[SCM] Samba Shared Repository - branch v3-devel updated - release-3-2-0pre2-3798-gd8018d1

jlayton at samba.org jlayton at samba.org
Thu Aug 21 23:42:41 GMT 2008


The branch, v3-devel has been updated
       via  d8018d15f013b8d7be8618b75dac5112711193b7 (commit)
       via  5c9a1b2c98cc712fc519225e62fba4e5088631a3 (commit)
       via  6287e13b34efeaa8fd94c7c6d99468350ce6172e (commit)
       via  c75791c34abebe23c6f6a5534b0358514ec4eabc (commit)
      from  33019fe2b5f521c143fc79edb915eca69b9ed98d (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-devel


- Log -----------------------------------------------------------------
commit d8018d15f013b8d7be8618b75dac5112711193b7
Author: Jeff Layton <jlayton at redhat.com>
Date:   Mon Aug 18 13:49:59 2008 -0400

    cifs.upcall: enable building by default on linux
    
    When building on linux, default to building cifs.upcall. Throw a
    warning if ADS support is disabled or keyutils isn't installed.
    
    Signed-off-by: Jeff Layton <jlayton at redhat.com>

commit 5c9a1b2c98cc712fc519225e62fba4e5088631a3
Author: Jeff Layton <jlayton at redhat.com>
Date:   Mon Aug 18 13:49:59 2008 -0400

    cifs.upcall: move default install location to EPREFIX/sbin
    
    cifs.upcall links to libraries that live under /usr, so installing it
    in /sbin doesn't seem appropriate. Move it to EPREFIX/sbin instead
    (i.e. /usr/sbin).
    
    Signed-off-by: Jeff Layton <jlayton at redhat.com>

commit 6287e13b34efeaa8fd94c7c6d99468350ce6172e
Author: Jeff Layton <jlayton at redhat.com>
Date:   Tue Aug 19 21:29:41 2008 -0400

    cifs.upcall: handle MSKRB5 OID properly
    
    When the kernel sends the upcall a sec=mskrb5 parameter, that means
    the the MSKRB5 OID is preferred by the server. This patch fixes the
    upcall to use that OID in place of the "normal" krb5 OID when it
    gets a sec=mskrb5 parameter.
    
    Signed-off-by: Jeff Layton <jlayton at redhat.com>
    Acked-by: Steve French <smfrench at gmail.com>

commit c75791c34abebe23c6f6a5534b0358514ec4eabc
Author: Jeff Layton <jlayton at redhat.com>
Date:   Sat Aug 16 06:09:29 2008 -0400

    mount.cifs: don't prompt for password on krb5 mounts
    
    krb5 mounts require that the user already have a valid krb5 ticket.
    Since we can't currently use the password entered, don't prompt for it.
    
    Also, switch to using strncmp instead of strcmp here.
    
    Signed-off-by: Jeff Layton <jlayton at redhat.com>

-----------------------------------------------------------------------

Summary of changes:
 source/Makefile.in          |    8 ++++----
 source/client/cifs.upcall.c |   18 +++++++++++++-----
 source/client/mount.cifs.c  |    3 ++-
 source/configure.in         |   23 +++++++++++++++++++----
 4 files changed, 38 insertions(+), 14 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/Makefile.in b/source/Makefile.in
index c77404b..4e15bf7 100644
--- a/source/Makefile.in
+++ b/source/Makefile.in
@@ -178,9 +178,9 @@ PATH_FLAGS = -DSMB_PASSWD_FILE=\"$(SMB_PASSWD_FILE)\" \
 
 # Note that all executable programs now provide for an optional executable suffix.
 
-SBIN_PROGS = bin/smbd at EXEEXT@ bin/nmbd at EXEEXT@ @SWAT_SBIN_TARGETS@ @EXTRA_SBIN_PROGS@
+SBIN_PROGS = bin/smbd at EXEEXT@ bin/nmbd at EXEEXT@ @SWAT_SBIN_TARGETS@ @EXTRA_SBIN_PROGS@ @CIFSUPCALL_PROGS@
 
-ROOT_SBIN_PROGS = @CIFSMOUNT_PROGS@ @CIFSUPCALL_PROGS@
+ROOT_SBIN_PROGS = @CIFSMOUNT_PROGS@
 
 BIN_PROGS1 = bin/smbclient at EXEEXT@ bin/net at EXEEXT@ bin/smbspool at EXEEXT@ \
 	bin/testparm at EXEEXT@ bin/smbstatus at EXEEXT@ bin/smbget at EXEEXT@
@@ -2488,8 +2488,8 @@ installcifsmount:: @CIFSMOUNT_PROGS@
 	@$(SHELL) script/installbin.sh $(INSTALLPERMS_BIN) $(DESTDIR) $(prefix) $(ROOTSBINDIR) @CIFSMOUNT_PROGS@
 
 installcifsupcall:: @CIFSUPCALL_PROGS@
-	@$(SHELL) $(srcdir)/script/installdirs.sh $(INSTALLPERMS_BIN) $(DESTDIR) $(ROOTSBINDIR)
-	@$(SHELL) script/installbin.sh $(INSTALLPERMS_BIN) $(DESTDIR) $(prefix) $(ROOTSBINDIR) @CIFSUPCALL_PROGS@
+	@$(SHELL) $(srcdir)/script/installdirs.sh $(INSTALLPERMS_BIN) $(DESTDIR) $(SBINDIR)
+	@$(SHELL) script/installbin.sh $(INSTALLPERMS_BIN) $(DESTDIR) $(prefix) $(SBINDIR) @CIFSUPCALL_PROGS@
 
 # Some symlinks are required for the 'probing' of modules.
 # This mechanism should go at some point..
diff --git a/source/client/cifs.upcall.c b/source/client/cifs.upcall.c
index aa5eb57..fd3ed17 100644
--- a/source/client/cifs.upcall.c
+++ b/source/client/cifs.upcall.c
@@ -29,7 +29,7 @@ create dns_resolver * * /usr/local/sbin/cifs.upcall %k
 
 #include "cifs_spnego.h"
 
-const char *CIFSSPNEGO_VERSION = "1.1";
+const char *CIFSSPNEGO_VERSION = "1.2";
 static const char *prog = "cifs.upcall";
 typedef enum _secType {
 	KRB5,
@@ -73,7 +73,7 @@ int handle_krb5_mech(const char *oid, const char *principal,
 	tkt_wrapped = spnego_gen_krb5_wrap(tkt, TOK_ID_KRB_AP_REQ);
 
 	/* and wrap that in a shiny SPNEGO wrapper */
-	*secblob = gen_negTokenInit(OID_KERBEROS5, tkt_wrapped);
+	*secblob = gen_negTokenInit(oid, tkt_wrapped);
 
 	data_blob_free(&tkt_wrapped);
 	data_blob_free(&tkt);
@@ -118,6 +118,9 @@ int decode_key_description(const char *desc, int *ver, secType_t * sec,
 			if (strncmp(tkn + 4, "krb5", 4) == 0) {
 				retval |= DKD_HAVE_SEC;
 				*sec = KRB5;
+			} else if (strncmp(tkn + 4, "mskrb5", 6) == 0) {
+				retval |= DKD_HAVE_SEC;
+				*sec = MS_KRB5;
 			}
 		} else if (strncmp(tkn, "uid=", 4) == 0) {
 			errno = 0;
@@ -219,7 +222,7 @@ int main(const int argc, char *const argv[])
 	uid_t uid;
 	int kernel_upcall_version;
 	int c, use_cifs_service_prefix = 0;
-	char *buf, *hostname = NULL;
+	char *buf, *oid, *hostname = NULL;
 
 	openlog(prog, 0, LOG_DAEMON);
 
@@ -301,6 +304,7 @@ int main(const int argc, char *const argv[])
 
 	// do mech specific authorization
 	switch (sectype) {
+	case MS_KRB5:
 	case KRB5:{
 			char *princ;
 			size_t len;
@@ -319,8 +323,12 @@ int main(const int argc, char *const argv[])
 			}
 			strlcpy(princ + 5, hostname, len - 5);
 
-			rc = handle_krb5_mech(OID_KERBEROS5, princ,
-					      &secblob, &sess_key);
+			if (sectype == MS_KRB5)
+				oid = OID_KERBEROS5_OLD;
+			else
+				oid = OID_KERBEROS5;
+
+			rc = handle_krb5_mech(oid, princ, &secblob, &sess_key);
 			SAFE_FREE(princ);
 			break;
 		}
diff --git a/source/client/mount.cifs.c b/source/client/mount.cifs.c
index c7009e3..dd878aa 100644
--- a/source/client/mount.cifs.c
+++ b/source/client/mount.cifs.c
@@ -473,7 +473,8 @@ static int parse_options(char ** optionsp, int * filesys_flags)
 			}
 		} else if (strncmp(data, "sec", 3) == 0) {
 			if (value) {
-				if (!strcmp(value, "none"))
+				if (!strncmp(value, "none", 4) ||
+				    !strncmp(value, "krb5", 4))
 					got_password = 1;
 			}
 		} else if (strncmp(data, "ip", 2) == 0) {
diff --git a/source/configure.in b/source/configure.in
index 2f99e7c..5508d9b 100644
--- a/source/configure.in
+++ b/source/configure.in
@@ -4048,7 +4048,7 @@ INSTALL_CIFSUPCALL=""
 UNINSTALL_CIFSUPCALL=""
 AC_MSG_CHECKING(whether to build cifs.upcall)
 AC_ARG_WITH(cifsupcall,
-[AS_HELP_STRING([--with-cifsupcall], [Include cifs.upcall (Linux only) support (default=no)])],
+[AS_HELP_STRING([--with-cifsupcall], [Include cifs.upcall (Linux only) support (default=yes)])],
 [ case "$withval" in
   no)
 	AC_MSG_RESULT(no)
@@ -4074,9 +4074,24 @@ AC_ARG_WITH(cifsupcall,
 	esac
     ;;
   esac ],
-[
-  AC_MSG_RESULT(no)
-  ]
+[ case "$host_os" in
+  *linux*)
+	if test x"$use_ads" != x"yes"; then
+		AC_MSG_WARN(ADS support should be enabled for building cifs.upcall)
+	elif test x"$HAVE_KEYUTILS_H" != "x1"; then
+		AC_MSG_WARN(keyutils package is required for cifs.upcall)
+	else
+		AC_MSG_RESULT(yes)
+		AC_DEFINE(WITH_CIFSUPCALL,1,[whether to build cifs.upcall])
+		CIFSUPCALL_PROGS="bin/cifs.upcall"
+		INSTALL_CIFSUPCALL="installcifsupcall"
+		UNINSTALL_CIFSUPCALL="uninstallcifsupcall"
+	fi
+	;;
+  *)
+	AC_MSG_RESULT(no)
+	;;
+  esac ]
 )
 
 


-- 
Samba Shared Repository


More information about the samba-cvs mailing list