++ if (strcmp(token, "suid") == 0) + return OPT_SUID; +- if (strncmp(token, "nodev", 5) == 0) ++ if (strcmp(token, "nodev") == 0) + return OPT_NO_DEV; +- if (strncmp(token, "nobrl", 5) == 0 || strncmp(token, "nolock", 6) == 0) ++ if (strcmp(token, "nobrl") == 0 || ++ strcmp(token, "nolock") == 0) + return OPT_NO_LOCK; +- if (strncmp(token, "mand", 4) == 0) ++ if (strcmp(token, "mand") == 0) + return OPT_MAND; +- if (strncmp(token, "nomand", 6) == 0) ++ if (strcmp(token, "nomand") == 0) + return OPT_NOMAND; +- if (strncmp(token, "dev", 3) == 0) ++ if (strcmp(token, "dev") == 0) + return OPT_DEV; +- if (strncmp(token, "noexec", 6) == 0) ++ if (strcmp(token, "noexec") == 0) + return OPT_NO_EXEC; +- if (strncmp(token, "exec", 4) == 0) ++ if (strcmp(token, "exec") == 0) + return OPT_EXEC; +- if (strncmp(token, "guest", 5) == 0) ++ if (strcmp(token, "guest") == 0) + return OPT_GUEST; +- if (strncmp(token, "ro", 2) == 0) ++ if (strcmp(token, "ro") == 0) + return OPT_RO; +- if (strncmp(token, "rw", 2) == 0 && strlen(token) == 2) ++ if (strcmp(token, "rw") == 0) + return OPT_RW; +- if (strncmp(token, "remount", 7) == 0) ++ if (strcmp(token, "remount") == 0) + return OPT_REMOUNT; +- if (strncmp(token, "_netdev", 7) == 0) ++ if (strcmp(token, "_netdev") == 0) + return OPT_IGNORE; +- if (strncmp(token, "backupuid", 9) == 0) ++ if (strcmp(token, "backupuid") == 0) + return OPT_BKUPUID; +- if (strncmp(token, "backupgid", 9) == 0) ++ if (strcmp(token, "backupgid") == 0) + return OPT_BKUPGID; +- if (strncmp(token, "nofail", 6) == 0) ++ if (strcmp(token, "nofail") == 0) + return OPT_NOFAIL; + if (strncmp(token, "x-", 2) == 0) + return OPT_IGNORE; +-- +2.9.3 + diff --git a/SOURCES/0011-mount.cifs-Remove-unneeded-stdbool-header-include.patch b/SOURCES/0011-mount.cifs-Remove-unneeded-stdbool-header-include.patch new file mode 100644 index 0000000..5ebd42f --- /dev/null +++ b/SOURCES/0011-mount.cifs-Remove-unneeded-stdbool-header-include.patch @@ -0,0 +1,30 @@ +From 4a7a8a8a6d3dc9466eb437517d16e8ab0ac52704 Mon Sep 17 00:00:00 2001 +From: Germano Percossi +Date: Fri, 18 Nov 2016 18:54:52 +0000 +Subject: [PATCH 11/12] mount.cifs: Remove unneeded stdbool header include + +Signed-off-by: Germano Percossi +(cherry picked from commit 743301da5bf502197beb1f91f98e11eea9070e4e) + +Resolves bz: 1427337 + +Signed-off-by: Sachin Prabhu +--- + mount.cifs.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/mount.cifs.c b/mount.cifs.c +index 6eb0e6b..b2bcb7f 100644 +--- a/mount.cifs.c ++++ b/mount.cifs.c +@@ -45,7 +45,6 @@ + #include + #include + #include +-#include + #ifdef HAVE_SYS_FSUID_H + #include + #endif /* HAVE_SYS_FSUID_H */ +-- +2.9.3 + diff --git a/SOURCES/0012-manpage-document-mfsymlinks-in-the-mount.cifs-man-pa.patch b/SOURCES/0012-manpage-document-mfsymlinks-in-the-mount.cifs-man-pa.patch new file mode 100644 index 0000000..e181f45 --- /dev/null +++ b/SOURCES/0012-manpage-document-mfsymlinks-in-the-mount.cifs-man-pa.patch @@ -0,0 +1,36 @@ +From d020fbf352ec9c2c4cfd66b8bd1b956e5e8ed9fb Mon Sep 17 00:00:00 2001 +From: Sachin Prabhu +Date: Wed, 4 Jan 2017 07:45:17 -0500 +Subject: [PATCH 12/12] manpage: document mfsymlinks in the mount.cifs man page + +Information from the cifs README in the kernel sources is used. + +Signed-off-by: Sachin Prabhu +(cherry picked from commit d73a52e50d43f07638f34cb860e9824a932508b8) + +Resolves bz: 1252725 + +Signed-off-by: Sachin Prabhu +--- + mount.cifs.8 | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/mount.cifs.8 b/mount.cifs.8 +index af6b097..01579f6 100644 +--- a/mount.cifs.8 ++++ b/mount.cifs.8 +@@ -450,6 +450,11 @@ sfu + When the CIFS Unix Extensions are not negotiated, attempt to create device files and fifos in a format compatible with Services for Unix (SFU)\&. In addition retrieve bits 10\-12 of the mode via the SETFILEBITS extended attribute (as SFU does)\&. In the future the bottom 9 bits of the mode mode also will be emulated using queries of the security descriptor (ACL)\&. [NB: requires version 1\&.39 or later of the CIFS VFS\&. To recognize symlinks and be able to create symlinks in an SFU interoperable form requires version 1\&.40 or later of the CIFS VFS kernel module\&. + .RE + .PP ++mfsymlinks ++.RS 4 ++Enable support for Minshall+French symlinks(see http://wiki.samba.org/index.php/UNIX_Extensions#Minshall.2BFrench_symlinks). This option is ignored when specified together with the 'sfu' option. Minshall+French symlinks are used even if the server supports the CIFS Unix Extensions. ++.RE ++.PP + serverino + .RS 4 + Use inode numbers (unique persistent file identifiers) returned by the server instead of automatically generating temporary inode numbers on the client\&. Although server inode numbers make it easier to spot hardlinked files (as they will have the same inode numbers) and inode numbers may be persistent (which is userful for some sofware), the server does not guarantee that the inode numbers are unique if multiple server side mounts are exported under a single share (since inode numbers on the servers might not be unique if multiple filesystems are mounted under the same shared higher level directory)\&. Note that not all servers support returning server inode numbers, although those that support the CIFS Unix Extensions, and Windows 2000 and later servers typically do support this (although not necessarily on every local server filesystem)\&. Parameter has no effect if the server lacks support for returning inode numbers or equivalent\&. This behavior is enabled by default\&. +-- +2.9.3 + diff --git a/SPECS/cifs-utils.spec b/SPECS/cifs-utils.spec new file mode 100644 index 0000000..afa5de0 --- /dev/null +++ b/SPECS/cifs-utils.spec @@ -0,0 +1,329 @@ +#% define pre_release rc1 +%define pre_release %nil + +Name: cifs-utils +Version: 6.2 +Release: 10%{pre_release}%{?dist} +Summary: Utilities for mounting and managing CIFS mounts + +Group: System Environment/Daemons +License: GPLv3 +URL: http://linux-cifs.samba.org/cifs-utils/ +BuildRoot: %{_tmppath}/%{name}-%{version}%{pre_release}-%{release}-root-%(%{__id_u} -n) + +BuildRequires: libcap-ng-devel libtalloc-devel krb5-devel keyutils-libs-devel autoconf automake libwbclient-devel + +Requires: keyutils +Requires(post): /usr/sbin/alternatives +Requires(preun): /usr/sbin/alternatives + +Source0: ftp://ftp.samba.org/pub/linux-cifs/cifs-utils/%{name}-%{version}%{pre_release}.tar.bz2 +Patch1: 0001-get-setcifsacl-fix-bad-bit-shifts.patch +Patch2: 0002-getcifsacl-remove-some-dead-code.patch +Patch3: 0003-asn1-remove-some-usused-functions.patch +Patch4: 0004-data_blob-clean-out-unused-functions.patch +Patch5: 0005-mount.cifs-fix-bad-free-of-string-returned-by-dirnam.patch +Patch6: 0001-asn1-fix-use-after-free-in-asn1_write.patch +Patch7: 0001-cifs-use-krb5_kt_default-to-determine-default-keytab.patch +Patch8: 0001-autoconf-fix-link-of-libwbclient.patch +Patch9: 0002-mount.cifs-on-2nd-try-mount.cifs-must-also-uppercase.patch +Patch10: 0003-mtab.c-include-paths.h-for-_PATH_MOUNTED.patch +Patch11: 0004-manpage-clarify-use-of-backupuid-and-backupgid-in-mo.patch +Patch12: 0005-mount.cifs-ignore-x-mount-options.patch +Patch13: 0001-autoconf-Use-DEFS-when-building-idmapwb.so.patch +Patch14: 0007-aclocal-fix-typo-in-idmap.m4.patch +Patch15: 0008-mount.cifs-Removed-extra-comma-in-front-of-domain.patch +Patch16: 0009-mount.cifs-Accept-empty-domains-on-the-command-line.patch +Patch17: 0010-mount.cifs-Fixed-command-line-parsing-and-aligned-wi.patch +Patch18: 0011-mount.cifs-Remove-unneeded-stdbool-header-include.patch +Patch19: 0012-manpage-document-mfsymlinks-in-the-mount.cifs-man-pa.patch + +%description +The SMB/CIFS protocol is a standard file sharing protocol widely deployed +on Microsoft Windows machines. This package contains tools for mounting +shares on Linux using the SMB/CIFS protocol. The tools in this package +work in conjunction with support in the kernel to allow one to mount a +SMB/CIFS share onto a client and use it as if it were a standard Linux +file system. + +%package devel +Summary: Files needed for building plugins for cifs-utils +Group: Development/Libraries + +%description devel +The SMB/CIFS protocol is a standard file sharing protocol widely deployed +on Microsoft Windows machines. This package contains the header file +necessary for building ID mapping plugins for cifs-utils. + +%prep +%setup -q -n %{name}-%{version}%{pre_release} +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 +%patch4 -p1 +%patch5 -p1 +%patch6 -p1 +%patch7 -p1 +%patch8 -p1 +%patch9 -p1 +%patch10 -p1 +%patch11 -p1 +%patch12 -p1 +%patch13 -p1 +%patch14 -p1 +%patch15 -p1 +%patch16 -p1 +%patch17 -p1 +%patch18 -p1 +%patch19 -p1 + +%build +%configure --prefix=/usr ROOTSBINDIR=%{_sbindir} +make %{?_smp_mflags} + +%install +rm -rf %{buildroot} +make install DESTDIR=%{buildroot} +mkdir -p %{buildroot}%{_sysconfdir}/%{name} +mkdir -p %{buildroot}%{_sysconfdir}/request-key.d +install -m 644 contrib/request-key.d/cifs.idmap.conf %{buildroot}%{_sysconfdir}/request-key.d +install -m 644 contrib/request-key.d/cifs.spnego.conf %{buildroot}%{_sysconfdir}/request-key.d + +%clean +rm -rf %{buildroot} + +%files +%defattr(-,root,root,-) +%doc +%{_bindir}/getcifsacl +%{_bindir}/setcifsacl +%{_bindir}/cifscreds +%{_sbindir}/mount.cifs +%{_sbindir}/cifs.upcall +%{_sbindir}/cifs.idmap +%{_libdir}/%{name}/idmapwb.so +%{_mandir}/man1/getcifsacl.1.gz +%{_mandir}/man1/setcifsacl.1.gz +%{_mandir}/man1/cifscreds.1.gz +%{_mandir}/man8/cifs.upcall.8.gz +%{_mandir}/man8/cifs.idmap.8.gz +%{_mandir}/man8/mount.cifs.8.gz +%{_mandir}/man8/idmapwb.8.gz +%ghost %{_sysconfdir}/cifs-utils/idmap-plugin +%config(noreplace) %{_sysconfdir}/request-key.d/cifs.idmap.conf +%config(noreplace) %{_sysconfdir}/request-key.d/cifs.spnego.conf + +%post +/usr/sbin/alternatives --install /etc/cifs-utils/idmap-plugin cifs-idmap-plugin %{_libdir}/%{name}/idmapwb.so 10 + +%preun +if [ $1 = 0 ]; then + /usr/sbin/alternatives --remove cifs-idmap-plugin %{_libdir}/%{name}/idmapwb.so +fi + +%files devel +%{_includedir}/cifsidmap.h + +%changelog +* Mon Apr 03 2017 Sachin Prabhu - 6.2-10 +- aclocal: fix typo in idmap.m4 +- mount.cifs: Removed extra comma in front of domain +- mount.cifs: Accept empty domains on the command line +- mount.cifs: Fixed command line parsing and aligned with kernel +- mount.cifs: Remove unneeded stdbool header include +- manpage: document mfsymlinks in the mount.cifs man page + +* Thu Jun 30 2016 Sachin Prabhu - 6.2-9 +- Use $(DEFS) when building idmapwb.so + +* Thu Jun 30 2016 Sachin Prabhu - 6.2-8 +- Prevent unnecessary linking of libwbclient +- Uppercase orig_dev on 2nd try at mounting +- Include paths.h in mtab.c +- Clarify use of backupuid/backupgid in manpage +- Ignore x-* mount options + +* Fri Aug 29 2014 Sachin Prabhu - 6.2-7 +- use krb5_kt_default() to determine default keytab location (bz#1083795) + +* Fri Jan 24 2014 Daniel Mach - 6.2-6 +- Mass rebuild 2014-01-24 + +* Fri Dec 27 2013 Daniel Mach - 6.2-5 +- Mass rebuild 2013-12-27 + +* Mon Oct 14 2013 Jeff Layton 6.2-4 +- fix use-after-free in asn1_write + +* Fri Oct 11 2013 Jeff Layton 6.2-3 +- fixes for bugs reported by coverity: +- update bad bit shift patch with one that patches getcifsacl.c too +- remove some dead code from getcifsacl.c, asn1.c, and data_blob.c +- fix bad handling of allocated memory in del_mtab in mount.cifs.c + +* Wed Oct 09 2013 Jeff Layton 6.2-2 +- fix bad bit shift in setcifsacl.c (bz#1016932) + +* Mon Oct 07 2013 Jeff Layton 6.2-1 +- update to 6.2 release + +* Tue Jul 16 2013 Jeff Layton 6.1-3 +- allow setcifsacl to work if plugin can't be loaded (#985067) + +* Tue Jul 16 2013 Jeff Layton 6.1-2 +- Convert idmapping plugin symlink to use alternatives system (#984643) + +* Wed Jul 03 2013 Jeff Layton 6.1-1 +- update to 6.1 release + +* Mon Mar 25 2013 Jeff Layton 6.0-1 +- update to 6.0 release + +* Wed Feb 13 2013 Fedora Release Engineering - 5.9-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Sun Jan 13 2013 Jeff Layton 5.9-3 +- comment fixes in cifsidmap.h + +* Sun Jan 13 2013 Jeff Layton 5.9-2 +- fix regression in credential file handling + +* Mon Jan 07 2013 Jeff Layton 5.9-1 +- update to 5.9 +- move mount.cifs to /usr/sbin per new packaging guidelines +- add -devel package to hold cifsidmap.h + +* Sun Nov 11 2012 Jeff Layton 5.8-1 +- update to 5.8 + +* Wed Nov 07 2012 Jeff Layton 5.7-3 +- update to latest patches queued for 5.8. More idmapping and ACL tool fixes. + +* Sun Nov 04 2012 Jeff Layton 5.7-2 +- update to latest patches queued for 5.8. Mostly idmapping and ACL tool fixes. + +* Tue Oct 09 2012 Jeff Layton 5.7-1 +- update to 5.7 + +* Fri Aug 24 2012 Jeff Layton 5.6-2 +- update to current upstream head + +* Thu Jul 26 2012 Jeff Layton 5.6-1 +- update to 5.6 + +* Wed Jul 18 2012 Fedora Release Engineering - 5.5-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Mon Jul 09 2012 Jeff Layton 5.5-2 +- remove -Werror flag +- enable PIE and RELRO + +* Wed May 30 2012 Jeff Layton 5.5-1 +- update to 5.5 + +* Wed Apr 25 2012 Jeff Layton 5.4-2 +- rebuild to fix dependencies due to libwbclient changes + +* Wed Apr 18 2012 Jeff Layton 5.4-1 +- update to 5.4 +- add patch to fix up more warnings + +* Mon Mar 19 2012 Jeff Layton 5.3-4 +- fix tests for strtoul success (bz# 800621) + +* Wed Feb 08 2012 Jeff Layton 5.3-3 +- revert mount.cifs move. It's unnecessary at this point. + +* Wed Feb 08 2012 Jeff Layton 5.3-2 +- move mount.cifs to /usr/sbin per new packaging guidelines + +* Sat Jan 28 2012 Jeff Layton 5.3-1 +- update to 5.3 + +* Thu Jan 12 2012 Fedora Release Engineering - 5.2-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Fri Dec 09 2011 Jeff Layton 5.2-2 +- add /etc/request-key.d files + +* Fri Dec 09 2011 Jeff Layton 5.2-1 +- update to 5.2 + +* Fri Sep 23 2011 Jeff Layton 5.1-1 +- update to 5.1 +- add getcifsacl and setcifsacl to package + +* Fri Jul 29 2011 Jeff Layton 5.0-2 +- mount.cifs: fix check_newline retcode check (bz# 726717) + +* Wed Jun 01 2011 Jeff Layton 5.0-1 +- update to 5.0 + +* Mon May 16 2011 Jeff Layton 4.9-2 +- mount.cifs: pass unadulterated device string to kernel (bz# 702664) + +* Fri Mar 04 2011 Jeff Layton 4.9-1 +- update to 4.9 + +* Tue Feb 08 2011 Jeff Layton 4.8.1-4 +- mount.cifs: reenable CAP_DAC_READ_SEARCH when mounting (bz# 675761) + +* Tue Feb 08 2011 Fedora Release Engineering - 4.8.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Tue Feb 01 2011 Jeff Layton 4.8.1-2 +- mount.cifs: don't update mtab if it's a symlink (bz# 674101) + +* Fri Jan 21 2011 Jeff Layton 4.8.1-1 +- update to 4.8.1 + +* Sat Jan 15 2011 Jeff Layton 4.8-1 +- update to 4.8 + +* Tue Oct 19 2010 Jeff Layton 4.7-1 +- update to 4.7 + +* Fri Jul 30 2010 Jeff Layton 4.6-1 +- update to 4.6 + +* Tue Jun 01 2010 Jeff Layton 4.5-2 +- mount.cifs: fix parsing of cred= option (BZ#597756) + +* Tue May 25 2010 Jeff Layton 4.5-1 +- update to 4.5 + +* Thu Apr 29 2010 Jeff Layton 4.4-3 +- mount.cifs: fix regression in prefixpath patch + +* Thu Apr 29 2010 Jeff Layton 4.4-2 +- mount.cifs: strip leading delimiter from prefixpath + +* Wed Apr 28 2010 Jeff Layton 4.4-1 +- update to 4.4 + +* Sat Apr 17 2010 Jeff Layton 4.3-2 +- fix segfault when address list is exhausted (BZ#583230) + +* Fri Apr 09 2010 Jeff Layton 4.3-1 +- update to 4.3 + +* Fri Apr 02 2010 Jeff Layton 4.2-1 +- update to 4.2 + +* Tue Mar 23 2010 Jeff Layton 4.1-1 +- update to 4.1 + +* Mon Mar 08 2010 Jeff Layton 4.0-2 +- fix bad pointer dereference in IPv6 scopeid handling + +* Wed Mar 03 2010 Jeff Layton 4.0-1 +- update to 4.0 +- minor specfile fixes + +* Fri Feb 26 2010 Jeff Layton 4.0-1rc1 +- update to 4.0rc1 +- fix prerelease version handling + +* Mon Feb 08 2010 Jeff Layton 4.0a1-1 +- first RPM package build +