ANNOUNCE: cifs-utils release 5.8 is ready for download

Jeff Layton jlayton at samba.org
Sun Nov 11 04:37:00 MST 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Time for another cifs-utils release!

Most of the patches in this release are for cifs.idmap, getcifsacl and
setcifsacl. There were many bugs in those tools, so anyone that's
deploying or using them is highly encouraged to upgrade.

Highlights:

* NFS-style device names are being deprecated in 6.0. Anyone using that
  sort of device name should move to the UNC-style syntax that the manpage
  has always documented.

* Many bugs in cifs.idmap, getcifsacl and setcifsacl have been fixed.
  These tools should also be more efficient now and work correctly on
  big-endian architectures.

webpage:    https://wiki.samba.org/index.php/LinuxCIFS_utils
tarball:    ftp://ftp.samba.org/pub/linux-cifs/cifs-utils/
git:        git://git.samba.org/cifs-utils.git
gitweb:     http://git.samba.org/?p=cifs-utils.git;a=summary

Detailed list of changes since 5.8:

commit 819018e34696b0fb9bf1b386304b5dce39ae0e6d
Author: Jeff Layton <jlayton at samba.org>
Date:   Fri Oct 12 13:28:37 2012 -0400

    autoconf: set release to 5.7.1 for interim builds
    
    Signed-off-by: Jeff Layton <jlayton at samba.org>

commit 679fbebb5a656b4eb1a8988fb0d8697a5f919794
Author: Scott Lovenberg <scott.lovenberg at gmail.com>
Date:   Tue Oct 23 15:37:03 2012 -0400

    mount.cifs: add warning that NFS syntax is deprecated and will be
    removed in cifs-utils-6.0.
    
    [jlayton: Added newline to end of warning]
    Signed-off-by: Scott Lovenberg <scott.lovenberg at gmail.com>

commit 60bca663f94e27436ed1afe1e673a8afa3342e1d
Author: Jeff Layton <jlayton at samba.org>
Date:   Mon Oct 29 15:45:37 2012 -0400

    cifs.idmap: make sure cifsacl structs are packed
    
    The kernel equivalent definitions are defined with
    __attribute__((packed)), and the code seems to assume the userspace and
    kernel ones will be properly aligned. Fix the userspace definitions in a
    similar fashion.
    
    Given the way these structs are, there is probably not any padding
    between fields on most arches, but it's best to be safe here.
    
    Reviewed-by: Shirish Pargaonkar <shirishpargaonkar at gmail.com>
    Signed-off-by: Jeff Layton <jlayton at samba.org>

commit 1a0523fbc469e34560bec0f06ce4622bb7db7b04
Author: Jeff Layton <jlayton at samba.org>
Date:   Mon Oct 29 15:45:37 2012 -0400

    cifs.idmap: get rid of useless strcmp prior to idmapping
    
    The code copies off the key description and then ensures that it's
    prefixed with "cifs.idmap". What's the point of that?
    
    Presumably request-key would never have called this otherwise. There's
    little harm in going ahead and doing the idmapping if this is called
    with the wrong string.
    
    Also, the error handling here is wrong. If the prefix doesn't match
    the code will exit 0 without doing any mapping. Just remove it.
    
    Reviewed-by: Shirish Pargaonkar <shirishpargaonkar at gmail.com>
    Signed-off-by: Jeff Layton <jlayton at samba.org>

commit d9b876bc5b047682854123aed082c1004b995b69
Author: Jeff Layton <jlayton at samba.org>
Date:   Mon Oct 29 15:45:37 2012 -0400

    cifs.idmap: add an options struct to handle long options
    
    ...since the manpage advertises them.
    
    Reviewed-by: Shirish Pargaonkar <shirishpargaonkar at gmail.com>
    Signed-off-by: Jeff Layton <jlayton at samba.org>

commit 035f69a9b5fe3c72df73bbbda2d7e570891f971e
Author: Jeff Layton <jlayton at samba.org>
Date:   Mon Oct 29 15:45:37 2012 -0400

    cifs.idmap: clean up strget and avoid memory allocation
    
    Don't do a strlen() call if strstr() isn't going to match anyway.
    
    There's no need to duplicate the string here. None of the callers modify
    it, so just return a pointer into the original string.
    
    Reviewed-by: Shirish Pargaonkar <shirishpargaonkar at gmail.com>
    Signed-off-by: Jeff Layton <jlayton at samba.org>

commit 803feff6aa66c0bb0f0a703eb2404477889a56d5
Author: Jeff Layton <jlayton at samba.org>
Date:   Mon Oct 29 15:45:37 2012 -0400

    cifs.idmap: don't use atoi to convert unsigned int to number
    
    atoi() is for signed integers, and is deprecated in any case. Use
    strtoul() instead and check the result carefully before using it.
    
    Also add a log message when the string(s) can't be converted and
    fix the signedness of the types in other log messages.
    
    Reviewed-by: Shirish Pargaonkar <shirishpargaonkar at gmail.com>
    Signed-off-by: Jeff Layton <jlayton at samba.org>

commit 0454be8978815b90baae7652b0717d0c0696e295
Author: Jeff Layton <jlayton at samba.org>
Date:   Mon Oct 29 15:45:37 2012 -0400

    cifs.idmap: set a timeout on keys that it instantiates
    
    ...and add a command-line option to allow the admin to tune that value.
    I think this is a better way to handle this instead of trying to set the
    timeouts in kernel space.
    
    Reviewed-by: Shirish Pargaonkar <shirishpargaonkar at gmail.com>
    Signed-off-by: Jeff Layton <jlayton at samba.org>

commit c49a6767051979368eea1087c9724a2c2994bd56
Author: Jeff Layton <jlayton at samba.org>
Date:   Mon Oct 29 15:45:37 2012 -0400

    cifs.idmap: add a --help option for cifs.idmap
    
    To make it print the usage message and exit.
    
    Reviewed-by: Shirish Pargaonkar <shirishpargaonkar at gmail.com>
    Signed-off-by: Jeff Layton <jlayton at samba.org>

commit f0269e2a0efacf5299b123801d9ec49695ed30b6
Author: Jeff Layton <jlayton at samba.org>
Date:   Mon Oct 29 16:04:11 2012 -0400

    setcifsacl: clean up sizing of cifs_sid
    
    The max number of subauthorities on windows and in winbind is generally
    15, not 5. If winbind sends more than 5, then this code may end up
    overrunning the buffer. Also, define some preprocessor constants and
    use those instead of hardcoding '5' and '6' all over the place.
    
    Signed-off-by: Jeff Layton <jlayton at samba.org>

commit c8cd10850eeac03dc21679c19859d5e2fd3d861f
Author: Jeff Layton <jlayton at samba.org>
Date:   Wed Nov 7 10:19:14 2012 -0500

    setcifsacl: fix overrun of subauths array when copying SIDs
    
    copy_sec_desc() copies the owner and group SIDs from one security
    descriptor to another. Unfortunately, it doesn't take into account the
    fact that these are variable length and routinely overruns the SID
    structure when doing this copy and scribbles over the destination ACL.
    
    This wasn't noticed before the change in the maximum number of subauths
    because the code either overwrote the damage afterward, or the overrun
    part was the same between source and destination anyway. Now that the
    max number of subauths is 15, it's more noticable.
    
    Fix it to only copy the number of subauths that claimed in the buffer
    instead.
    
    Signed-off-by: Jeff Layton <jlayton at samba.org>

commit 30fabc23eb74ec9de69fb0f0331815970aa9bf12
Author: Jeff Layton <jlayton at samba.org>
Date:   Wed Nov 7 10:19:15 2012 -0500

    setcifsacl: clean up get_numfaces
    
    pntsd is never NULL here, and get rid of extra "else" that adds some
    unneeded indentation.
    
    Signed-off-by: Jeff Layton <jlayton at samba.org>

commit 1b2b1ab1084b1fbae324c8461a515b6851167e06
Author: Jeff Layton <jlayton at samba.org>
Date:   Wed Nov 7 10:19:15 2012 -0500

    get/setcifsacl: set "prog" via basename(argv[0])
    
    This saves a tiny bit of memory, and doesn't make the program assume
    that the binary is named something in particular.
    
    Signed-off-by: Jeff Layton <jlayton at samba.org>

commit b578467bf04f0290ab3bcaa82ef007d9f39f186b
Author: Jeff Layton <jlayton at samba.org>
Date:   Wed Nov 7 10:19:15 2012 -0500

    setcifsacl: declare an enum for the action values
    
    ...instead of relying on magic values of an int.
    
    Signed-off-by: Jeff Layton <jlayton at samba.org>

commit 7b3796695ec4b2afe2feb05678be8f8a6b64044c
Author: Jeff Layton <jlayton at samba.org>
Date:   Wed Nov 7 10:19:15 2012 -0500

    setcifsacl: fix up getopt() usage
    
    '?' has a special meaning in getopt(). It means that the option
    character was not recognized. You can override that behavior by making
    ':' the first character of the optstring, but that wasn't done here. I'm
    not sure what the effect of having '?' in the actual optstring is in
    this case, but it's probably best not to put it in there.
    
    Remove '?' from the optstring and replace it 'h'. Also add '-h' as a
    valid option to the manpage.
    
    '-v' doesn't require an argument, so fix the optstring to reflect that.
    
    Finally declare a new variable to hold optarg. Currently we only call
    getopt() once, which is a little odd. Eventually we may want to make it
    call it more than once, in which case we'll need some way to store the
    optarg on each pass.
    
    Signed-off-by: Jeff Layton <jlayton at samba.org>

commit 49d24798aec743f7acee76d7c9953cd2501f78d8
Author: Jeff Layton <jlayton at samba.org>
Date:   Wed Nov 7 10:19:16 2012 -0500

    cifsacl: header file cleanup
    
    Remove the unused ace_action enum, and express mask values by or'ing
    what they represent. Add a comment about the endianness of these values
    in the packed structs too.
    
    Signed-off-by: Jeff Layton <jlayton at samba.org>

commit 78a2a8b9c6b5ce040122f87e6000636ca8574544
Author: Jeff Layton <jlayton at samba.org>
Date:   Wed Nov 7 10:19:16 2012 -0500

    setcifsacl: fix endianness on SIDs provided by winbind routines
    
    Winbind keeps SID fields in host-endian format, but setcifsacl doesn't
    currently account for that. Make sure that when we get a valid SID
    from wbc that we convert the subauth fields to little-endian, which
    the server will expect. The other fields are single bytes and don't
    need conversion.
    
    Signed-off-by: Jeff Layton <jlayton at samba.org>

commit 47400ee5dcdda7e7b77b536f4befb5c04c1c5144
Author: Jeff Layton <jlayton at samba.org>
Date:   Wed Nov 7 10:19:16 2012 -0500

    cifs.idmap: fix endianness on SIDs before sending to kernel
    
    Winbind keeps wbcDomainSids in host-endian format. They must be
    converted to little-endian before we can ship them off to the
    kernel.
    
    Signed-off-by: Jeff Layton <jlayton at samba.org>

commit b07c3d72ff27e1818e3c1a38466d027d04a54e04
Author: Jeff Layton <jlayton at samba.org>
Date:   Wed Nov 7 10:19:16 2012 -0500

    setcifsacl: fix up endianness conversions
    
    Don't use htole32 when you really want le32toh. Also, when copying or
    comparing ACEs, it's incorrect to convert the endianness of these
    fields. Let's just keep things simple and declare that multibyte fields
    in all of these structs are always kept in little-endian.
    
    Signed-off-by: Jeff Layton <jlayton at samba.org>

commit 6575515e37363b0db04ed13e7d627ef1a7c36ede
Author: Jeff Layton <jlayton at samba.org>
Date:   Wed Nov 7 10:19:17 2012 -0500

    setcifsacl: clean up get_numcaces
    
    No need to walk the string twice or to hand-roll our own version of
    strchr(). Also, move the check for no argument out into main().
    
    Signed-off-by: Jeff Layton <jlayton at samba.org>

commit e2bfd38719c05c2d04579adda5f089755c79eba0
Author: Jeff Layton <jlayton at samba.org>
Date:   Wed Nov 7 10:19:17 2012 -0500

    setcifsacl: clean up parse_cmdline_aces
    
    One of the reasons to use "goto" in an error condition is to eliminate
    unnecessary indentation. Fix that here by revering some error checks
    end getting rid of some unneeded "else" cases.
    
    After using strstr() to find "ACL:", there's no need to then use
    strchr() to find ':'. We know where it is -- it's 3 bytes past the
    current position.
    
    Finally, there's no need to copy these strings into new buffers,
    just set the pointers in the array to their original values.
    
    Signed-off-by: Jeff Layton <jlayton at samba.org>

commit 5ba83a1f28d8feb0110a129fa24b8749016f2be7
Author: Jeff Layton <jlayton at samba.org>
Date:   Wed Nov 7 10:19:17 2012 -0500

    setcifsacl: fix verify_ace_sid
    
    The current method of trying to convert a name to a password struct and
    then back to a SID is just weird. It also doesn't seem to work correctly.
    
    Instead, look for a '\\' in the string. If there isn't one then try to
    convert it directly to a SID.
    
    If there is a '\\' or the direct-to-SID conversion didn't work, then
    use wbcLookupName to do the conversion directly to a SID instead.
    
    Also, fix the error handling. These routines return a wbcErr, so we
    should use their macros to check whether it worked or not.
    
    Signed-off-by: Jeff Layton <jlayton at samba.org>

commit 034a4baa9f3d496a19dbe3eb46d51cf8ef3adffd
Author: Jeff Layton <jlayton at samba.org>
Date:   Wed Nov 7 10:19:17 2012 -0500

    getcifsacl: clarify magic number if print_ace
    
    Signed-off-by: Jeff Layton <jlayton at samba.org>

commit cc3417e69ca39a8b7eaf0df5ba848d0d4822924e
Author: Jeff Layton <jlayton at samba.org>
Date:   Wed Nov 7 10:19:18 2012 -0500

    getcifsacl: fix endianness before handing off SID to winbind
    
    winbind expects SIDs to be expressed in host-endian. Convert them
    from little-endian before asking winbind to convert them to names.
    
    Also use the WBC_ERROR_IS_OK() macro to check the return code.
    
    Signed-off-by: Jeff Layton <jlayton at samba.org>

commit 067a0c8c63c8e5e4e7e70a95009d25a9d089b5dd
Author: Jeff Layton <jlayton at samba.org>
Date:   Wed Nov 7 10:19:18 2012 -0500

    getcifsacl: don't use wbcDomainSid internally
    
    Use our own cifs_sid instead and cast it to a wbcDomainSid before
    handing it off to winbind.
    
    Signed-off-by: Jeff Layton <jlayton at samba.org>

commit 4fae92dc32fb5e04fdb0533140997797614a9ed5
Author: Jeff Layton <jlayton at samba.org>
Date:   Wed Nov 7 10:19:18 2012 -0500

    getcifsacl: fix raw SID printing routine
    
    The current routine prints multiple authority values as different
    numbers instead of combining them, which is wrong.
    
    Print the SID according to the rules in MS-DTYP.
    
    Signed-off-by: Jeff Layton <jlayton at samba.org>

commit 786725279edf0a3ab684e68743e56c1412d95c59
Author: Jeff Layton <jlayton at samba.org>
Date:   Wed Nov 7 10:19:18 2012 -0500

    setcifsacl: consolidate SID copying routines
    
    ...instead of open-coding it thrice.
    
    Signed-off-by: Jeff Layton <jlayton at samba.org>

commit 486eae46e07f792e83fb9c83df61834b5d7e0077
Author: Jeff Layton <jlayton at samba.org>
Date:   Wed Nov 7 10:19:19 2012 -0500

    setcifsacl: fix some bugs in build_fetched_aces
    
    Pavel Raiskup reported the following defects that he found with Coverity:
    
    "If the variable 'facesptr' on line cifs-utils-4.8.1/setcifsacl.c|365|
    has not enough memory to be allocated, program 'setcifsacl' will fail
    with segfault on line 365 (dereferencing facesptr)."
    
    "you may return freed pointer here. There is some kind of return code
    ('rc') which should be transferred to >NULL< when is rc nonzero (and
    returned)"
    
    There are also a couple of other bugs here:
    
    malloc doesn't necessarily set errno to anything when an allocation
    fails, so having the error handling rely on that is wrong.
    
    Fix all of these bugs by reorganzing this function to fix up the error
    handling.
    
    Reported-by: Pavel Raiskup <praiskup at redhat.com>
    Signed-off-by: Jeff Layton <jlayton at samba.org>

commit aa7cbf3ebc5df89b592815623459dabf6a21f5eb
Author: Jeff Layton <jlayton at samba.org>
Date:   Wed Nov 7 10:19:19 2012 -0500

    setcifsacl: fix some bugs in build_cmdline_aces
    
    Pavel Raiskup found the following defect in setcifsacl with Coverity:
    
    "segfault may occur also in cifs-utils-4.8.1/setcifsacl.c|644| because
    of casesptr dereferencing.  When you look e.g. at the line 605, in this
    time any part of 'caseptr' may be yet uninitialized and program is going
    through 'goto' to freeing -> and there you are freeing the 'caseptr[i]'
    address."
    
    The analysis there seems a little off, but is basically correct. The
    freeing loop counts down from the current value of i to free the
    secondary allocations here.
    
    There is one situation though where this could go badly. If the strtok
    parsing near the beginning of the loop fails, then we could end up
    trying to free an uninitialized pointer.
    
    Fix this by changing the cacesptr allocation to use calloc(), and stop
    trying to be clever with the freeing loop. Just have it walk the
    entire array and attempt to free each slot.
    
    Reported-by: Pavel Raiskup <praiskup at redhat.com>
    Signed-off-by: Jeff Layton <jlayton at samba.org>

commit 3a41103dfea64856c8317099496716a7f9010769
Author: Jeff Layton <jlayton at samba.org>
Date:   Wed Nov 7 10:19:19 2012 -0500

    getcifsacl: fix endianness bug in getcifsacl and add better bounds checks
    
    getcifsacl must convert the access_req field from little endian. Also,
    we should ensure that the "size" field in the ACE is reachable before
    trying to access it.
    
    Signed-off-by: Jeff Layton <jlayton at samba.org>

commit 6a091a5aa6fd9de3e2ea700896e1949a5623b1c6
Author: Jeff Layton <jlayton at samba.org>
Date:   Wed Nov 7 10:19:19 2012 -0500

    setcifsacl: fix up ACE mask handling
    
    Change verify_ace_mask to just attempt to convert the argument to an
    unsigned long first. If that fails, then try to treat it as a symbolic
    mask string.
    
    Also, clean up ace_mask_value. There's no need to walk the string
    twice. Walk it once and turn the single-char mask checks into a switch
    statement instead of if/else clauses.
    
    Finally, fix the endianness of the resulting value. It must be in LE.
    
    Signed-off-by: Jeff Layton <jlayton at samba.org>

commit c74be6c4f2d75008772ce5f4224d36e2556d31ac
Author: Jeff Layton <jlayton at samba.org>
Date:   Wed Nov 7 10:19:20 2012 -0500

    setcifsacl: fix endianness of ->size in build_cmdline_aces
    
    The size must also be kept in little-endian.
    
    Signed-off-by: Jeff Layton <jlayton at samba.org>

commit 3759dfa1f6c4990d7dd017eeb341965673382b07
Author: Jeff Layton <jlayton at samba.org>
Date:   Wed Nov 7 10:19:20 2012 -0500

    setcifsacl: fix some build warnings
    
    Signed-off-by: Jeff Layton <jlayton at samba.org>

commit 3ff520f4380b8826d9eeda71da87e4e4548c4f4a
Author: Jeff Layton <jlayton at samba.org>
Date:   Wed Nov 7 10:19:20 2012 -0500

    cifs.idmap: fix up some compile-time warnings
    
    Get rid of some unused variables, and fix a strict-aliasing problem by
    copying the SID data to a new place instead of converting the
    endianness in-place.
    
    Signed-off-by: Jeff Layton <jlayton at samba.org>

commit fd3d58c4e78098700a03551c7e7d2f2b63777502
Author: Jeff Layton <jlayton at samba.org>
Date:   Wed Nov 7 10:20:46 2012 -0500

    getcifsacl: fix up printing of REVISION: and CONTROL: fields
    
    They need endianness conversion too...
    
    Signed-off-by: Jeff Layton <jlayton at samba.org>

commit feab5b327c5fea393d626f0ae3c33810fdafe518
Author: Jeff Layton <jlayton at samba.org>
Date:   Fri Nov 9 06:08:38 2012 -0500

    mount.cifs: fix argument count check
    
    The argv < 3 check could return true if you pass in some option flags.
    If you don't provide any further arguments then you might just walk
    off the end of the argv array. The values past the end aren't
    guaranteed to be NULL in that case.
    
    Fix the check to just look at whether there are 2 more arguments after
    the getopt processing is done.
    
    Signed-off-by: Jeff Layton <jlayton at samba.org>

commit ec80b4feeb2a86b3661e9c710b942196492a9af4
Author: Jeff Layton <jlayton at samba.org>
Date:   Fri Nov 9 06:33:48 2012 -0500

    getcifsacl: don't freely cast between wbcDomainSid and cifs_sid
    
    While they are very similar, the cifs_sid is "packed" and the
    wbcDomainSid isn't. There are also aliasing problems with gcc in
    some cases. Instead of trying to cast and fix endianness in place,
    make a separate copy instead.
    
    Signed-off-by: Jeff Layton <jlayton at samba.org>

commit ea0441d56862538b6c72ebbe085f98d9da8e14ea
Author: Jeff Layton <jlayton at samba.org>
Date:   Fri Nov 9 06:40:14 2012 -0500

    setcifsacl: don't freely cast between wbcDomainSid and cifs_sid
    
    Since they are not necessarily aligned the same and potentially store
    their fields with different endianness. Copy from the wbcDomainSid
    to the cifs_sid as appropriate.
    
    Also rename the same function in cifs.idmap.c for consistency.
    
    Signed-off-by: Jeff Layton <jlayton at samba.org>

commit 60df9bbd90fc43e388ae42d6ed73415b45e43227
Author: Jeff Layton <jlayton at samba.org>
Date:   Fri Nov 9 07:49:43 2012 -0500

    setcifsacl: fix format specifier in error message
    
    setcifsacl.c:833: warning: format '%ld' expects type 'long int', but
    argument 3 has type 'ssize_t'
    
    Signed-off-by: Jeff Layton <jlayton at samba.org>

commit 62b6e9429c6190a4e31dfe6a028ca9b2689d3f07
Author: Jeff Layton <jlayton at samba.org>
Date:   Sun Nov 11 06:09:23 2012 -0500

    autoconf: set version to 5.8
    
    Signed-off-by: Jeff Layton <jlayton at samba.org>

- -- 
Jeff Layton <jlayton at samba.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)

iQIcBAEBAgAGBQJQn43cAAoJEAAOaEEZVoIVG7cQAKdnGCsrq1IhcttK7xycNjLg
T/7Igyx8Rsus3pi2GLHedWXOH3BWUPYgFct0skl0aG8DBWFn6FhddpB0/PE2Mxpv
HX2xE3R7P7o0HgicLRUq9ZXf6ZDxd3cQz1xHAeQs5Spyr+3j0SdIxrec3vCM7hmo
KeAJFg7LLHjt52TNt5AUZdWNiGeM61vaSqqFpsdRFWhmtcNgOZiKh653f5Zoaslx
ClABZVQ16ln+B8e/3Tei4mcCwlF6MRSixhJwB5vjLd13JUITxN3YZVgtHSTso5lc
shHjW8ULNGrhj/9DNkJaDtFJuHG3hDtLax7BHABei4qvs3A1fpb/fH+FobhYWI4Y
0aHW3xJpcm2Ot6PySJiQa4IFLY0jZ1KlLnntJd/hXc8f7bWVOCkg98FcOuINmxCL
lJpfoqbWM+jdzm9Cpg018XEN3BJBl//jFP9rdikXFIut/vvXuVgp9T718ynT/U2H
sjTdhSRj908F+PAsDxLva7YRg9ec6ooOBmezqhYFyYVlgPCf5yhE8yaQcKMW9nE5
mBOqA+b5JTv5Xk9dFaV+4I3D1B6kfjW9/FGJWd9ZOLcXA0FRW812GxEH7ImKRsfx
Dsma8SVxWXDIPq7Qp+slerSvZvP+d0kZeq9l3GkWujP+TkXuW9KF9ZmnTIvBjVtk
GCDAHWN4Pn2bFS4yek7t
=B3ES
-----END PGP SIGNATURE-----


More information about the samba-technical mailing list