diff --git a/SOURCES/0001-autoconf-Use-DEFS-when-building-idmapwb.so.patch b/SOURCES/0001-autoconf-Use-DEFS-when-building-idmapwb.so.patch new file mode 100644 index 0000000..e119db8 --- /dev/null +++ b/SOURCES/0001-autoconf-Use-DEFS-when-building-idmapwb.so.patch @@ -0,0 +1,40 @@ +From c9f1860e0de31cc4e1e1fa70ef7842fbbee62878 Mon Sep 17 00:00:00 2001 +From: Sachin Prabhu +Date: Thu, 30 Jun 2016 15:47:39 +0100 +Subject: [PATCH] autoconf: Use $(DEFS) when building idmapwb.so + +Partial backport of upstream +7b2b35586d10c04f501222701c3382455a07ff9e + +We do not backport changes to the pam_cifscreds.so module as that is not +included in the RHEL 7 cifs-utils package. + +Original Summary: +We should pass the macros defined in $(DEFS) when building idmapwb.so +and pam_cifscreds.so. The autoconf process sets the macro HAVE_CONFIG_H +using the $(DEFS) variable. This macro has to be defined to allow the +source files to include config.h + +Resolves: bz 1289454 + +Signed-off-by: Sachin Prabhu +--- + Makefile.am | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Makefile.am b/Makefile.am +index 6407520..1c97f45 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -84,7 +84,7 @@ plugin_PROGRAMS = idmapwb.so + man_MANS += idmapwb.8 + + idmapwb.so: idmapwb.c +- $(CC) $(CFLAGS) $(AM_CFLAGS) $(WBCLIENT_CFLAGS) $(LDFLAGS) -shared -fpic -o $@ $+ $(WBCLIENT_LIBS) ++ $(CC) $(DEFS) $(CFLAGS) $(AM_CFLAGS) $(WBCLIENT_CFLAGS) $(LDFLAGS) -shared -fpic -o $@ $+ $(WBCLIENT_LIBS) + + idmapwb.8: idmapwb.8.in + $(SED) 's,[@]pluginpath@,$(pluginpath),' $(srcdir)/$@.in > $@-t && mv $@-t $@ +-- +2.5.5 + diff --git a/SOURCES/0001-autoconf-fix-link-of-libwbclient.patch b/SOURCES/0001-autoconf-fix-link-of-libwbclient.patch new file mode 100644 index 0000000..0fd100b --- /dev/null +++ b/SOURCES/0001-autoconf-fix-link-of-libwbclient.patch @@ -0,0 +1,38 @@ +From 38fdc7aff2991fd43f0b98fb0bacbc574477449c Mon Sep 17 00:00:00 2001 +From: Jeff Layton +Date: Sat, 7 Dec 2013 08:54:59 -0500 +Subject: [PATCH 1/5] autoconf: fix link of libwbclient + +It's currently getting added to $LIBS and being linked into places that +we don't need it. + +Signed-off-by: Jeff Layton +(cherry picked from commit 2152ccc3d61e5248c70360020a0aa279a24f852c) +Signed-off-by: Sachin Prabhu +--- + aclocal/idmap.m4 | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/aclocal/idmap.m4 b/aclocal/idmap.m4 +index c5727f6..3ccdae3 100644 +--- a/aclocal/idmap.m4 ++++ b/aclocal/idmap.m4 +@@ -21,6 +21,7 @@ fi + + if test $enable_cifsacl != "no" -o $enable_cifsacl != "no"; then + ac_wbc_save_LDFLAGS="$LDFLAGS" ++ ac_wbc_save_LIBS="$LIBS" + LDFLAGS="$LDFLAGS $WBCLIENT_LIBS" + AC_CHECK_LIB(wbclient, wbcSidsToUnixIds, , [ + if test "$enable_cifsidmap" = "yes"; then +@@ -37,6 +38,7 @@ if test $enable_cifsacl != "no" -o $enable_cifsacl != "no"; then + fi + ]) + LDFLAGS=$ac_wbc_save_LDFLAGS ++ LIBS=$ac_wbc_save_LIBS + fi + + if test $enable_cifsacl != "no"; then +-- +2.5.5 + diff --git a/SOURCES/0002-mount.cifs-on-2nd-try-mount.cifs-must-also-uppercase.patch b/SOURCES/0002-mount.cifs-on-2nd-try-mount.cifs-must-also-uppercase.patch new file mode 100644 index 0000000..9c4e052 --- /dev/null +++ b/SOURCES/0002-mount.cifs-on-2nd-try-mount.cifs-must-also-uppercase.patch @@ -0,0 +1,37 @@ +From 79b96cd5ed49095ee2b2d7219b5dfa3746505458 Mon Sep 17 00:00:00 2001 +From: Guenter Kukkukk +Date: Tue, 1 Jul 2014 17:43:55 +0200 +Subject: [PATCH 2/5] mount.cifs: on 2nd try mount.cifs must also uppercase + "orig_dev" + +Recent kernels now ignore "unc=..." mount option. mount.cifs, when +getting errno=ENXIO, retries the mount with uppercased hostname, +sharename and prefixpath in the "unc=..." mount option, which is ignored +now in the kernel. Used e.g. during OS/2 mounts, which fail now. + +Also uppercase the now used "orig_dev" parameter. + +Signed-off-by: Guenter Kukkukk +(cherry picked from commit 43fd65ba0fca85a86a79e84bb2bc42b531d858e6) +Signed-off-by: Sachin Prabhu +--- + mount.cifs.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/mount.cifs.c b/mount.cifs.c +index 497665d..3535096 100644 +--- a/mount.cifs.c ++++ b/mount.cifs.c +@@ -2097,7 +2097,8 @@ mount_retry: + if (!already_uppercased && + uppercase_string(parsed_info->host) && + uppercase_string(parsed_info->share) && +- uppercase_string(parsed_info->prefix)) { ++ uppercase_string(parsed_info->prefix) && ++ uppercase_string(orig_dev)) { + fprintf(stderr, + "Retrying with upper case share name\n"); + already_uppercased = 1; +-- +2.5.5 + diff --git a/SOURCES/0003-mtab.c-include-paths.h-for-_PATH_MOUNTED.patch b/SOURCES/0003-mtab.c-include-paths.h-for-_PATH_MOUNTED.patch new file mode 100644 index 0000000..b8f910f --- /dev/null +++ b/SOURCES/0003-mtab.c-include-paths.h-for-_PATH_MOUNTED.patch @@ -0,0 +1,27 @@ +From d21be1c7ef96bad7aa2a38791def4f562a8f56a8 Mon Sep 17 00:00:00 2001 +From: Felix Janda +Date: Fri, 5 Dec 2014 23:19:29 +0100 +Subject: [PATCH 3/5] mtab.c: include for _PATH_MOUNTED + +Signed-off-by: Felix Janda +(cherry picked from commit 6603cef0f06c450196a1bca06bb143d8fcda5651) +Signed-off-by: Sachin Prabhu +--- + mtab.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/mtab.c b/mtab.c +index 7b365b3..a662a3c 100644 +--- a/mtab.c ++++ b/mtab.c +@@ -38,6 +38,7 @@ + #include + #include + #include ++#include + #include "mount.h" + #include "config.h" + +-- +2.5.5 + diff --git a/SOURCES/0004-manpage-clarify-use-of-backupuid-and-backupgid-in-mo.patch b/SOURCES/0004-manpage-clarify-use-of-backupuid-and-backupgid-in-mo.patch new file mode 100644 index 0000000..8e0b2a3 --- /dev/null +++ b/SOURCES/0004-manpage-clarify-use-of-backupuid-and-backupgid-in-mo.patch @@ -0,0 +1,50 @@ +From b54e00beddd4343e746c7ead585ef607dbf48cff Mon Sep 17 00:00:00 2001 +From: Uri Simchoni +Date: Thu, 19 Nov 2015 21:48:15 +0200 +Subject: [PATCH 4/5] manpage: clarify use of backupuid and backupgid in + mount.cifs.8 + +Assert that backup intent shall only be attempted if the user matches +the backupuid or backupgid parameter. + +Signed-off-by: Uri Simchoni +Signed-off-by: Jeff Layton +(cherry picked from commit dd13ac8a25d409a0d3d068b5b2b96f921f2613f2) +Signed-off-by: Sachin Prabhu +--- + mount.cifs.8 | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/mount.cifs.8 b/mount.cifs.8 +index 2643145..af6b097 100644 +--- a/mount.cifs.8 ++++ b/mount.cifs.8 +@@ -310,14 +310,14 @@ for more information\&. + .PP + backupuid=\fIarg\fR + .RS 4 +-Restrict access to files with the backup intent to a user. Either a name or an id must be provided as an argument, there are no default values. ++File access by this user shall be done with the backup intent flag set. Either a name or an id must be provided as an argument, there are no default values. + .sp + See section \fIACCESSING FILES WITH BACKUP INTENT\fR for more details + .RE + .PP + backupgid=\fIarg\fR + .RS 4 +-Restrict access to files with the backup intent to a group. Either a name or an id must be provided as an argument, there are no default values. ++File access by users who are members of this group shall be done with the backup intent flag set. Either a name or an id must be provided as an argument, there are no default values. + .sp + See section \fIACCESSING FILES WITH BACKUP INTENT\fR for more details + .RE +@@ -767,7 +767,7 @@ But the user testuser, if it becomes part of the group Backup Operators, can ope + Any user on the client side who can authenticate as such a user on the server, + can access the files with the backup intent. But it is desirable and preferable for security reasons amongst many, to restrict this special right. + +-The mount option backupuid is used to restrict this special right to a user which is specified by either a name or an id. The mount option backupgid is used to restrict this special right to the users in a group which is specified by either a name or an id. These two mount options can be used together. ++The mount option backupuid is used to restrict this special right to a user which is specified by either a name or an id. The mount option backupgid is used to restrict this special right to the users in a group which is specified by either a name or an id. Only users maching either backupuid or backupgid shall attempt to access files with backup intent. These two mount options can be used together. + .SH "FILE AND DIRECTORY OWNERSHIP AND PERMISSIONS" + .PP + The core CIFS protocol does not provide unix ownership information or mode for files and directories\&. Because of this, files and directories will generally appear to be owned by whatever values the uid= or gid= options are set, and will have permissions set to the default file_mode and dir_mode for the mount\&. Attempting to change these values via chmod/chown will return success but have no effect\&. +-- +2.5.5 + diff --git a/SOURCES/0005-mount.cifs-ignore-x-mount-options.patch b/SOURCES/0005-mount.cifs-ignore-x-mount-options.patch new file mode 100644 index 0000000..5aa0a09 --- /dev/null +++ b/SOURCES/0005-mount.cifs-ignore-x-mount-options.patch @@ -0,0 +1,42 @@ +From cf3af6ab831129e7f8e50eb00d9a4120e297cf7a Mon Sep 17 00:00:00 2001 +From: Karel Zak +Date: Thu, 7 Jan 2016 11:02:49 +0100 +Subject: [PATCH 5/5] mount.cifs: ignore x-* mount options + +x-* prefix is used for userspace mount options and it's pretty +commonly used to extend fstab configuration in systemd world (e.g. +x-systemd.automount). These options is necessary to ignored. + +The command mount(8) does not pass x-* mount options to mount. +helpers, but in some use-cases it's possible that the cifs helper reads +mount options from fstab or users directly call mount.cifs and copy & past +mount options, etc. + +This patch marks all options prefixed by "x-" as OPT_IGNORE to make +things more robust for end-users. We already uses the same concept for +_netdev. + +Signed-off-by: Karel Zak +Signed-off-by: Jeff Layton +(cherry picked from commit be5046ae3fabca17f19672f7b4019efb6a869298) +Signed-off-by: Sachin Prabhu +--- + mount.cifs.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/mount.cifs.c b/mount.cifs.c +index 3535096..5c5734f 100644 +--- a/mount.cifs.c ++++ b/mount.cifs.c +@@ -756,6 +756,8 @@ static int parse_opt_token(const char *token) + return OPT_BKUPGID; + if (strncmp(token, "nofail", 6) == 0) + return OPT_NOFAIL; ++ if (strncmp(token, "x-", 2) == 0) ++ return OPT_IGNORE; + + return OPT_ERROR; + } +-- +2.5.5 + diff --git a/SPECS/cifs-utils.spec b/SPECS/cifs-utils.spec index 13824c5..e75825d 100644 --- a/SPECS/cifs-utils.spec +++ b/SPECS/cifs-utils.spec @@ -3,7 +3,7 @@ Name: cifs-utils Version: 6.2 -Release: 7%{pre_release}%{?dist} +Release: 9%{pre_release}%{?dist} Summary: Utilities for mounting and managing CIFS mounts Group: System Environment/Daemons @@ -23,8 +23,14 @@ Patch2: 0002-getcifsacl-remove-some-dead-code.patch Patch3: 0003-asn1-remove-some-usused-functions.patch Patch4: 0004-data_blob-clean-out-unused-functions.patch Patch5: 0005-mount.cifs-fix-bad-free-of-string-returned-by-dirnam.patch -Patch6: 0001-asn1-fix-use-after-free-in-asn1_write.patch -Patch7: 0001-cifs-use-krb5_kt_default-to-determine-default-keytab.patch +Patch6: 0001-asn1-fix-use-after-free-in-asn1_write.patch +Patch7: 0001-cifs-use-krb5_kt_default-to-determine-default-keytab.patch +Patch8: 0001-autoconf-fix-link-of-libwbclient.patch +Patch9: 0002-mount.cifs-on-2nd-try-mount.cifs-must-also-uppercase.patch +Patch10: 0003-mtab.c-include-paths.h-for-_PATH_MOUNTED.patch +Patch11: 0004-manpage-clarify-use-of-backupuid-and-backupgid-in-mo.patch +Patch12: 0005-mount.cifs-ignore-x-mount-options.patch +Patch13: 0001-autoconf-Use-DEFS-when-building-idmapwb.so.patch %description The SMB/CIFS protocol is a standard file sharing protocol widely deployed @@ -52,6 +58,12 @@ necessary for building ID mapping plugins for cifs-utils. %patch5 -p1 %patch6 -p1 %patch7 -p1 +%patch8 -p1 +%patch9 -p1 +%patch10 -p1 +%patch11 -p1 +%patch12 -p1 +%patch13 -p1 %build %configure --prefix=/usr ROOTSBINDIR=%{_sbindir} @@ -101,6 +113,16 @@ fi %{_includedir}/cifsidmap.h %changelog +* Thu Jun 30 2016 Sachin Prabhu - 6.2-9 +- Use $(DEFS) when building idmapwb.so + +* Thu Jun 30 2016 Sachin Prabhu - 6.2-8 +- Prevent unnecessary linking of libwbclient +- Uppercase orig_dev on 2nd try at mounting +- Include paths.h in mtab.c +- Clarify use of backupuid/backupgid in manpage +- Ignore x-* mount options + * Fri Aug 29 2014 Sachin Prabhu - 6.2-7 - use krb5_kt_default() to determine default keytab location (bz#1083795)