samba - Jan 2012 - ANNOUNCE: cifs-utils release 5.3 is ready for download

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

With the overhaul of the cifscreds utility, I figured this would be a
good time to do a new release.

Highlights:

* admins can now tell cifs.upcall to use an alternate krb5.conf file

* on remount, mount.cifs no longer adds a duplicate mtab entry

* the cifscreds utility has seen a major overhaul to allow for
  multiuser mounts without krb5 auth 

webpage:    https://wiki.samba.org/index.php/LinuxCIFS_utils
tarball:    ftp://ftp.samba.org/pub/linux-cifs/cifs-utils/
git:        git://git.samba.org/cifs-utils.git
gitweb:     http://git.samba.org/?p=cifs-utils.git;a=summary

Detailed list of changes since 5.1:

commit c3fff275e873fd9b9639124e993dd4ad737614db
Author: Jeff Layton <jlayton at samba.org>
Date:   Fri Dec 9 21:36:00 2011 -0500

    autoconf: bump release to 5.2.1 for interim builds
    
    Signed-off-by: Jeff Layton <jlayton at samba.org>

commit 2a9738cefaf8a9496ff0683e18357b3548da0b28
Author: Jeff Layton <jlayton at samba.org>
Date:   Sat Dec 10 06:49:33 2011 -0500

    contrib: add a set of sample /etc/request-key.d files
    
    Add a contrib directory, a set of sample /etc/request-key.d files and
    a README that explains what they're for. This version sets the path
    to the upcall programs based on the configure options.
    
    Signed-off-by: Jeff Layton <jlayton at samba.org>

commit cee919c2f3fb7b96518b800680664a15a6551d93
Author: Jeff Layton <jlayton at samba.org>
Date:   Tue Jan 10 18:30:56 2012 -0500

    get/setcifsacl: don't link in -lkeyutils
    
    These binaries don't use keys API at all. There's no need to link in
    the keys library.
    
    Reported-by: Fr?d?ric L. W. Meunier  <fredlwm at fredlwm.net>
    Signed-off-by: Jeff Layton <jlayton at samba.org>
    Acked-by: Shirish Pargaonkar <shirishpargaonkar at gmail.com>

commit 80682b216fed9ea52e1498890eb248567aba2a06
Author: Jeff Layton <jlayton at samba.org>
Date:   Tue Jan 10 18:34:43 2012 -0500

    cifs.upcall: allow admins to specify an alternate krb5.conf file
    
    This was actually requested by the Red Hat QA group, who sometimes work
    with multiple krb5.conf files when testing.
    
    Requested-by: Marko Myllynen <myllynen at redhat.com>
    Signed-off-by: Jeff Layton <jlayton at samba.org>

commit f46dd7661cfb87257c95081fc2071c934bfbbb16
Author: Carlos Maiolino <cmaiolino at redhat.com>
Date:   Mon Jan 16 12:29:49 2012 -0500

    mount.cifs: Properly update mtab during remount
    
    During a remount of a cifs filesystem, the mtab file is not properly
    updated, which leads to a doubled entry of the same filesystem in the
    /etc/mtab file.  This patch adds a new function del_mtab() which is
    called before the add_mtab() in case the fs is being remounted.
    
    The del_mtab() function will delete from the mtab, the old entry from
    the filesystem which is being remounted, and then, calls add_mtab() to
    add an updated entry to the mtab file.
    
    Signed-off-by: Carlos Maiolino <cmaiolino at redhat.com>

commit 92be8b6775958814d39fb19247ff85947a2e4f9e
Author: Jeff Layton <jlayton at samba.org>
Date:   Mon Jan 16 13:22:28 2012 -0500

    mount.cifs: handle errors from rename() in del_mtab
    
    The new del_mtab code ignored errors from rename(). Make it handle that
    error as well like it does other errors.
    
    Cc: Carlos Maiolino <cmaiolino at redhat.com>
    Signed-off-by: Jeff Layton <jlayton at samba.org>

commit 9da16c91477293e7b367127b0bdec92d9613440f
Author: Jeff Layton <jlayton at samba.org>
Date:   Tue Jan 17 14:43:23 2012 -0500

    util: move getusername to util.c
    
    Signed-off-by: Jeff Layton <jlayton at samba.org>

commit 0c84231d1a735c10cad94b47a4a5e5eb560d1cdb
Author: Jeff Layton <jlayton at samba.org>
Date:   Tue Jan 17 14:43:23 2012 -0500

    cifscreds: add unused attribute to argv parm in cifscreds_clearall
    
    ...to eliminate this warning:
    
    cifscreds.c: In function ?cifscreds_clearall?:
    cifscreds.c:422:47: warning: unused parameter ?argv?
    
    Signed-off-by: Jeff Layton <jlayton at samba.org>

commit 57881972fa03c3624ea06f3245e1ba6c84cc2d68
Author: Jeff Layton <jlayton at samba.org>
Date:   Tue Jan 17 14:43:23 2012 -0500

    cifscreds: eliminate domain parm from most functions
    
    Eventually we'll add this back in a different way. The domain and
    address should be exclusive of one another. IOW, we want the kernel to
    be able to find credentials for a specific address or for the domain of
    which the server is a member.
    
    Signed-off-by: Jeff Layton <jlayton at samba.org>

commit d8b906abc655726079aaff753b3dfa7517b19067
Author: Jeff Layton <jlayton at samba.org>
Date:   Tue Jan 17 14:43:24 2012 -0500

    cifscreds: remove user parameter from create_description
    
    The username should be part of the key payload and not part of
    the description. Also, prefix the address with an "a:" in the
    description. Eventually we'll also need a "domain" key
variant.
    
    Signed-off-by: Jeff Layton <jlayton at samba.org>

commit 1578af7afadf0c9cb132ea9224c877dced1f0114
Author: Jeff Layton <jlayton at samba.org>
Date:   Tue Jan 17 14:43:24 2012 -0500

    cifscreds: make username part of value instead of description
    
    Change the payload to be "username:password". Since usernames
can't
    contain ':', this is suitable delimiter. Also, create_description
    is just a sprintf now, so eliminate it.
    
    Signed-off-by: Jeff Layton <jlayton at samba.org>

commit c00f56c895b184a5380412f047b4251f88d0f0b8
Author: Jeff Layton <jlayton at samba.org>
Date:   Tue Jan 17 14:43:24 2012 -0500

    cifscreds: make usage use "return" and have callers return
    
    ...banish the use of exit(), which may be helpful in the future in
    the event that we eventually move some of this code into a library.
    
    Signed-off-by: Jeff Layton <jlayton at samba.org>

commit 5a0b558819b255605fb4f679162bc8ffaee870c2
Author: Jeff Layton <jlayton at samba.org>
Date:   Tue Jan 17 14:43:24 2012 -0500

    cifscreds: move option parsing into main()
    
    Having to parse options in every command routine is cumbersome and
    restrictive. Declare a struct to hold arguments, and then have the
    functions take that struct as an argument.
    
    Signed-off-by: Jeff Layton <jlayton at samba.org>

commit 299ba2fc82d5e7716ef7490259de97c274a3a7af
Author: Jeff Layton <jlayton at samba.org>
Date:   Tue Jan 17 14:43:24 2012 -0500

    cifscreds: make username parameter optional
    
    ...and use getopt_long to get it. If someone doesn't specify the
username,
    use getusername() to get it.
    
    Signed-off-by: Jeff Layton <jlayton at samba.org>

commit b6e577b152b6c9d12710244d9d778219d8c8ad89
Author: Jeff Layton <jlayton at samba.org>
Date:   Tue Jan 17 14:43:24 2012 -0500

    cifscreds: add --domain flag
    
    ...to indicate that the first argument is not a hostname but an
    NT domain name. If it's set, then treat the argument as a
    string literal.
    
    Signed-off-by: Jeff Layton <jlayton at samba.org>

commit 9758d87315a800e238b7011b7879dcfb9b1339d3
Author: Jeff Layton <jlayton at samba.org>
Date:   Tue Jan 17 14:43:24 2012 -0500

    cifscreds: loosen allowed characters in domain names
    
    As Donald points out, NetBIOS domains are allowed more characters than
    the code currently allows. Change the test to one that checks for
    disallowed characters instead.
    
    Also, I can't find anything that says that '@' is not allowed in
a
    username. Might as well allow that too. Worst case, the server will
    reject the username.
    
    Reported-by: Donald R. Gray Jr <donald.r.gray at gmail.com>
    Signed-off-by: Jeff Layton <jlayton at samba.org>

commit 4fee11f2e35b08e4184c2f4615074ad0b187b84a
Author: Jeff Layton <jlayton at samba.org>
Date:   Tue Jan 17 14:43:24 2012 -0500

    cifscreds: use the session keyring
    
    This seems like a reasonable change, but I'm willing to listen to
    arguments to the contrary...
    
    cifscreds currently hangs the keys off of the uid keyring. It seems
    more appropriate though that we require that each session have its
    own set. This might be particularly important in a containerized
    situation. If a user authenticates in one container, then we probably
    don't want to allow a user in another to "borrow" those creds.
    
    Signed-off-by: Jeff Layton <jlayton at samba.org>

commit 32238d0e8e0994b0614d31f6922c7bfa56ac74bc
Author: Jeff Layton <jlayton at samba.org>
Date:   Tue Jan 17 16:35:50 2012 -0500

    cifscreds: make cifscreds use the "logon" key_type
    
    ...and have it loosen the permissions to allow searching. There seems
    to be no clear way to make user keys unreadable, but still allow for
    them to be searched, so we'll need a new key_type that doesn't allow
    you to read the payload from userspace. That will be proposed in a
    separate kernel patch.
    
    Signed-off-by: Jeff Layton <jlayton at samba.org>

commit aed556765b5b7c42cee5107ab7fd657732e15df8
Author: Jeff Layton <jlayton at samba.org>
Date:   Tue Jan 17 16:35:55 2012 -0500

    cifscreds: make key_search use keyctl_search
    
    ...which is much more efficient than walking the keyring by hand.
    
    Signed-off-by: Jeff Layton <jlayton at samba.org>

commit a4e917e6b365414a963fb4f25e7be5d75e12b832
Author: Jeff Layton <jlayton at samba.org>
Date:   Tue Jan 17 16:35:55 2012 -0500

    cifscreds: change prefix on keys to "cifs:" instead of
"cifscreds:"
    
    The "creds" portion seems redundant.
    
    Signed-off-by: Jeff Layton <jlayton at samba.org>

commit 569c33567c65723d60bac30bd5bfe4a9a310258a
Author: Jeff Layton <jlayton at samba.org>
Date:   Tue Jan 24 08:30:16 2012 -0500

    cifscreds: add a manpage
    
    ...I'm also including the POD sources here for easier editing, but we
    may remove them in the future if it becomes burdensome to keep up 2
    copies.
    
    Signed-off-by: Jeff Layton <jlayton at samba.org>

commit 221c67dd114be2a33ecbc18797d43898e513b659
Author: Jeff Layton <jlayton at samba.org>
Date:   Tue Jan 24 08:34:09 2012 -0500

    cifscreds: build it by default
    
    ...but either error out or disable it if keyutils.h isn't present.
    
    Signed-off-by: Jeff Layton <jlayton at samba.org>

commit 9dd2c53ef26b6c0179494bacfea8f1f732be2270
Author: Jeff Layton <jlayton at samba.org>
Date:   Sat Jan 28 08:18:32 2012 -0500

    autoconf: set version to 5.3
    
    ...and fix the URL for cifs-utils.
    
    Signed-off-by: Jeff Layton <jlayton at samba.org>

- -- 
Jeff Layton <jlayton at samba.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (GNU/Linux)

iQIcBAEBAgAGBQJPI/x+AAoJEAAOaEEZVoIVbikQANVxbZnps/gnakDlcQeH4gFX
X1uwpNOnEmEt/a4cJIRKX3huKk6rurdQOKvRw8LM7Ou+OAtFTNlJ7/PhxXp5hYSC
Bjkr8dnfA5aCmOmO0ZV9amImNsi7Tj9/03jrcEImi6YqzX6BIpDlyszJWmi4p6yE
ZLP8Lb1UCUsdseSy0ky27yKdIcDaVc0N3eMNuJVLQXMLzJ4fgV8RsyDXCPb1hoMM
1Gv2Rx2LMd+Bijn7mnYkczkXIzY8O4o2TPzv9dYZh3d3a+tTRjqlrsq2/eG7p0rv
0kvUa94KK6MLzD3KUIGC4k6XaB3/RTliuPUVR8BFtD5SD+xkV8LM9FX7psZmNxfR
jKMuBJIV7YLaFEOtdaOpkOIykRllBDi3+yktJM6lvSoowcYDgM2zpXMwdVSNx3G1
KP9zD+hV4FZ5VCh7QZAPSa73gcGktbpjLjFg16rw3VfuBObZzmABFLz556uvaAv1
161dkNeWOimXQP8XW1uXd0XpTdeVrjEp1PXvppRuFjn7NrNZH1NZkRl86bprw4Ma
6bfJePcMrjXjX2xMDIU6tmErk7TiQguPiVMnFg+gfPJc2D4ZVJDUXBQ62aqw3QJp
ZKh3E8h2ZScihn2Jgy0hjWkV4AyiUD/8uQHAuKe2f861zFC96k93Y1ZSTU7KXrKD
73S3pEGD2qyMLul5RHj5
=Py2E
-----END PGP SIGNATURE-----