ANNOUNCE: cifs-utils release 5.3 is ready for download
Jeff Layton
jlayton at samba.org
Sat Jan 28 06:47:42 MST 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
With the overhaul of the cifscreds utility, I figured this would be a
good time to do a new release.
Highlights:
* admins can now tell cifs.upcall to use an alternate krb5.conf file
* on remount, mount.cifs no longer adds a duplicate mtab entry
* the cifscreds utility has seen a major overhaul to allow for
multiuser mounts without krb5 auth
webpage: https://wiki.samba.org/index.php/LinuxCIFS_utils
tarball: ftp://ftp.samba.org/pub/linux-cifs/cifs-utils/
git: git://git.samba.org/cifs-utils.git
gitweb: http://git.samba.org/?p=cifs-utils.git;a=summary
Detailed list of changes since 5.1:
commit c3fff275e873fd9b9639124e993dd4ad737614db
Author: Jeff Layton <jlayton at samba.org>
Date: Fri Dec 9 21:36:00 2011 -0500
autoconf: bump release to 5.2.1 for interim builds
Signed-off-by: Jeff Layton <jlayton at samba.org>
commit 2a9738cefaf8a9496ff0683e18357b3548da0b28
Author: Jeff Layton <jlayton at samba.org>
Date: Sat Dec 10 06:49:33 2011 -0500
contrib: add a set of sample /etc/request-key.d files
Add a contrib directory, a set of sample /etc/request-key.d files and
a README that explains what they're for. This version sets the path
to the upcall programs based on the configure options.
Signed-off-by: Jeff Layton <jlayton at samba.org>
commit cee919c2f3fb7b96518b800680664a15a6551d93
Author: Jeff Layton <jlayton at samba.org>
Date: Tue Jan 10 18:30:56 2012 -0500
get/setcifsacl: don't link in -lkeyutils
These binaries don't use keys API at all. There's no need to link in
the keys library.
Reported-by: Frédéric L. W. Meunier <fredlwm at fredlwm.net>
Signed-off-by: Jeff Layton <jlayton at samba.org>
Acked-by: Shirish Pargaonkar <shirishpargaonkar at gmail.com>
commit 80682b216fed9ea52e1498890eb248567aba2a06
Author: Jeff Layton <jlayton at samba.org>
Date: Tue Jan 10 18:34:43 2012 -0500
cifs.upcall: allow admins to specify an alternate krb5.conf file
This was actually requested by the Red Hat QA group, who sometimes work
with multiple krb5.conf files when testing.
Requested-by: Marko Myllynen <myllynen at redhat.com>
Signed-off-by: Jeff Layton <jlayton at samba.org>
commit f46dd7661cfb87257c95081fc2071c934bfbbb16
Author: Carlos Maiolino <cmaiolino at redhat.com>
Date: Mon Jan 16 12:29:49 2012 -0500
mount.cifs: Properly update mtab during remount
During a remount of a cifs filesystem, the mtab file is not properly
updated, which leads to a doubled entry of the same filesystem in the
/etc/mtab file. This patch adds a new function del_mtab() which is
called before the add_mtab() in case the fs is being remounted.
The del_mtab() function will delete from the mtab, the old entry from
the filesystem which is being remounted, and then, calls add_mtab() to
add an updated entry to the mtab file.
Signed-off-by: Carlos Maiolino <cmaiolino at redhat.com>
commit 92be8b6775958814d39fb19247ff85947a2e4f9e
Author: Jeff Layton <jlayton at samba.org>
Date: Mon Jan 16 13:22:28 2012 -0500
mount.cifs: handle errors from rename() in del_mtab
The new del_mtab code ignored errors from rename(). Make it handle that
error as well like it does other errors.
Cc: Carlos Maiolino <cmaiolino at redhat.com>
Signed-off-by: Jeff Layton <jlayton at samba.org>
commit 9da16c91477293e7b367127b0bdec92d9613440f
Author: Jeff Layton <jlayton at samba.org>
Date: Tue Jan 17 14:43:23 2012 -0500
util: move getusername to util.c
Signed-off-by: Jeff Layton <jlayton at samba.org>
commit 0c84231d1a735c10cad94b47a4a5e5eb560d1cdb
Author: Jeff Layton <jlayton at samba.org>
Date: Tue Jan 17 14:43:23 2012 -0500
cifscreds: add unused attribute to argv parm in cifscreds_clearall
...to eliminate this warning:
cifscreds.c: In function ‘cifscreds_clearall’:
cifscreds.c:422:47: warning: unused parameter ‘argv’
Signed-off-by: Jeff Layton <jlayton at samba.org>
commit 57881972fa03c3624ea06f3245e1ba6c84cc2d68
Author: Jeff Layton <jlayton at samba.org>
Date: Tue Jan 17 14:43:23 2012 -0500
cifscreds: eliminate domain parm from most functions
Eventually we'll add this back in a different way. The domain and
address should be exclusive of one another. IOW, we want the kernel to
be able to find credentials for a specific address or for the domain of
which the server is a member.
Signed-off-by: Jeff Layton <jlayton at samba.org>
commit d8b906abc655726079aaff753b3dfa7517b19067
Author: Jeff Layton <jlayton at samba.org>
Date: Tue Jan 17 14:43:24 2012 -0500
cifscreds: remove user parameter from create_description
The username should be part of the key payload and not part of
the description. Also, prefix the address with an "a:" in the
description. Eventually we'll also need a "domain" key variant.
Signed-off-by: Jeff Layton <jlayton at samba.org>
commit 1578af7afadf0c9cb132ea9224c877dced1f0114
Author: Jeff Layton <jlayton at samba.org>
Date: Tue Jan 17 14:43:24 2012 -0500
cifscreds: make username part of value instead of description
Change the payload to be "username:password". Since usernames can't
contain ':', this is suitable delimiter. Also, create_description
is just a sprintf now, so eliminate it.
Signed-off-by: Jeff Layton <jlayton at samba.org>
commit c00f56c895b184a5380412f047b4251f88d0f0b8
Author: Jeff Layton <jlayton at samba.org>
Date: Tue Jan 17 14:43:24 2012 -0500
cifscreds: make usage use "return" and have callers return
...banish the use of exit(), which may be helpful in the future in
the event that we eventually move some of this code into a library.
Signed-off-by: Jeff Layton <jlayton at samba.org>
commit 5a0b558819b255605fb4f679162bc8ffaee870c2
Author: Jeff Layton <jlayton at samba.org>
Date: Tue Jan 17 14:43:24 2012 -0500
cifscreds: move option parsing into main()
Having to parse options in every command routine is cumbersome and
restrictive. Declare a struct to hold arguments, and then have the
functions take that struct as an argument.
Signed-off-by: Jeff Layton <jlayton at samba.org>
commit 299ba2fc82d5e7716ef7490259de97c274a3a7af
Author: Jeff Layton <jlayton at samba.org>
Date: Tue Jan 17 14:43:24 2012 -0500
cifscreds: make username parameter optional
...and use getopt_long to get it. If someone doesn't specify the username,
use getusername() to get it.
Signed-off-by: Jeff Layton <jlayton at samba.org>
commit b6e577b152b6c9d12710244d9d778219d8c8ad89
Author: Jeff Layton <jlayton at samba.org>
Date: Tue Jan 17 14:43:24 2012 -0500
cifscreds: add --domain flag
...to indicate that the first argument is not a hostname but an
NT domain name. If it's set, then treat the argument as a
string literal.
Signed-off-by: Jeff Layton <jlayton at samba.org>
commit 9758d87315a800e238b7011b7879dcfb9b1339d3
Author: Jeff Layton <jlayton at samba.org>
Date: Tue Jan 17 14:43:24 2012 -0500
cifscreds: loosen allowed characters in domain names
As Donald points out, NetBIOS domains are allowed more characters than
the code currently allows. Change the test to one that checks for
disallowed characters instead.
Also, I can't find anything that says that '@' is not allowed in a
username. Might as well allow that too. Worst case, the server will
reject the username.
Reported-by: Donald R. Gray Jr <donald.r.gray at gmail.com>
Signed-off-by: Jeff Layton <jlayton at samba.org>
commit 4fee11f2e35b08e4184c2f4615074ad0b187b84a
Author: Jeff Layton <jlayton at samba.org>
Date: Tue Jan 17 14:43:24 2012 -0500
cifscreds: use the session keyring
This seems like a reasonable change, but I'm willing to listen to
arguments to the contrary...
cifscreds currently hangs the keys off of the uid keyring. It seems
more appropriate though that we require that each session have its
own set. This might be particularly important in a containerized
situation. If a user authenticates in one container, then we probably
don't want to allow a user in another to "borrow" those creds.
Signed-off-by: Jeff Layton <jlayton at samba.org>
commit 32238d0e8e0994b0614d31f6922c7bfa56ac74bc
Author: Jeff Layton <jlayton at samba.org>
Date: Tue Jan 17 16:35:50 2012 -0500
cifscreds: make cifscreds use the "logon" key_type
...and have it loosen the permissions to allow searching. There seems
to be no clear way to make user keys unreadable, but still allow for
them to be searched, so we'll need a new key_type that doesn't allow
you to read the payload from userspace. That will be proposed in a
separate kernel patch.
Signed-off-by: Jeff Layton <jlayton at samba.org>
commit aed556765b5b7c42cee5107ab7fd657732e15df8
Author: Jeff Layton <jlayton at samba.org>
Date: Tue Jan 17 16:35:55 2012 -0500
cifscreds: make key_search use keyctl_search
...which is much more efficient than walking the keyring by hand.
Signed-off-by: Jeff Layton <jlayton at samba.org>
commit a4e917e6b365414a963fb4f25e7be5d75e12b832
Author: Jeff Layton <jlayton at samba.org>
Date: Tue Jan 17 16:35:55 2012 -0500
cifscreds: change prefix on keys to "cifs:" instead of "cifscreds:"
The "creds" portion seems redundant.
Signed-off-by: Jeff Layton <jlayton at samba.org>
commit 569c33567c65723d60bac30bd5bfe4a9a310258a
Author: Jeff Layton <jlayton at samba.org>
Date: Tue Jan 24 08:30:16 2012 -0500
cifscreds: add a manpage
...I'm also including the POD sources here for easier editing, but we
may remove them in the future if it becomes burdensome to keep up 2
copies.
Signed-off-by: Jeff Layton <jlayton at samba.org>
commit 221c67dd114be2a33ecbc18797d43898e513b659
Author: Jeff Layton <jlayton at samba.org>
Date: Tue Jan 24 08:34:09 2012 -0500
cifscreds: build it by default
...but either error out or disable it if keyutils.h isn't present.
Signed-off-by: Jeff Layton <jlayton at samba.org>
commit 9dd2c53ef26b6c0179494bacfea8f1f732be2270
Author: Jeff Layton <jlayton at samba.org>
Date: Sat Jan 28 08:18:32 2012 -0500
autoconf: set version to 5.3
...and fix the URL for cifs-utils.
Signed-off-by: Jeff Layton <jlayton at samba.org>
- --
Jeff Layton <jlayton at samba.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (GNU/Linux)
iQIcBAEBAgAGBQJPI/x+AAoJEAAOaEEZVoIVbikQANVxbZnps/gnakDlcQeH4gFX
X1uwpNOnEmEt/a4cJIRKX3huKk6rurdQOKvRw8LM7Ou+OAtFTNlJ7/PhxXp5hYSC
Bjkr8dnfA5aCmOmO0ZV9amImNsi7Tj9/03jrcEImi6YqzX6BIpDlyszJWmi4p6yE
ZLP8Lb1UCUsdseSy0ky27yKdIcDaVc0N3eMNuJVLQXMLzJ4fgV8RsyDXCPb1hoMM
1Gv2Rx2LMd+Bijn7mnYkczkXIzY8O4o2TPzv9dYZh3d3a+tTRjqlrsq2/eG7p0rv
0kvUa94KK6MLzD3KUIGC4k6XaB3/RTliuPUVR8BFtD5SD+xkV8LM9FX7psZmNxfR
jKMuBJIV7YLaFEOtdaOpkOIykRllBDi3+yktJM6lvSoowcYDgM2zpXMwdVSNx3G1
KP9zD+hV4FZ5VCh7QZAPSa73gcGktbpjLjFg16rw3VfuBObZzmABFLz556uvaAv1
161dkNeWOimXQP8XW1uXd0XpTdeVrjEp1PXvppRuFjn7NrNZH1NZkRl86bprw4Ma
6bfJePcMrjXjX2xMDIU6tmErk7TiQguPiVMnFg+gfPJc2D4ZVJDUXBQ62aqw3QJp
ZKh3E8h2ZScihn2Jgy0hjWkV4AyiUD/8uQHAuKe2f861zFC96k93Y1ZSTU7KXrKD
73S3pEGD2qyMLul5RHj5
=Py2E
-----END PGP SIGNATURE-----
More information about the samba-technical
mailing list