Jeff Layton
2012-Nov-11 11:37 UTC
[Samba] ANNOUNCE: cifs-utils release 5.8 is ready for download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Time for another cifs-utils release!
Most of the patches in this release are for cifs.idmap, getcifsacl and
setcifsacl. There were many bugs in those tools, so anyone that's
deploying or using them is highly encouraged to upgrade.
Highlights:
* NFS-style device names are being deprecated in 6.0. Anyone using that
sort of device name should move to the UNC-style syntax that the manpage
has always documented.
* Many bugs in cifs.idmap, getcifsacl and setcifsacl have been fixed.
These tools should also be more efficient now and work correctly on
big-endian architectures.
webpage: https://wiki.samba.org/index.php/LinuxCIFS_utils
tarball: ftp://ftp.samba.org/pub/linux-cifs/cifs-utils/
git: git://git.samba.org/cifs-utils.git
gitweb: http://git.samba.org/?p=cifs-utils.git;a=summary
Detailed list of changes since 5.8:
commit 819018e34696b0fb9bf1b386304b5dce39ae0e6d
Author: Jeff Layton <jlayton at samba.org>
Date: Fri Oct 12 13:28:37 2012 -0400
autoconf: set release to 5.7.1 for interim builds
Signed-off-by: Jeff Layton <jlayton at samba.org>
commit 679fbebb5a656b4eb1a8988fb0d8697a5f919794
Author: Scott Lovenberg <scott.lovenberg at gmail.com>
Date: Tue Oct 23 15:37:03 2012 -0400
mount.cifs: add warning that NFS syntax is deprecated and will be
removed in cifs-utils-6.0.
[jlayton: Added newline to end of warning]
Signed-off-by: Scott Lovenberg <scott.lovenberg at gmail.com>
commit 60bca663f94e27436ed1afe1e673a8afa3342e1d
Author: Jeff Layton <jlayton at samba.org>
Date: Mon Oct 29 15:45:37 2012 -0400
cifs.idmap: make sure cifsacl structs are packed
The kernel equivalent definitions are defined with
__attribute__((packed)), and the code seems to assume the userspace and
kernel ones will be properly aligned. Fix the userspace definitions in a
similar fashion.
Given the way these structs are, there is probably not any padding
between fields on most arches, but it's best to be safe here.
Reviewed-by: Shirish Pargaonkar <shirishpargaonkar at gmail.com>
Signed-off-by: Jeff Layton <jlayton at samba.org>
commit 1a0523fbc469e34560bec0f06ce4622bb7db7b04
Author: Jeff Layton <jlayton at samba.org>
Date: Mon Oct 29 15:45:37 2012 -0400
cifs.idmap: get rid of useless strcmp prior to idmapping
The code copies off the key description and then ensures that it's
prefixed with "cifs.idmap". What's the point of that?
Presumably request-key would never have called this otherwise. There's
little harm in going ahead and doing the idmapping if this is called
with the wrong string.
Also, the error handling here is wrong. If the prefix doesn't match
the code will exit 0 without doing any mapping. Just remove it.
Reviewed-by: Shirish Pargaonkar <shirishpargaonkar at gmail.com>
Signed-off-by: Jeff Layton <jlayton at samba.org>
commit d9b876bc5b047682854123aed082c1004b995b69
Author: Jeff Layton <jlayton at samba.org>
Date: Mon Oct 29 15:45:37 2012 -0400
cifs.idmap: add an options struct to handle long options
...since the manpage advertises them.
Reviewed-by: Shirish Pargaonkar <shirishpargaonkar at gmail.com>
Signed-off-by: Jeff Layton <jlayton at samba.org>
commit 035f69a9b5fe3c72df73bbbda2d7e570891f971e
Author: Jeff Layton <jlayton at samba.org>
Date: Mon Oct 29 15:45:37 2012 -0400
cifs.idmap: clean up strget and avoid memory allocation
Don't do a strlen() call if strstr() isn't going to match anyway.
There's no need to duplicate the string here. None of the callers modify
it, so just return a pointer into the original string.
Reviewed-by: Shirish Pargaonkar <shirishpargaonkar at gmail.com>
Signed-off-by: Jeff Layton <jlayton at samba.org>
commit 803feff6aa66c0bb0f0a703eb2404477889a56d5
Author: Jeff Layton <jlayton at samba.org>
Date: Mon Oct 29 15:45:37 2012 -0400
cifs.idmap: don't use atoi to convert unsigned int to number
atoi() is for signed integers, and is deprecated in any case. Use
strtoul() instead and check the result carefully before using it.
Also add a log message when the string(s) can't be converted and
fix the signedness of the types in other log messages.
Reviewed-by: Shirish Pargaonkar <shirishpargaonkar at gmail.com>
Signed-off-by: Jeff Layton <jlayton at samba.org>
commit 0454be8978815b90baae7652b0717d0c0696e295
Author: Jeff Layton <jlayton at samba.org>
Date: Mon Oct 29 15:45:37 2012 -0400
cifs.idmap: set a timeout on keys that it instantiates
...and add a command-line option to allow the admin to tune that value.
I think this is a better way to handle this instead of trying to set the
timeouts in kernel space.
Reviewed-by: Shirish Pargaonkar <shirishpargaonkar at gmail.com>
Signed-off-by: Jeff Layton <jlayton at samba.org>
commit c49a6767051979368eea1087c9724a2c2994bd56
Author: Jeff Layton <jlayton at samba.org>
Date: Mon Oct 29 15:45:37 2012 -0400
cifs.idmap: add a --help option for cifs.idmap
To make it print the usage message and exit.
Reviewed-by: Shirish Pargaonkar <shirishpargaonkar at gmail.com>
Signed-off-by: Jeff Layton <jlayton at samba.org>
commit f0269e2a0efacf5299b123801d9ec49695ed30b6
Author: Jeff Layton <jlayton at samba.org>
Date: Mon Oct 29 16:04:11 2012 -0400
setcifsacl: clean up sizing of cifs_sid
The max number of subauthorities on windows and in winbind is generally
15, not 5. If winbind sends more than 5, then this code may end up
overrunning the buffer. Also, define some preprocessor constants and
use those instead of hardcoding '5' and '6' all over the
place.
Signed-off-by: Jeff Layton <jlayton at samba.org>
commit c8cd10850eeac03dc21679c19859d5e2fd3d861f
Author: Jeff Layton <jlayton at samba.org>
Date: Wed Nov 7 10:19:14 2012 -0500
setcifsacl: fix overrun of subauths array when copying SIDs
copy_sec_desc() copies the owner and group SIDs from one security
descriptor to another. Unfortunately, it doesn't take into account the
fact that these are variable length and routinely overruns the SID
structure when doing this copy and scribbles over the destination ACL.
This wasn't noticed before the change in the maximum number of subauths
because the code either overwrote the damage afterward, or the overrun
part was the same between source and destination anyway. Now that the
max number of subauths is 15, it's more noticable.
Fix it to only copy the number of subauths that claimed in the buffer
instead.
Signed-off-by: Jeff Layton <jlayton at samba.org>
commit 30fabc23eb74ec9de69fb0f0331815970aa9bf12
Author: Jeff Layton <jlayton at samba.org>
Date: Wed Nov 7 10:19:15 2012 -0500
setcifsacl: clean up get_numfaces
pntsd is never NULL here, and get rid of extra "else" that adds
some
unneeded indentation.
Signed-off-by: Jeff Layton <jlayton at samba.org>
commit 1b2b1ab1084b1fbae324c8461a515b6851167e06
Author: Jeff Layton <jlayton at samba.org>
Date: Wed Nov 7 10:19:15 2012 -0500
get/setcifsacl: set "prog" via basename(argv[0])
This saves a tiny bit of memory, and doesn't make the program assume
that the binary is named something in particular.
Signed-off-by: Jeff Layton <jlayton at samba.org>
commit b578467bf04f0290ab3bcaa82ef007d9f39f186b
Author: Jeff Layton <jlayton at samba.org>
Date: Wed Nov 7 10:19:15 2012 -0500
setcifsacl: declare an enum for the action values
...instead of relying on magic values of an int.
Signed-off-by: Jeff Layton <jlayton at samba.org>
commit 7b3796695ec4b2afe2feb05678be8f8a6b64044c
Author: Jeff Layton <jlayton at samba.org>
Date: Wed Nov 7 10:19:15 2012 -0500
setcifsacl: fix up getopt() usage
'?' has a special meaning in getopt(). It means that the option
character was not recognized. You can override that behavior by making
':' the first character of the optstring, but that wasn't done
here. I'm
not sure what the effect of having '?' in the actual optstring is in
this case, but it's probably best not to put it in there.
Remove '?' from the optstring and replace it 'h'. Also add
'-h' as a
valid option to the manpage.
'-v' doesn't require an argument, so fix the optstring to
reflect that.
Finally declare a new variable to hold optarg. Currently we only call
getopt() once, which is a little odd. Eventually we may want to make it
call it more than once, in which case we'll need some way to store the
optarg on each pass.
Signed-off-by: Jeff Layton <jlayton at samba.org>
commit 49d24798aec743f7acee76d7c9953cd2501f78d8
Author: Jeff Layton <jlayton at samba.org>
Date: Wed Nov 7 10:19:16 2012 -0500
cifsacl: header file cleanup
Remove the unused ace_action enum, and express mask values by or'ing
what they represent. Add a comment about the endianness of these values
in the packed structs too.
Signed-off-by: Jeff Layton <jlayton at samba.org>
commit 78a2a8b9c6b5ce040122f87e6000636ca8574544
Author: Jeff Layton <jlayton at samba.org>
Date: Wed Nov 7 10:19:16 2012 -0500
setcifsacl: fix endianness on SIDs provided by winbind routines
Winbind keeps SID fields in host-endian format, but setcifsacl doesn't
currently account for that. Make sure that when we get a valid SID
from wbc that we convert the subauth fields to little-endian, which
the server will expect. The other fields are single bytes and don't
need conversion.
Signed-off-by: Jeff Layton <jlayton at samba.org>
commit 47400ee5dcdda7e7b77b536f4befb5c04c1c5144
Author: Jeff Layton <jlayton at samba.org>
Date: Wed Nov 7 10:19:16 2012 -0500
cifs.idmap: fix endianness on SIDs before sending to kernel
Winbind keeps wbcDomainSids in host-endian format. They must be
converted to little-endian before we can ship them off to the
kernel.
Signed-off-by: Jeff Layton <jlayton at samba.org>
commit b07c3d72ff27e1818e3c1a38466d027d04a54e04
Author: Jeff Layton <jlayton at samba.org>
Date: Wed Nov 7 10:19:16 2012 -0500
setcifsacl: fix up endianness conversions
Don't use htole32 when you really want le32toh. Also, when copying or
comparing ACEs, it's incorrect to convert the endianness of these
fields. Let's just keep things simple and declare that multibyte fields
in all of these structs are always kept in little-endian.
Signed-off-by: Jeff Layton <jlayton at samba.org>
commit 6575515e37363b0db04ed13e7d627ef1a7c36ede
Author: Jeff Layton <jlayton at samba.org>
Date: Wed Nov 7 10:19:17 2012 -0500
setcifsacl: clean up get_numcaces
No need to walk the string twice or to hand-roll our own version of
strchr(). Also, move the check for no argument out into main().
Signed-off-by: Jeff Layton <jlayton at samba.org>
commit e2bfd38719c05c2d04579adda5f089755c79eba0
Author: Jeff Layton <jlayton at samba.org>
Date: Wed Nov 7 10:19:17 2012 -0500
setcifsacl: clean up parse_cmdline_aces
One of the reasons to use "goto" in an error condition is to
eliminate
unnecessary indentation. Fix that here by revering some error checks
end getting rid of some unneeded "else" cases.
After using strstr() to find "ACL:", there's no need to then
use
strchr() to find ':'. We know where it is -- it's 3 bytes past
the
current position.
Finally, there's no need to copy these strings into new buffers,
just set the pointers in the array to their original values.
Signed-off-by: Jeff Layton <jlayton at samba.org>
commit 5ba83a1f28d8feb0110a129fa24b8749016f2be7
Author: Jeff Layton <jlayton at samba.org>
Date: Wed Nov 7 10:19:17 2012 -0500
setcifsacl: fix verify_ace_sid
The current method of trying to convert a name to a password struct and
then back to a SID is just weird. It also doesn't seem to work
correctly.
Instead, look for a '\\' in the string. If there isn't one then
try to
convert it directly to a SID.
If there is a '\\' or the direct-to-SID conversion didn't work,
then
use wbcLookupName to do the conversion directly to a SID instead.
Also, fix the error handling. These routines return a wbcErr, so we
should use their macros to check whether it worked or not.
Signed-off-by: Jeff Layton <jlayton at samba.org>
commit 034a4baa9f3d496a19dbe3eb46d51cf8ef3adffd
Author: Jeff Layton <jlayton at samba.org>
Date: Wed Nov 7 10:19:17 2012 -0500
getcifsacl: clarify magic number if print_ace
Signed-off-by: Jeff Layton <jlayton at samba.org>
commit cc3417e69ca39a8b7eaf0df5ba848d0d4822924e
Author: Jeff Layton <jlayton at samba.org>
Date: Wed Nov 7 10:19:18 2012 -0500
getcifsacl: fix endianness before handing off SID to winbind
winbind expects SIDs to be expressed in host-endian. Convert them
from little-endian before asking winbind to convert them to names.
Also use the WBC_ERROR_IS_OK() macro to check the return code.
Signed-off-by: Jeff Layton <jlayton at samba.org>
commit 067a0c8c63c8e5e4e7e70a95009d25a9d089b5dd
Author: Jeff Layton <jlayton at samba.org>
Date: Wed Nov 7 10:19:18 2012 -0500
getcifsacl: don't use wbcDomainSid internally
Use our own cifs_sid instead and cast it to a wbcDomainSid before
handing it off to winbind.
Signed-off-by: Jeff Layton <jlayton at samba.org>
commit 4fae92dc32fb5e04fdb0533140997797614a9ed5
Author: Jeff Layton <jlayton at samba.org>
Date: Wed Nov 7 10:19:18 2012 -0500
getcifsacl: fix raw SID printing routine
The current routine prints multiple authority values as different
numbers instead of combining them, which is wrong.
Print the SID according to the rules in MS-DTYP.
Signed-off-by: Jeff Layton <jlayton at samba.org>
commit 786725279edf0a3ab684e68743e56c1412d95c59
Author: Jeff Layton <jlayton at samba.org>
Date: Wed Nov 7 10:19:18 2012 -0500
setcifsacl: consolidate SID copying routines
...instead of open-coding it thrice.
Signed-off-by: Jeff Layton <jlayton at samba.org>
commit 486eae46e07f792e83fb9c83df61834b5d7e0077
Author: Jeff Layton <jlayton at samba.org>
Date: Wed Nov 7 10:19:19 2012 -0500
setcifsacl: fix some bugs in build_fetched_aces
Pavel Raiskup reported the following defects that he found with Coverity:
"If the variable 'facesptr' on line
cifs-utils-4.8.1/setcifsacl.c|365|
has not enough memory to be allocated, program 'setcifsacl' will
fail
with segfault on line 365 (dereferencing facesptr)."
"you may return freed pointer here. There is some kind of return code
('rc') which should be transferred to >NULL< when is rc
nonzero (and
returned)"
There are also a couple of other bugs here:
malloc doesn't necessarily set errno to anything when an allocation
fails, so having the error handling rely on that is wrong.
Fix all of these bugs by reorganzing this function to fix up the error
handling.
Reported-by: Pavel Raiskup <praiskup at redhat.com>
Signed-off-by: Jeff Layton <jlayton at samba.org>
commit aa7cbf3ebc5df89b592815623459dabf6a21f5eb
Author: Jeff Layton <jlayton at samba.org>
Date: Wed Nov 7 10:19:19 2012 -0500
setcifsacl: fix some bugs in build_cmdline_aces
Pavel Raiskup found the following defect in setcifsacl with Coverity:
"segfault may occur also in cifs-utils-4.8.1/setcifsacl.c|644| because
of casesptr dereferencing. When you look e.g. at the line 605, in this
time any part of 'caseptr' may be yet uninitialized and program is
going
through 'goto' to freeing -> and there you are freeing the
'caseptr[i]'
address."
The analysis there seems a little off, but is basically correct. The
freeing loop counts down from the current value of i to free the
secondary allocations here.
There is one situation though where this could go badly. If the strtok
parsing near the beginning of the loop fails, then we could end up
trying to free an uninitialized pointer.
Fix this by changing the cacesptr allocation to use calloc(), and stop
trying to be clever with the freeing loop. Just have it walk the
entire array and attempt to free each slot.
Reported-by: Pavel Raiskup <praiskup at redhat.com>
Signed-off-by: Jeff Layton <jlayton at samba.org>
commit 3a41103dfea64856c8317099496716a7f9010769
Author: Jeff Layton <jlayton at samba.org>
Date: Wed Nov 7 10:19:19 2012 -0500
getcifsacl: fix endianness bug in getcifsacl and add better bounds checks
getcifsacl must convert the access_req field from little endian. Also,
we should ensure that the "size" field in the ACE is reachable
before
trying to access it.
Signed-off-by: Jeff Layton <jlayton at samba.org>
commit 6a091a5aa6fd9de3e2ea700896e1949a5623b1c6
Author: Jeff Layton <jlayton at samba.org>
Date: Wed Nov 7 10:19:19 2012 -0500
setcifsacl: fix up ACE mask handling
Change verify_ace_mask to just attempt to convert the argument to an
unsigned long first. If that fails, then try to treat it as a symbolic
mask string.
Also, clean up ace_mask_value. There's no need to walk the string
twice. Walk it once and turn the single-char mask checks into a switch
statement instead of if/else clauses.
Finally, fix the endianness of the resulting value. It must be in LE.
Signed-off-by: Jeff Layton <jlayton at samba.org>
commit c74be6c4f2d75008772ce5f4224d36e2556d31ac
Author: Jeff Layton <jlayton at samba.org>
Date: Wed Nov 7 10:19:20 2012 -0500
setcifsacl: fix endianness of ->size in build_cmdline_aces
The size must also be kept in little-endian.
Signed-off-by: Jeff Layton <jlayton at samba.org>
commit 3759dfa1f6c4990d7dd017eeb341965673382b07
Author: Jeff Layton <jlayton at samba.org>
Date: Wed Nov 7 10:19:20 2012 -0500
setcifsacl: fix some build warnings
Signed-off-by: Jeff Layton <jlayton at samba.org>
commit 3ff520f4380b8826d9eeda71da87e4e4548c4f4a
Author: Jeff Layton <jlayton at samba.org>
Date: Wed Nov 7 10:19:20 2012 -0500
cifs.idmap: fix up some compile-time warnings
Get rid of some unused variables, and fix a strict-aliasing problem by
copying the SID data to a new place instead of converting the
endianness in-place.
Signed-off-by: Jeff Layton <jlayton at samba.org>
commit fd3d58c4e78098700a03551c7e7d2f2b63777502
Author: Jeff Layton <jlayton at samba.org>
Date: Wed Nov 7 10:20:46 2012 -0500
getcifsacl: fix up printing of REVISION: and CONTROL: fields
They need endianness conversion too...
Signed-off-by: Jeff Layton <jlayton at samba.org>
commit feab5b327c5fea393d626f0ae3c33810fdafe518
Author: Jeff Layton <jlayton at samba.org>
Date: Fri Nov 9 06:08:38 2012 -0500
mount.cifs: fix argument count check
The argv < 3 check could return true if you pass in some option flags.
If you don't provide any further arguments then you might just walk
off the end of the argv array. The values past the end aren't
guaranteed to be NULL in that case.
Fix the check to just look at whether there are 2 more arguments after
the getopt processing is done.
Signed-off-by: Jeff Layton <jlayton at samba.org>
commit ec80b4feeb2a86b3661e9c710b942196492a9af4
Author: Jeff Layton <jlayton at samba.org>
Date: Fri Nov 9 06:33:48 2012 -0500
getcifsacl: don't freely cast between wbcDomainSid and cifs_sid
While they are very similar, the cifs_sid is "packed" and the
wbcDomainSid isn't. There are also aliasing problems with gcc in
some cases. Instead of trying to cast and fix endianness in place,
make a separate copy instead.
Signed-off-by: Jeff Layton <jlayton at samba.org>
commit ea0441d56862538b6c72ebbe085f98d9da8e14ea
Author: Jeff Layton <jlayton at samba.org>
Date: Fri Nov 9 06:40:14 2012 -0500
setcifsacl: don't freely cast between wbcDomainSid and cifs_sid
Since they are not necessarily aligned the same and potentially store
their fields with different endianness. Copy from the wbcDomainSid
to the cifs_sid as appropriate.
Also rename the same function in cifs.idmap.c for consistency.
Signed-off-by: Jeff Layton <jlayton at samba.org>
commit 60df9bbd90fc43e388ae42d6ed73415b45e43227
Author: Jeff Layton <jlayton at samba.org>
Date: Fri Nov 9 07:49:43 2012 -0500
setcifsacl: fix format specifier in error message
setcifsacl.c:833: warning: format '%ld' expects type 'long
int', but
argument 3 has type 'ssize_t'
Signed-off-by: Jeff Layton <jlayton at samba.org>
commit 62b6e9429c6190a4e31dfe6a028ca9b2689d3f07
Author: Jeff Layton <jlayton at samba.org>
Date: Sun Nov 11 06:09:23 2012 -0500
autoconf: set version to 5.8
Signed-off-by: Jeff Layton <jlayton at samba.org>
- --
Jeff Layton <jlayton at samba.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
iQIcBAEBAgAGBQJQn43cAAoJEAAOaEEZVoIVG7cQAKdnGCsrq1IhcttK7xycNjLg
T/7Igyx8Rsus3pi2GLHedWXOH3BWUPYgFct0skl0aG8DBWFn6FhddpB0/PE2Mxpv
HX2xE3R7P7o0HgicLRUq9ZXf6ZDxd3cQz1xHAeQs5Spyr+3j0SdIxrec3vCM7hmo
KeAJFg7LLHjt52TNt5AUZdWNiGeM61vaSqqFpsdRFWhmtcNgOZiKh653f5Zoaslx
ClABZVQ16ln+B8e/3Tei4mcCwlF6MRSixhJwB5vjLd13JUITxN3YZVgtHSTso5lc
shHjW8ULNGrhj/9DNkJaDtFJuHG3hDtLax7BHABei4qvs3A1fpb/fH+FobhYWI4Y
0aHW3xJpcm2Ot6PySJiQa4IFLY0jZ1KlLnntJd/hXc8f7bWVOCkg98FcOuINmxCL
lJpfoqbWM+jdzm9Cpg018XEN3BJBl//jFP9rdikXFIut/vvXuVgp9T718ynT/U2H
sjTdhSRj908F+PAsDxLva7YRg9ec6ooOBmezqhYFyYVlgPCf5yhE8yaQcKMW9nE5
mBOqA+b5JTv5Xk9dFaV+4I3D1B6kfjW9/FGJWd9ZOLcXA0FRW812GxEH7ImKRsfx
Dsma8SVxWXDIPq7Qp+slerSvZvP+d0kZeq9l3GkWujP+TkXuW9KF9ZmnTIvBjVtk
GCDAHWN4Pn2bFS4yek7t
=B3ES
-----END PGP SIGNATURE-----
Possibly Parallel Threads
- ANNOUNCE: cifs-utils release 5.1 available for download
- ANNOUNCE: cifs-utils release 5.2 available for download
- ANNOUNCE: cifs-utils release 5.9 ready for download
- ANNOUNCE: cifs-utils release 6.3 ready for download
- ANNOUNCE: cifs-utils release 6.0 ready for download
Wisdom of the Ancients
