[Samba] cifs-utils release 6.7 ready for download
Jeff Layton
jlayton at samba.org
Thu Mar 2 18:44:57 UTC 2017
The main change in this release is to address some regressions that
crept in when we switched to a scheme that does not rely on walking /tmp
to look for credcaches.
We now will use the information from the kernel about the initiating
pid, reach into that task's environment and scrape out the $KRB5CCNAME
variable. This can be problematic in setuid situations, so we avoid
doing that for the root user. It's not a perfect scheme but it's
certainly better than what was there before.
There are also some mount.cifs cleanups and fixes from Germano Percossi.
webpage: https://wiki.samba.org/index.php/LinuxCIFS_utils
tarball: ftp://ftp.samba.org/pub/linux-cifs/cifs-utils/
git: git://git.samba.org/cifs-utils.git
gitweb: http://git.samba.org/?p=cifs-utils.git;a=summary
Detailed list of changes since 6.6 was released:
commit c4e51e4dcbd3169638fa3fb13df61fa1fee525a8
Author: Jeff Layton <jlayton at samba.org>
Date: Sun Nov 27 06:28:29 2016 -0500
cifs-utils: bump version to 6.6.1 for pre-release builds
Signed-off-by: Jeff Layton <jlayton at samba.org>
commit 76da9405575d484b33eb4e56466366c8dbe87046
Author: Germano Percossi <germano.percossi at citrix.com>
Date: Fri Nov 18 18:54:49 2016 +0000
mount.cifs: Removed extra comma in front of domain
Signed-off-by: Germano Percossi <germano.percossi at citrix.com>
commit 57e4e22de7ea79f56471e7eb8cec9db926087f8d
Author: Germano Percossi <germano.percossi at citrix.com>
Date: Fri Nov 18 18:54:50 2016 +0000
mount.cifs: Accept empty domains on the command line
If we do not allow empty domains on the command line we are preventing
the kernel module from taking different actions if the domain has not
been specified at all or just passed empty.
In fact, with this fix the cifs module behaves differently once an empty
domain is passed: the find_domain_name function is not invoked when an
empty domain is passed.
It is possible to pass both 'domain=' or 'domain=""' even though the
kernel module will accept the former only when associated with the
sloppy option.
Signed-off-by: Germano Percossi <germano.percossi at citrix.com>
commit a1f3acd40b265f134a97a739a6898b3958d206b9
Author: Germano Percossi <germano.percossi at citrix.com>
Date: Fri Nov 18 18:54:51 2016 +0000
mount.cifs: Fixed command line parsing and aligned with kernel
The way token matching was done was consuming the parameters namespace
quickly. For example, anything starting with "dom" was interpreted with
domain, while it could have been a completely different word. The same
is true even for "ro".
Moreover, many perfectly valid options like "addr" where not accepted.
The cifs kernel module is very strict when it comes to names: 'dom' and
'domain' are valid while 'domai' is not, so the userspace tool needs to
comply otherwise it becomes very difficult to come up with new names for
options.
Now, checking is strict and as close as possible to kernel. When it is
not, it is just to avoid breaking compatibility with some users.
However, workg has been removed because it is too lazy and undocumented.
The only variable left without strict checking is 'x-' because the
intent is to ignore anything starting in that way
Signed-off-by: Germano Percossi <germano.percossi at citrix.com>
commit 743301da5bf502197beb1f91f98e11eea9070e4e
Author: Germano Percossi <germano.percossi at citrix.com>
Date: Fri Nov 18 18:54:52 2016 +0000
mount.cifs: Remove unneeded stdbool header include
Signed-off-by: Germano Percossi <germano.percossi at citrix.com>
commit d73a52e50d43f07638f34cb860e9824a932508b8
Author: Sachin Prabhu <sprabhu at redhat.com>
Date: Wed Jan 4 07:45:17 2017 -0500
manpage: document mfsymlinks in the mount.cifs man page
Information from the cifs README in the kernel sources is used.
Signed-off-by: Sachin Prabhu <sprabhu at redhat.com>
commit fb7693c50e99f2153500bb3590602993016051b4
Author: Jeff Layton <jlayton at samba.org>
Date: Sun Feb 12 09:36:12 2017 -0500
cifs.upcall: convert two flags from int to bool
Signed-off-by: Jeff Layton <jlayton at samba.org>
commit a6662edb12b267e12bd67424e485ca081a97beb3
Author: Jeff Layton <jlayton at samba.org>
Date: Mon Feb 13 08:33:02 2017 -0500
cifs.upcall: switch group IDs when handling an upcall
Currently, we leave the group ID alone, but in a later patch we'll be
changing cifs.upcall to scrape $KRB5CCNAME out of the originating
process. At that point, we want to be a little more careful with the
process credentials we'll be using.
After we get the uid, do a getpwuid and grab the default gid for the
user. Then use setgid to set it before calling setuid.
Signed-off-by: Jeff Layton <jlayton at samba.org>
commit 109c189bf4720b0d7ed43113e1e26c89c8b15ada
Author: Jeff Layton <jlayton at samba.org>
Date: Wed Feb 15 10:00:45 2017 -0500
cifs.upcall: drop capabilities early in program
Much of cifs.upcall can and should be run without elevated privileges.
On entry into the program, drop as many capabilities as we can get away
with, and then always drop any remaining caps after calling setuid().
Signed-off-by: Jeff Layton <jlayton at samba.org>
commit ed97e4ecab4e9a103c46232785fb76b3f07d0637
Author: Jeff Layton <jlayton at samba.org>
Date: Sat Feb 11 08:38:46 2017 -0500
cifs.upcall: allow scraping of KRB5CCNAME out of initiating task's /proc/<pid>/environ file
Chad reported that he was seeing a regression in cifs-utils-6.6. Prior
to that, cifs.upcall was able to find credcaches in non-default FILE:
locations, but with the rework of that code, that ability was lost.
Unfortunately, the krb5 library design doesn't really take into account
the fact that we might need to find a credcache in a process that isn't
descended from the session.
When the kernel does an upcall, it passes several bits of info about the
task that initiated the upcall. One of those things is the PID (the
tgid, in particular). We can use that info to reach into the
/proc/<pid>/environ file for the process, and grab whatever value of
$KRB5CCNAME is there.
Then, after switching credentials, set $KRB5CCNAME in the environment
to the same value before opening the credcache, to hint to the krb5
libs where they ought to look.
This new behavior is on by default, but can be disabled by having
request-key pass a '-E' flag to cifs.upcall.
Reported-by: Chad William Seys <cwseys at physics.wisc.edu>
Signed-off-by: Jeff Layton <jlayton at samba.org>
commit ec3874fdc669901f4a9e8a90a856f999cd627a3f
Author: Jeff Layton <jlayton at samba.org>
Date: Thu Feb 16 09:55:45 2017 -0500
cifs.upcall: trim even more capabilities
We really only need CAP_DAC_READ_SEARCH, not CAP_DAC_OVERRIDE, and
only when we are going to probe the environ file.
Also, fix the non-libcap-ng trim_capabilities prototype.
Reviewed-by: Simo Sorce <simo at redhat.com>
Signed-off-by: Jeff Layton <jlayton at samba.org>
commit 912cbe49114392bd7c375c4c37698d406eb0660e
Author: Jeff Layton <jlayton at samba.org>
Date: Thu Feb 23 18:49:59 2017 -0500
data_blob: remove need for replace.h
We only need ZERO_STRUCT there.
Signed-off-by: Jeff Layton <jlayton at samba.org>
commit ebdd0a9d9745f19a13415a65914dcc9993f28e96
Author: Jeff Layton <jlayton at samba.org>
Date: Thu Feb 23 20:56:27 2017 -0500
spengo.c/asn1.c: remove need for replace.h
Just need stdbool.h instead.
Signed-off-by: Jeff Layton <jlayton at samba.org>
commit 4849f9fc118bf074ce5efea94fa0c4727a430863
Author: Jeff Layton <jlayton at samba.org>
Date: Thu Feb 23 18:58:17 2017 -0500
cifs.upcall: remove need for replace.h
Take just what we need from replace.h and move it to cifs.upcall.c.
Signed-off-by: Jeff Layton <jlayton at samba.org>
commit 2333c502f81c66e186123e1b739a056fb049d5e4
Author: Jeff Layton <jlayton at samba.org>
Date: Thu Feb 23 19:21:56 2017 -0500
replace.h: remove it
Nothing uses it now.
Signed-off-by: Jeff Layton <jlayton at samba.org>
commit 4850d321c3ec8f1b31b162fe8a316a7638c12b94
Author: Jeff Layton <jlayton at samba.org>
Date: Thu Feb 23 19:09:12 2017 -0500
treewide: Eliminate SAFE_FREE
It just frees and then zeroes out the pointer. That's of dubious
value in the places where it's currently being used. Just use
free() instead.
Signed-off-by: Jeff Layton <jlayton at samba.org>
commit 891d7806ac153e7d99b324ed9a33ff92699a92c6
Author: Jeff Layton <jlayton at samba.org>
Date: Thu Feb 23 19:14:07 2017 -0500
data_blob: Eliminate _PUBLIC_
It's defined to nothing anyway.
Signed-off-by: Jeff Layton <jlayton at samba.org>
commit 2dcecd21262513a0866c321643fc33d3d0135915
Author: Jeff Layton <jlayton at samba.org>
Date: Thu Feb 23 18:28:24 2017 -0500
cifs.upcall: unset $KRB5CCNAME when creating new credcache from keytab
We don't want to trust $KRB5CCNAME when creating or updating a new
credcache since we could be operating under the wrong credentials.
Always create new credcaches in the default location instead.
Reported-by: Chad William Seys <cwseys at physics.wisc.edu>
Signed-off-by: Jeff Layton <jlayton at samba.org>
commit 9eaa21ed37126d1bfcb998b4c8f6115ac77e9b5f
Author: Jeff Layton <jlayton at samba.org>
Date: Thu Feb 23 16:50:43 2017 -0500
cifs.upcall: don't do env scraping when uid is 0
Setuid programs triggering upcalls could trick the program here. Also,
the d_automount method is done with credentials overridden so if you
can end up with mismatched creds and env vars due to that as well.
It's a hack, but the only recourse I can see is to avoid doing this
when the uid is 0. That means we can't rely on finding root credcaches
in alternate locations using $KRB5CCNAME, but I think that's the best
we can do.
Reported-and-Tested-by: Chad William Seys <cwseys at physics.wisc.edu>
Signed-off-by: Jeff Layton <jlayton at samba.org>
commit 69949ba0086ac7a4f07ade7558fbe5c537220ebb
Author: Jeff Layton <jlayton at samba.org>
Date: Fri Feb 24 10:48:57 2017 -0500
cifs.upcall: use a MEMORY: ccache when instantiating from a keytab
Using a more permanent ccache is potentially problematic when we're
instantiating a new one. We might be operating under different creds
than expected. Just use a MEMORY: ccache since we don't need it to
last longer than the life of the upcall anyway.
Reported-and-Tested-by: Chad William Seys <cwseys at physics.wisc.edu>
Signed-off-by: Jeff Layton <jlayton at samba.org>
commit 8101a07871f185c7044fa2ca221b282ab4607c8b
Author: Jeff Layton <jlayton at samba.org>
Date: Thu Mar 2 11:51:05 2017 -0500
cifs-utils: bump version to 6.7
Signed-off-by: Jeff Layton <jlayton at samba.org>
--
Jeff Layton <jlayton at samba.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 847 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba/attachments/20170302/29e00f1c/signature.sig>
More information about the samba
mailing list