Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package cifs-utils for openSUSE:Factory
checked in at 2022-01-22 08:17:51
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/cifs-utils (Old)
and /work/SRC/openSUSE:Factory/.cifs-utils.new.1938 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "cifs-utils"
Sat Jan 22 08:17:51 2022 rev:69 rq:947272 version:6.14
Changes:
--------
--- /work/SRC/openSUSE:Factory/cifs-utils/cifs-utils.changes 2021-05-18
18:27:03.618801735 +0200
+++ /work/SRC/openSUSE:Factory/.cifs-utils.new.1938/cifs-utils.changes
2022-01-22 08:17:59.874979060 +0100
@@ -1,0 +2,22 @@
+Mon Jan 17 09:22:17 UTC 2022 - Enzo Matsumiya <ematsum...@suse.de>
+
+- Update cifs-utils.spec:
+ * Remove unused
+ !BuildIgnore: samba-client
+ BuildRequires: libwbclient-devel
+
+-------------------------------------------------------------------
+Mon Jan 17 06:22:41 UTC 2022 - Enzo Matsumiya <ematsum...@suse.de>
+
+- Update to cifs-utils 6.14
+ * smbinfo is enhanced with capability to display alternate data streams
+ * setcifsacl is improved to optionally reorder ACEs in preferred order
+ * cifs.upcall regression in kerberos mount is fixed
+ * remove cifs-utils-6.13.tar.bz2
+ * remove cifs-utils-6.13.tar.bz2.asc
+ * add cifs-utils-6.14.tar.bz2
+ * add cifs-utils-6.14.tar.bz2.asc
+- Drop upstream fixed patches:
+ * 0001-cifs.upcall-fix-regression-in-kerberos-mount.patch
+
+-------------------------------------------------------------------
Old:
----
0001-cifs.upcall-fix-regression-in-kerberos-mount.patch
cifs-utils-6.13.tar.bz2
cifs-utils-6.13.tar.bz2.asc
New:
----
cifs-utils-6.14.tar.bz2
cifs-utils-6.14.tar.bz2.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ cifs-utils.spec ++++++
--- /var/tmp/diff_new_pack.O9vnEO/_old 2022-01-22 08:18:00.482974963 +0100
+++ /var/tmp/diff_new_pack.O9vnEO/_new 2022-01-22 08:18:00.486974936 +0100
@@ -1,7 +1,7 @@
#
# spec file for package cifs-utils
#
-# Copyright (c) 2021 SUSE LLC
+# Copyright (c) 2022 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -21,7 +21,7 @@
%endif
Name: cifs-utils
-Version: 6.13
+Version: 6.14
Release: 0
Summary: Utilities for doing and managing mounts of the Linux CIFS
filesystem
License: GPL-3.0-or-later
@@ -37,7 +37,6 @@
Source1: cifs.init
Patch1: fix-sbin-install-error.patch
-Patch2: 0001-cifs.upcall-fix-regression-in-kerberos-mount.patch
# Both SSSD and cifs-utils provide an idmap plugin for cifs.ko
# /etc/cifs-utils/idmap-plugin should be a symlink to one of the 2 idmap
plugins
@@ -49,7 +48,7 @@
%define cifs_idmap_priority 20
BuildRequires: update-alternatives
Requires(post): update-alternatives
-Requires(preun): update-alternatives
+Requires(preun):update-alternatives
# cifs-utils 6.8 switched to python for man page generation
# we need to require either py2 or py3 package
@@ -83,14 +82,13 @@
%else
BuildRequires: libcap-devel
%endif
-#!BuildIgnore: samba-client
BuildRequires: libtalloc-devel
%if 0%{?suse_version} > 1110
BuildRequires: fdupes
%endif
-BuildRequires: libwbclient-devel
BuildRequires: pam-devel
BuildRequires: pkg-config
+BuildRequires: pkgconfig(wbclient)
Requires: keyutils
%if ! %{defined _rundir}
%define _rundir %{_localstatedir}/run
@@ -134,7 +132,6 @@
done
%patch1 -p1
-%patch2 -p1
%build
export CFLAGS="%{optflags} -D_GNU_SOURCE -fpie"
++++++ cifs-utils-6.13.tar.bz2 -> cifs-utils-6.14.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cifs-utils-6.13/autom4te.cache/output.0
new/cifs-utils-6.14/autom4te.cache/output.0
--- old/cifs-utils-6.13/autom4te.cache/output.0 2021-04-13 01:59:30.000000000
+0200
+++ new/cifs-utils-6.14/autom4te.cache/output.0 2021-09-24 01:52:09.000000000
+0200
@@ -1,6 +1,6 @@
@%:@! /bin/sh
@%:@ Guess values for system-dependent variables and create Makefiles.
-@%:@ Generated by GNU Autoconf 2.69 for cifs-utils 6.13.
+@%:@ Generated by GNU Autoconf 2.69 for cifs-utils 6.14.
@%:@
@%:@ Report bugs to <linux-c...@vger.kernel.org>.
@%:@
@@ -580,8 +580,8 @@
# Identity of this package.
PACKAGE_NAME='cifs-utils'
PACKAGE_TARNAME='cifs-utils'
-PACKAGE_VERSION='6.13'
-PACKAGE_STRING='cifs-utils 6.13'
+PACKAGE_VERSION='6.14'
+PACKAGE_STRING='cifs-utils 6.14'
PACKAGE_BUGREPORT='linux-c...@vger.kernel.org'
PACKAGE_URL='https://wiki.samba.org/index.php/LinuxCIFS_utils'
@@ -1338,7 +1338,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures cifs-utils 6.13 to adapt to many kinds of systems.
+\`configure' configures cifs-utils 6.14 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1409,7 +1409,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of cifs-utils 6.13:";;
+ short | recursive ) echo "Configuration of cifs-utils 6.14:";;
esac
cat <<\_ACEOF
@@ -1537,7 +1537,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-cifs-utils configure 6.13
+cifs-utils configure 6.14
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2006,7 +2006,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by cifs-utils $as_me 6.13, which was
+It was created by cifs-utils $as_me 6.14, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@@ -2876,7 +2876,7 @@
# Define the identity of the package.
PACKAGE='cifs-utils'
- VERSION='6.13'
+ VERSION='6.14'
cat >>confdefs.h <<_ACEOF
@@ -6837,7 +6837,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by cifs-utils $as_me 6.13, which was
+This file was extended by cifs-utils $as_me 6.14, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -6904,7 +6904,7 @@
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //;
s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-cifs-utils config.status 6.13
+cifs-utils config.status 6.14
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cifs-utils-6.13/autom4te.cache/output.1
new/cifs-utils-6.14/autom4te.cache/output.1
--- old/cifs-utils-6.13/autom4te.cache/output.1 2021-04-13 01:59:33.000000000
+0200
+++ new/cifs-utils-6.14/autom4te.cache/output.1 2021-09-24 01:52:11.000000000
+0200
@@ -1,6 +1,6 @@
@%:@! /bin/sh
@%:@ Guess values for system-dependent variables and create Makefiles.
-@%:@ Generated by GNU Autoconf 2.69 for cifs-utils 6.13.
+@%:@ Generated by GNU Autoconf 2.69 for cifs-utils 6.14.
@%:@
@%:@ Report bugs to <linux-c...@vger.kernel.org>.
@%:@
@@ -580,8 +580,8 @@
# Identity of this package.
PACKAGE_NAME='cifs-utils'
PACKAGE_TARNAME='cifs-utils'
-PACKAGE_VERSION='6.13'
-PACKAGE_STRING='cifs-utils 6.13'
+PACKAGE_VERSION='6.14'
+PACKAGE_STRING='cifs-utils 6.14'
PACKAGE_BUGREPORT='linux-c...@vger.kernel.org'
PACKAGE_URL='https://wiki.samba.org/index.php/LinuxCIFS_utils'
@@ -1338,7 +1338,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures cifs-utils 6.13 to adapt to many kinds of systems.
+\`configure' configures cifs-utils 6.14 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1409,7 +1409,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of cifs-utils 6.13:";;
+ short | recursive ) echo "Configuration of cifs-utils 6.14:";;
esac
cat <<\_ACEOF
@@ -1537,7 +1537,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-cifs-utils configure 6.13
+cifs-utils configure 6.14
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2006,7 +2006,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by cifs-utils $as_me 6.13, which was
+It was created by cifs-utils $as_me 6.14, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@@ -2876,7 +2876,7 @@
# Define the identity of the package.
PACKAGE='cifs-utils'
- VERSION='6.13'
+ VERSION='6.14'
cat >>confdefs.h <<_ACEOF
@@ -6837,7 +6837,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by cifs-utils $as_me 6.13, which was
+This file was extended by cifs-utils $as_me 6.14, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -6904,7 +6904,7 @@
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //;
s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-cifs-utils config.status 6.13
+cifs-utils config.status 6.14
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cifs-utils-6.13/autom4te.cache/requests
new/cifs-utils-6.14/autom4te.cache/requests
--- old/cifs-utils-6.13/autom4te.cache/requests 2021-04-13 01:59:33.000000000
+0200
+++ new/cifs-utils-6.14/autom4te.cache/requests 2021-09-24 01:52:11.000000000
+0200
@@ -37,57 +37,57 @@
'configure.ac'
],
{
- 'AC_LIBCAP' => 1,
- '_PKG_SHORT_ERRORS_SUPPORTED' => 1,
+ '_AM_AUTOCONF_VERSION' => 1,
+ 'AM_SET_LEADING_DOT' => 1,
+ 'include' => 1,
+ '_AM_OUTPUT_DEPENDENCY_COMMANDS' => 1,
+ 'AM_SET_CURRENT_AUTOMAKE_VERSION' => 1,
+ 'AM_CONDITIONAL' => 1,
+ '_m4_warn' => 1,
'm4_include' => 1,
- '_AM_CONFIG_MACRO_DIRS' => 1,
- '_AM_DEPENDENCIES' => 1,
- 'AC_TEST_WBCHL' => 1,
+ 'AM_PROG_CC_C_O' => 1,
+ 'AC_DEFUN' => 1,
'AM_SANITY_CHECK' => 1,
+ 'AU_DEFUN' => 1,
+ 'AM_OUTPUT_DEPENDENCY_COMMANDS' => 1,
+ 'AC_TEST_WBCHL' => 1,
+ 'm4_pattern_forbid' => 1,
'AM_MISSING_HAS_RUN' => 1,
- 'AM_SET_CURRENT_AUTOMAKE_VERSION' => 1,
- 'AM_RUN_LOG' => 1,
- 'PKG_CHECK_MODULES_STATIC' => 1,
- 'AM_SILENT_RULES' => 1,
- 'AC_CONFIG_MACRO_DIR' => 1,
- 'AM_MISSING_PROG' => 1,
- 'm4_pattern_allow' => 1,
- 'AM_SET_DEPDIR' => 1,
- '_AM_SET_OPTIONS' => 1,
'AM_INIT_AUTOMAKE' => 1,
- 'AM_PROG_INSTALL_SH' => 1,
+ 'PKG_CHECK_MODULES' => 1,
+ '_AM_PROG_CC_C_O' => 1,
+ 'AM_MAKE_INCLUDE' => 1,
'AM_AUTOMAKE_VERSION' => 1,
- 'AM_SUBST_NOTMAKE' => 1,
- 'AU_DEFUN' => 1,
+ '_AM_CONFIG_MACRO_DIRS' => 1,
+ '_AM_MANGLE_OPTION' => 1,
+ 'AC_CONFIG_MACRO_DIR_TRACE' => 1,
+ '_AM_SET_OPTIONS' => 1,
+ 'PKG_CHECK_MODULES_STATIC' => 1,
+ 'AM_SET_DEPDIR' => 1,
'PKG_NOARCH_INSTALLDIR' => 1,
- 'm4_pattern_forbid' => 1,
- 'AM_MAKE_INCLUDE' => 1,
- '_AC_AM_CONFIG_HEADER_HOOK' => 1,
- '_m4_warn' => 1,
- 'AM_DEP_TRACK' => 1,
+ 'AM_SUBST_NOTMAKE' => 1,
+ 'PKG_CHECK_EXISTS' => 1,
+ '_AM_SET_OPTION' => 1,
'PKG_INSTALLDIR' => 1,
- 'AM_PROG_CC_C_O' => 1,
- 'AC_DEFUN' => 1,
- 'include' => 1,
+ '_AC_AM_CONFIG_HEADER_HOOK' => 1,
+ '_PKG_SHORT_ERRORS_SUPPORTED' => 1,
+ '_AM_PROG_TAR' => 1,
'_AM_SUBST_NOTMAKE' => 1,
- '_AM_AUTOCONF_VERSION' => 1,
+ 'AM_SILENT_RULES' => 1,
+ 'AM_DEP_TRACK' => 1,
+ 'AC_TEST_WBC_IDMAP_BOTH' => 1,
+ 'AM_RUN_LOG' => 1,
'AM_PROG_INSTALL_STRIP' => 1,
- '_AM_PROG_TAR' => 1,
- '_AM_SET_OPTION' => 1,
+ '_AM_DEPENDENCIES' => 1,
+ 'm4_pattern_allow' => 1,
+ 'AC_LIBCAP' => 1,
'PKG_PROG_PKG_CONFIG' => 1,
- 'PKG_CHECK_VAR' => 1,
- '_AM_PROG_CC_C_O' => 1,
- 'AC_TEST_WBC_IDMAP_BOTH' => 1,
- 'PKG_CHECK_MODULES' => 1,
'AM_AUX_DIR_EXPAND' => 1,
+ 'AM_MISSING_PROG' => 1,
+ 'AM_PROG_INSTALL_SH' => 1,
+ 'AC_CONFIG_MACRO_DIR' => 1,
'AC_DEFUN_ONCE' => 1,
- 'AM_CONDITIONAL' => 1,
- 'AM_OUTPUT_DEPENDENCY_COMMANDS' => 1,
- '_AM_MANGLE_OPTION' => 1,
- 'AM_SET_LEADING_DOT' => 1,
- 'PKG_CHECK_EXISTS' => 1,
- 'AC_CONFIG_MACRO_DIR_TRACE' => 1,
- '_AM_OUTPUT_DEPENDENCY_COMMANDS' => 1,
+ 'PKG_CHECK_VAR' => 1,
'_AM_IF_OPTION' => 1
}
], 'Autom4te::Request' ),
@@ -103,66 +103,66 @@
'configure.ac'
],
{
- 'AM_PROG_CXX_C_O' => 1,
- 'AM_CONDITIONAL' => 1,
- 'AC_FC_SRCEXT' => 1,
- 'AC_CANONICAL_SYSTEM' => 1,
- 'AC_PROG_LIBTOOL' => 1,
- 'LT_CONFIG_LTDL_DIR' => 1,
- 'AC_LIBSOURCE' => 1,
- 'AM_PROG_MKDIR_P' => 1,
- 'AM_PROG_F77_C_O' => 1,
- 'LT_SUPPORTED_TAG' => 1,
- 'm4_sinclude' => 1,
'AC_CANONICAL_TARGET' => 1,
- 'AM_PROG_MOC' => 1,
- '_AM_COND_ENDIF' => 1,
'AC_CANONICAL_BUILD' => 1,
- '_m4_warn' => 1,
- 'AC_DEFINE_TRACE_LITERAL' => 1,
- 'AM_PROG_AR' => 1,
+ 'AC_FC_PP_DEFINE' => 1,
+ 'AC_REQUIRE_AUX_FILE' => 1,
+ 'AM_POT_TOOLS' => 1,
'AC_INIT' => 1,
- 'AC_SUBST' => 1,
- 'AM_MAINTAINER_MODE' => 1,
+ 'LT_SUPPORTED_TAG' => 1,
+ 'm4_pattern_allow' => 1,
+ 'AC_CONFIG_LIBOBJ_DIR' => 1,
'AC_CONFIG_SUBDIRS' => 1,
- 'm4_pattern_forbid' => 1,
- '_AM_SUBST_NOTMAKE' => 1,
- 'include' => 1,
- 'AM_PROG_CC_C_O' => 1,
+ '_AM_MAKEFILE_INCLUDE' => 1,
+ 'AM_XGETTEXT_OPTION' => 1,
+ 'AC_DEFINE_TRACE_LITERAL' => 1,
+ 'AM_EXTRA_RECURSIVE_TARGETS' => 1,
+ 'AC_CONFIG_LINKS' => 1,
+ 'sinclude' => 1,
'AC_FC_PP_SRCEXT' => 1,
- 'AM_MAKEFILE_INCLUDE' => 1,
- 'AC_CONFIG_AUX_DIR' => 1,
- 'm4_pattern_allow' => 1,
- 'AM_PROG_FC_C_O' => 1,
- 'AM_AUTOMAKE_VERSION' => 1,
- 'AC_CANONICAL_HOST' => 1,
- 'AC_REQUIRE_AUX_FILE' => 1,
- 'AM_INIT_AUTOMAKE' => 1,
+ 'LT_CONFIG_LTDL_DIR' => 1,
+ 'AC_FC_SRCEXT' => 1,
+ 'AH_OUTPUT' => 1,
+ 'AM_GNU_GETTEXT_INTL_SUBDIR' => 1,
'AM_PATH_GUILE' => 1,
- 'AC_CONFIG_LINKS' => 1,
+ 'AC_CONFIG_AUX_DIR' => 1,
+ '_LT_AC_TAGCONFIG' => 1,
+ 'AM_PROG_F77_C_O' => 1,
'AC_FC_FREEFORM' => 1,
- 'AC_CONFIG_LIBOBJ_DIR' => 1,
- 'AC_CONFIG_HEADERS' => 1,
- 'AM_GNU_GETTEXT' => 1,
- 'AM_NLS' => 1,
- 'sinclude' => 1,
'_AM_COND_ELSE' => 1,
- 'AC_SUBST_TRACE' => 1,
+ 'm4_sinclude' => 1,
+ 'AM_MAKEFILE_INCLUDE' => 1,
+ '_AM_SUBST_NOTMAKE' => 1,
'AM_SILENT_RULES' => 1,
+ '_AM_COND_ENDIF' => 1,
+ 'AC_SUBST' => 1,
+ 'AC_CANONICAL_HOST' => 1,
+ 'AM_PROG_AR' => 1,
'AM_PROG_LIBTOOL' => 1,
- 'AM_POT_TOOLS' => 1,
- 'AM_XGETTEXT_OPTION' => 1,
- '_AM_MAKEFILE_INCLUDE' => 1,
- 'AH_OUTPUT' => 1,
- 'AM_ENABLE_MULTILIB' => 1,
- 'AM_GNU_GETTEXT_INTL_SUBDIR' => 1,
- 'm4_include' => 1,
+ 'AM_GNU_GETTEXT' => 1,
+ 'm4_pattern_forbid' => 1,
+ 'AC_CONFIG_HEADERS' => 1,
+ 'AC_PROG_LIBTOOL' => 1,
+ 'AM_PROG_CXX_C_O' => 1,
'AC_CONFIG_FILES' => 1,
- 'AM_EXTRA_RECURSIVE_TARGETS' => 1,
+ 'AM_PROG_MKDIR_P' => 1,
+ 'AM_NLS' => 1,
+ 'AM_INIT_AUTOMAKE' => 1,
+ 'AM_AUTOMAKE_VERSION' => 1,
+ 'AM_PROG_FC_C_O' => 1,
'LT_INIT' => 1,
- 'AC_FC_PP_DEFINE' => 1,
'_AM_COND_IF' => 1,
- '_LT_AC_TAGCONFIG' => 1
+ 'AC_CANONICAL_SYSTEM' => 1,
+ 'include' => 1,
+ 'AM_MAINTAINER_MODE' => 1,
+ 'AM_CONDITIONAL' => 1,
+ 'm4_include' => 1,
+ '_m4_warn' => 1,
+ 'AM_ENABLE_MULTILIB' => 1,
+ 'AM_PROG_MOC' => 1,
+ 'AM_PROG_CC_C_O' => 1,
+ 'AC_LIBSOURCE' => 1,
+ 'AC_SUBST_TRACE' => 1
}
], 'Autom4te::Request' )
);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cifs-utils-6.13/autom4te.cache/traces.1
new/cifs-utils-6.14/autom4te.cache/traces.1
--- old/cifs-utils-6.13/autom4te.cache/traces.1 2021-04-13 01:59:33.000000000
+0200
+++ new/cifs-utils-6.14/autom4te.cache/traces.1 2021-09-24 01:52:11.000000000
+0200
@@ -1,6 +1,6 @@
m4trace:aclocal.m4:1429: -1- m4_include([aclocal/idmap.m4])
m4trace:aclocal.m4:1430: -1- m4_include([aclocal/libcap.m4])
-m4trace:configure.ac:4: -1- AC_INIT([cifs-utils], [6.13],
[linux-c...@vger.kernel.org], [cifs-utils],
[https://wiki.samba.org/index.php/LinuxCIFS_utils])
+m4trace:configure.ac:4: -1- AC_INIT([cifs-utils], [6.14],
[linux-c...@vger.kernel.org], [cifs-utils],
[https://wiki.samba.org/index.php/LinuxCIFS_utils])
m4trace:configure.ac:4: -1- m4_pattern_forbid([^_?A[CHUM]_])
m4trace:configure.ac:4: -1- m4_pattern_forbid([_AC_])
m4trace:configure.ac:4: -1- m4_pattern_forbid([^LIBOBJS$], [do not use LIBOBJS
directly, use AC_LIBOBJ (see section `AC_LIBOBJ vs LIBOBJS'])
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cifs-utils-6.13/cifs.upcall.c
new/cifs-utils-6.14/cifs.upcall.c
--- old/cifs-utils-6.13/cifs.upcall.c 2021-04-13 01:34:48.000000000 +0200
+++ new/cifs-utils-6.14/cifs.upcall.c 2021-09-24 01:48:45.000000000 +0200
@@ -52,6 +52,9 @@
#include <stdbool.h>
#include <errno.h>
#include <sched.h>
+#include <sys/mman.h>
+#include <sys/types.h>
+#include <sys/wait.h>
#include "data_blob.h"
#include "spnego.h"
@@ -787,6 +790,25 @@
return retval;
}
+
+
+struct decoded_args {
+ int ver;
+ char hostname[NI_MAXHOST + 1];
+ char ip[NI_MAXHOST + 1];
+
+/* Max user name length. */
+#define MAX_USERNAME_SIZE 256
+ char username[MAX_USERNAME_SIZE + 1];
+
+ uid_t uid;
+ uid_t creduid;
+ pid_t pid;
+ sectype_t sec;
+
+/*
+ * Flags to keep track of what was provided
+ */
#define DKD_HAVE_HOSTNAME 0x1
#define DKD_HAVE_VERSION 0x2
#define DKD_HAVE_SEC 0x4
@@ -796,23 +818,13 @@
#define DKD_HAVE_CREDUID 0x40
#define DKD_HAVE_USERNAME 0x80
#define DKD_MUSTHAVE_SET (DKD_HAVE_HOSTNAME|DKD_HAVE_VERSION|DKD_HAVE_SEC)
-
-struct decoded_args {
- int ver;
- char *hostname;
- char *ip;
- char *username;
- uid_t uid;
- uid_t creduid;
- pid_t pid;
- sectype_t sec;
+ int have;
};
static unsigned int
-decode_key_description(const char *desc, struct decoded_args *arg)
+__decode_key_description(const char *desc, struct decoded_args *arg)
{
- int len;
- int retval = 0;
+ size_t len;
char *pos;
const char *tkn = desc;
@@ -826,13 +838,13 @@
len = pos - tkn;
len -= 5;
- free(arg->hostname);
- arg->hostname = strndup(tkn + 5, len);
- if (arg->hostname == NULL) {
- syslog(LOG_ERR, "Unable to allocate memory");
+ if (len > sizeof(arg->hostname)-1) {
+ syslog(LOG_ERR, "host= value too long for
buffer");
return 1;
}
- retval |= DKD_HAVE_HOSTNAME;
+ memset(arg->hostname, 0, sizeof(arg->hostname));
+ strncpy(arg->hostname, tkn + 5, len);
+ arg->have |= DKD_HAVE_HOSTNAME;
syslog(LOG_DEBUG, "host=%s", arg->hostname);
} else if (!strncmp(tkn, "ip4=", 4) || !strncmp(tkn, "ip6=",
4)) {
if (pos == NULL)
@@ -841,13 +853,13 @@
len = pos - tkn;
len -= 4;
- free(arg->ip);
- arg->ip = strndup(tkn + 4, len);
- if (arg->ip == NULL) {
- syslog(LOG_ERR, "Unable to allocate memory");
+ if (len > sizeof(arg->ip)-1) {
+ syslog(LOG_ERR, "ip[46]= value too long for
buffer");
return 1;
}
- retval |= DKD_HAVE_IP;
+ memset(arg->ip, 0, sizeof(arg->ip));
+ strncpy(arg->ip, tkn + 4, len);
+ arg->have |= DKD_HAVE_IP;
syslog(LOG_DEBUG, "ip=%s", arg->ip);
} else if (strncmp(tkn, "user=", 5) == 0) {
if (pos == NULL)
@@ -856,13 +868,13 @@
len = pos - tkn;
len -= 5;
- free(arg->username);
- arg->username = strndup(tkn + 5, len);
- if (arg->username == NULL) {
- syslog(LOG_ERR, "Unable to allocate memory");
+ if (len > sizeof(arg->username)-1) {
+ syslog(LOG_ERR, "user= value too long for
buffer");
return 1;
}
- retval |= DKD_HAVE_USERNAME;
+ memset(arg->username, 0, sizeof(arg->username));
+ strncpy(arg->username, tkn + 5, len);
+ arg->have |= DKD_HAVE_USERNAME;
syslog(LOG_DEBUG, "user=%s", arg->username);
} else if (strncmp(tkn, "pid=", 4) == 0) {
errno = 0;
@@ -873,13 +885,13 @@
return 1;
}
syslog(LOG_DEBUG, "pid=%u", arg->pid);
- retval |= DKD_HAVE_PID;
+ arg->have |= DKD_HAVE_PID;
} else if (strncmp(tkn, "sec=", 4) == 0) {
if (strncmp(tkn + 4, "krb5", 4) == 0) {
- retval |= DKD_HAVE_SEC;
+ arg->have |= DKD_HAVE_SEC;
arg->sec = KRB5;
} else if (strncmp(tkn + 4, "mskrb5", 6) == 0) {
- retval |= DKD_HAVE_SEC;
+ arg->have |= DKD_HAVE_SEC;
arg->sec = MS_KRB5;
}
syslog(LOG_DEBUG, "sec=%d", arg->sec);
@@ -891,7 +903,7 @@
strerror(errno));
return 1;
}
- retval |= DKD_HAVE_UID;
+ arg->have |= DKD_HAVE_UID;
syslog(LOG_DEBUG, "uid=%u", arg->uid);
} else if (strncmp(tkn, "creduid=", 8) == 0) {
errno = 0;
@@ -901,7 +913,7 @@
strerror(errno));
return 1;
}
- retval |= DKD_HAVE_CREDUID;
+ arg->have |= DKD_HAVE_CREDUID;
syslog(LOG_DEBUG, "creduid=%u", arg->creduid);
} else if (strncmp(tkn, "ver=", 4) == 0) { /* if version */
errno = 0;
@@ -911,14 +923,56 @@
strerror(errno));
return 1;
}
- retval |= DKD_HAVE_VERSION;
+ arg->have |= DKD_HAVE_VERSION;
syslog(LOG_DEBUG, "ver=%d", arg->ver);
}
if (pos == NULL)
break;
tkn = pos + 1;
} while (tkn);
- return retval;
+ return 0;
+}
+
+static unsigned int
+decode_key_description(const char *desc, struct decoded_args **arg)
+{
+ pid_t pid;
+ pid_t rc;
+ int status;
+
+ /*
+ * Do all the decoding/string processing in a child process
+ * with low privileges.
+ */
+
+ *arg = mmap(NULL, sizeof(struct decoded_args), PROT_READ | PROT_WRITE,
+ MAP_ANONYMOUS | MAP_SHARED, -1, 0);
+ if (*arg == MAP_FAILED) {
+ syslog(LOG_ERR, "%s: mmap failed: %s", __func__,
strerror(errno));
+ return -1;
+ }
+
+ pid = fork();
+ if (pid < 0) {
+ syslog(LOG_ERR, "%s: fork failed: %s", __func__,
strerror(errno));
+ munmap(*arg, sizeof(struct decoded_args));
+ *arg = NULL;
+ return -1;
+ }
+ if (pid == 0) {
+ /* do the parsing in child */
+ drop_all_capabilities();
+ exit(__decode_key_description(desc, *arg));
+ }
+
+ rc = waitpid(pid, &status, 0);
+ if (rc < 0 || !WIFEXITED(status) || WEXITSTATUS(status) != 0) {
+ munmap(*arg, sizeof(struct decoded_args));
+ *arg = NULL;
+ return 1;
+ }
+
+ return 0;
}
static int setup_key(const key_serial_t key, const void *data, size_t datalen)
@@ -1098,7 +1152,7 @@
bool try_dns = false, legacy_uid = false , env_probe = true;
char *buf;
char hostbuf[NI_MAXHOST], *host;
- struct decoded_args arg;
+ struct decoded_args *arg = NULL;
const char *oid;
uid_t uid;
char *keytab_name = NULL;
@@ -1109,7 +1163,6 @@
const char *key_descr = NULL;
hostbuf[0] = '\0';
- memset(&arg, 0, sizeof(arg));
openlog(prog, 0, LOG_DAEMON);
@@ -1150,9 +1203,6 @@
}
}
- if (trim_capabilities(env_probe))
- goto out;
-
/* is there a key? */
if (argc <= optind) {
usage();
@@ -1178,6 +1228,10 @@
syslog(LOG_DEBUG, "key description: %s", buf);
+ /*
+ * If we are requested a simple DNS query, do it and exit
+ */
+
if (strncmp(buf, "cifs.resolver", sizeof("cifs.resolver") - 1) == 0)
key_descr = ".cifs.resolver";
else if (strncmp(buf, "dns_resolver", sizeof("dns_resolver") - 1) == 0)
@@ -1187,33 +1241,42 @@
goto out;
}
- have = decode_key_description(buf, &arg);
+ /*
+ * Otherwise, it's a spnego key request
+ */
+
+ rc = decode_key_description(buf, &arg);
free(buf);
- if ((have & DKD_MUSTHAVE_SET) != DKD_MUSTHAVE_SET) {
+ if (rc) {
+ syslog(LOG_ERR, "failed to decode key description");
+ goto out;
+ }
+
+ if ((arg->have & DKD_MUSTHAVE_SET) != DKD_MUSTHAVE_SET) {
syslog(LOG_ERR, "unable to get necessary params from key "
"description (0x%x)", have);
rc = 1;
goto out;
}
- if (arg.ver > CIFS_SPNEGO_UPCALL_VERSION) {
+ if (arg->ver > CIFS_SPNEGO_UPCALL_VERSION) {
syslog(LOG_ERR, "incompatible kernel upcall version: 0x%x",
- arg.ver);
+ arg->ver);
rc = 1;
goto out;
}
- if (strlen(arg.hostname) >= NI_MAXHOST) {
+ if (strlen(arg->hostname) >= NI_MAXHOST) {
syslog(LOG_ERR, "hostname provided by kernel is too long");
rc = 1;
goto out;
}
- if (!legacy_uid && (have & DKD_HAVE_CREDUID))
- uid = arg.creduid;
- else if (have & DKD_HAVE_UID)
- uid = arg.uid;
+ if (!legacy_uid && (arg->have & DKD_HAVE_CREDUID))
+ uid = arg->creduid;
+ else if (arg->have & DKD_HAVE_UID)
+ uid = arg->uid;
else {
/* no uid= or creduid= parm -- something is wrong */
syslog(LOG_ERR, "No uid= or creduid= parm specified");
@@ -1222,6 +1285,21 @@
}
/*
+ * Change to the process's namespace. This means that things will work
+ * acceptably in containers, because we'll be looking at the correct
+ * filesystem and have the correct network configuration.
+ */
+ rc = switch_to_process_ns(arg->pid);
+ if (rc == -1) {
+ syslog(LOG_ERR, "unable to switch to process namespace: %s",
strerror(errno));
+ rc = 1;
+ goto out;
+ }
+
+ if (trim_capabilities(env_probe))
+ goto out;
+
+ /*
* The kernel doesn't pass down the gid, so we resort here to scraping
* one out of the passwd nss db. Note that this might not reflect the
* actual gid of the process that initiated the upcall. While we could
@@ -1266,20 +1344,7 @@
* look at the environ file.
*/
env_cachename =
- get_cachename_from_process_env(env_probe ? arg.pid : 0);
-
- /*
- * Change to the process's namespace. This means that things will work
- * acceptably in containers, because we'll be looking at the correct
- * filesystem and have the correct network configuration.
- */
- rc = switch_to_process_ns(arg.pid);
- if (rc == -1) {
- syslog(LOG_ERR, "unable to switch to process namespace: %s",
- strerror(errno));
- rc = 1;
- goto out;
- }
+ get_cachename_from_process_env(env_probe ? arg->pid : 0);
rc = setuid(uid);
if (rc == -1) {
@@ -1301,18 +1366,18 @@
ccache = get_existing_cc(env_cachename);
/* Couldn't find credcache? Try to use keytab */
- if (ccache == NULL && arg.username != NULL)
- ccache = init_cc_from_keytab(keytab_name, arg.username);
+ if (ccache == NULL && arg->username[0] != '\0')
+ ccache = init_cc_from_keytab(keytab_name, arg->username);
if (ccache == NULL) {
rc = 1;
goto out;
}
- host = arg.hostname;
+ host = arg->hostname;
// do mech specific authorization
- switch (arg.sec) {
+ switch (arg->sec) {
case MS_KRB5:
case KRB5:
/*
@@ -1328,7 +1393,7 @@
* TRY only:
* cifs/bar.example.com@REALM
*/
- if (arg.sec == MS_KRB5)
+ if (arg->sec == MS_KRB5)
oid = OID_KERBEROS5_OLD;
else
oid = OID_KERBEROS5;
@@ -1385,10 +1450,10 @@
break;
}
- if (!try_dns || !(have & DKD_HAVE_IP))
+ if (!try_dns || !(arg->have & DKD_HAVE_IP))
break;
- rc = ip_to_fqdn(arg.ip, hostbuf, sizeof(hostbuf));
+ rc = ip_to_fqdn(arg->ip, hostbuf, sizeof(hostbuf));
if (rc)
break;
@@ -1396,7 +1461,7 @@
host = hostbuf;
goto retry_new_hostname;
default:
- syslog(LOG_ERR, "sectype: %d is not implemented", arg.sec);
+ syslog(LOG_ERR, "sectype: %d is not implemented", arg->sec);
rc = 1;
break;
}
@@ -1414,7 +1479,7 @@
rc = 1;
goto out;
}
- keydata->version = arg.ver;
+ keydata->version = arg->ver;
keydata->flags = 0;
keydata->sesskey_len = sess_key.length;
keydata->secblob_len = secblob.length;
@@ -1440,11 +1505,10 @@
krb5_cc_close(context, ccache);
if (context)
krb5_free_context(context);
- free(arg.hostname);
- free(arg.ip);
- free(arg.username);
free(keydata);
free(env_cachename);
+ if (arg)
+ munmap(arg, sizeof(*arg));
syslog(LOG_DEBUG, "Exit status %ld", rc);
return rc;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cifs-utils-6.13/configure
new/cifs-utils-6.14/configure
--- old/cifs-utils-6.13/configure 2021-04-13 01:59:31.000000000 +0200
+++ new/cifs-utils-6.14/configure 2021-09-24 01:52:10.000000000 +0200
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for cifs-utils 6.13.
+# Generated by GNU Autoconf 2.69 for cifs-utils 6.14.
#
# Report bugs to <linux-c...@vger.kernel.org>.
#
@@ -580,8 +580,8 @@
# Identity of this package.
PACKAGE_NAME='cifs-utils'
PACKAGE_TARNAME='cifs-utils'
-PACKAGE_VERSION='6.13'
-PACKAGE_STRING='cifs-utils 6.13'
+PACKAGE_VERSION='6.14'
+PACKAGE_STRING='cifs-utils 6.14'
PACKAGE_BUGREPORT='linux-c...@vger.kernel.org'
PACKAGE_URL='https://wiki.samba.org/index.php/LinuxCIFS_utils'
@@ -1338,7 +1338,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures cifs-utils 6.13 to adapt to many kinds of systems.
+\`configure' configures cifs-utils 6.14 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1409,7 +1409,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of cifs-utils 6.13:";;
+ short | recursive ) echo "Configuration of cifs-utils 6.14:";;
esac
cat <<\_ACEOF
@@ -1537,7 +1537,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-cifs-utils configure 6.13
+cifs-utils configure 6.14
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2006,7 +2006,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by cifs-utils $as_me 6.13, which was
+It was created by cifs-utils $as_me 6.14, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@@ -2876,7 +2876,7 @@
# Define the identity of the package.
PACKAGE='cifs-utils'
- VERSION='6.13'
+ VERSION='6.14'
cat >>confdefs.h <<_ACEOF
@@ -6837,7 +6837,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by cifs-utils $as_me 6.13, which was
+This file was extended by cifs-utils $as_me 6.14, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -6904,7 +6904,7 @@
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //;
s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-cifs-utils config.status 6.13
+cifs-utils config.status 6.14
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cifs-utils-6.13/configure.ac
new/cifs-utils-6.14/configure.ac
--- old/cifs-utils-6.13/configure.ac 2021-04-13 01:34:48.000000000 +0200
+++ new/cifs-utils-6.14/configure.ac 2021-09-24 01:48:45.000000000 +0200
@@ -1,7 +1,7 @@
# -*- Autoconf -*-
# Process this file with autoconf to produce a configure script.
-AC_INIT([cifs-utils],[6.13],[linux-c...@vger.kernel.org],[cifs-utils],[https://wiki.samba.org/index.php/LinuxCIFS_utils])
+AC_INIT([cifs-utils],[6.14],[linux-c...@vger.kernel.org],[cifs-utils],[https://wiki.samba.org/index.php/LinuxCIFS_utils])
AC_CONFIG_SRCDIR([data_blob.h])
AC_CONFIG_HEADERS([config.h])
AC_CONFIG_FILES([Makefile contrib/Makefile contrib/request-key.d/Makefile])
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cifs-utils-6.13/mount.cifs.c
new/cifs-utils-6.14/mount.cifs.c
--- old/cifs-utils-6.13/mount.cifs.c 2021-04-13 01:34:48.000000000 +0200
+++ new/cifs-utils-6.14/mount.cifs.c 2021-09-24 01:48:45.000000000 +0200
@@ -1996,9 +1996,9 @@
*/
realuid = getuid();
if (realuid == 0) {
- dacrc = toggle_dac_capability(0, 1);
- if (dacrc)
- return dacrc;
+ rc = toggle_dac_capability(0, 1);
+ if (rc)
+ goto out;
} else {
oldfsuid = setfsuid(realuid);
oldfsgid = setfsgid(getgid());
@@ -2019,7 +2019,6 @@
rc = EX_SYSERR;
}
- *mountpointp = mountpoint;
restore_privs:
if (realuid == 0) {
dacrc = toggle_dac_capability(0, 0);
@@ -2030,9 +2029,13 @@
gid_t __attribute__((unused)) gignore = setfsgid(oldfsgid);
}
- if (rc)
+out:
+ if (rc) {
free(mountpoint);
+ mountpoint = NULL;
+ }
+ *mountpointp = mountpoint;
return rc;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cifs-utils-6.13/setcifsacl.c
new/cifs-utils-6.14/setcifsacl.c
--- old/cifs-utils-6.13/setcifsacl.c 2021-04-13 01:34:48.000000000 +0200
+++ new/cifs-utils-6.14/setcifsacl.c 2021-09-24 01:48:45.000000000 +0200
@@ -61,7 +61,8 @@
ActSetAcl,
ActSetOwner,
ActSetGroup,
- ActSetSacl
+ ActSetSacl,
+ ActAddReorder
};
static void *plugin_handle;
@@ -483,6 +484,87 @@
return 0;
}
+static struct cifs_ace **
+build_reorder_aces(struct cifs_ace **facesptr, int numfaces)
+{
+ struct cifs_ace *pace, **allowedacesptr, **deniedacesptr,
+ **allowedinhacesptr, **deniedinhacesptr,
**reorderacesptr;
+ int i, numallowedaces, numdeniedaces,
+ numallowedinhaces, numdeniedinhaces, numreorderaces;
+
+ allowedacesptr = calloc(numfaces, sizeof(struct cifs_aces *));
+ deniedacesptr = calloc(numfaces, sizeof(struct cifs_aces *));
+ allowedinhacesptr = calloc(numfaces, sizeof(struct cifs_aces *));
+ deniedinhacesptr = calloc(numfaces, sizeof(struct cifs_aces *));
+ reorderacesptr = calloc(numfaces, sizeof(struct cifs_aces *));
+
+ numallowedaces = 0;
+ numdeniedaces = 0;
+ numallowedinhaces = 0;
+ numdeniedinhaces = 0;
+ numreorderaces = 0;
+
+ for (i = 0; i < numfaces; i++) {
+ pace = facesptr[i];
+ if ((pace->type == ACCESS_DENIED) || (pace->type ==
ACCESS_DENIED_OBJECT)) {
+ if (!(pace->flags & INHERITED_ACE_FLAG)) {
+ deniedacesptr[numdeniedaces] =
malloc(sizeof(struct cifs_ace));
+ memcpy(deniedacesptr[numdeniedaces], pace,
sizeof(struct cifs_ace));
+ numdeniedaces++;
+ } else {
+ deniedinhacesptr[numdeniedinhaces] =
malloc(sizeof(struct cifs_ace));
+ memcpy(deniedinhacesptr[numdeniedinhaces],
pace, sizeof(struct cifs_ace));
+ numdeniedinhaces++;
+ }
+ } else if ((pace->type == ACCESS_ALLOWED) || (pace->type ==
ACCESS_ALLOWED_OBJECT)) {
+ if (!(pace->flags & INHERITED_ACE_FLAG)) {
+ allowedacesptr[numallowedaces] =
malloc(sizeof(struct cifs_ace));
+ memcpy(allowedacesptr[numallowedaces], pace,
sizeof(struct cifs_ace));
+ numallowedaces++;
+ } else {
+ allowedinhacesptr[numallowedinhaces] =
malloc(sizeof(struct cifs_ace));
+ memcpy(allowedinhacesptr[numallowedinhaces],
pace, sizeof(struct cifs_ace));
+ numallowedinhaces++;
+ }
+ }
+ }
+
+ for (i = 0; i < numdeniedaces; i++) {
+ reorderacesptr[numreorderaces] = malloc(sizeof(struct
cifs_ace));
+ memcpy(reorderacesptr[numreorderaces], deniedacesptr[i],
sizeof(struct cifs_ace));
+ numreorderaces++;
+ free(deniedacesptr[i]);
+ }
+
+ for (i = 0; i < numallowedaces; i++) {
+ reorderacesptr[numreorderaces] = malloc(sizeof(struct
cifs_ace));
+ memcpy(reorderacesptr[numreorderaces], allowedacesptr[i],
sizeof(struct cifs_ace));
+ numreorderaces++;
+ free(allowedacesptr[i]);
+ }
+
+ for (i = 0; i < numdeniedinhaces; i++) {
+ reorderacesptr[numreorderaces] = malloc(sizeof(struct
cifs_ace));
+ memcpy(reorderacesptr[numreorderaces], deniedinhacesptr[i],
sizeof(struct cifs_ace));
+ numreorderaces++;
+ free(deniedinhacesptr[i]);
+ }
+
+ for (i = 0; i < numallowedinhaces; i++) {
+ reorderacesptr[numreorderaces] = malloc(sizeof(struct
cifs_ace));
+ memcpy(reorderacesptr[numreorderaces], allowedinhacesptr[i],
sizeof(struct cifs_ace));
+ numreorderaces++;
+ free(allowedinhacesptr[i]);
+ }
+
+ free(deniedacesptr);
+ free(allowedacesptr);
+ free(deniedinhacesptr);
+ free(allowedinhacesptr);
+
+ return reorderacesptr;
+}
+
static int
ace_set(struct cifs_ntsd *pntsd, struct cifs_ntsd **npntsd, ssize_t *bufsize,
struct cifs_ace **cacesptr, int numcaces, ace_kinds ace_kind)
@@ -540,6 +622,35 @@
}
static int
+ace_add_reorder(struct cifs_ntsd *pntsd, struct cifs_ntsd **npntsd, ssize_t
*bufsize,
+ struct cifs_ace **facesptr, int numfaces,
+ struct cifs_ace **cacesptr, int numcaces,
+ ace_kinds ace_kind)
+{
+ struct cifs_ace **reorderacesptr, **totalacesptr;
+ int i, rc, numaces;
+
+ numaces = numfaces + numcaces;
+ totalacesptr = calloc(numaces, sizeof(struct cifs_aces *));
+
+ for (i = 0; i < numfaces; i++) {
+ totalacesptr[i] = facesptr[i];
+ }
+
+ for (i = numfaces; i < numaces; i++) {
+ totalacesptr[i] = cacesptr[i - numfaces];
+ }
+
+ reorderacesptr = build_reorder_aces(totalacesptr, numaces);
+ rc = ace_add(pntsd, npntsd, bufsize, reorderacesptr,
+ numaces, cacesptr, 0, ace_kind);
+
+ free(totalacesptr);
+ free(reorderacesptr);
+ return rc;
+}
+
+static int
ace_modify(struct cifs_ntsd *pntsd, struct cifs_ntsd **npntsd, ssize_t
*bufsize,
struct cifs_ace **facesptr, int numfaces,
struct cifs_ace **cacesptr, int numcaces,
@@ -1140,6 +1251,10 @@
rc = ace_set(pntsd, npntsd, bufsize, cacesptr, numcaces,
ace_kind);
break;
+ case ActAddReorder:
+ rc = ace_add_reorder(pntsd, npntsd, bufsize, facesptr,
+ numfaces, cacesptr, numcaces, ace_kind);
+ break;
default:
fprintf(stderr, "%s: Invalid action: %d\n", __func__, maction);
break;
@@ -1165,6 +1280,10 @@
fprintf(stderr,
"\tsetcifsacl -a \"ACL:Administrator:ALLOWED/0x0/FULL\" <file_name>\n");
fprintf(stderr, "\n");
+ fprintf(stderr, "\t-A Add ACE(s) and reorder, separated by a comma,
to an ACL\n");
+ fprintf(stderr,
+ "\tsetcifsacl -A \"ACL:Administrator:ALLOWED/0x0/FULL\" <file_name>\n");
+ fprintf(stderr, "\n");
fprintf(stderr,
"\t-D Delete ACE(s), separated by a comma, from an ACL\n");
fprintf(stderr,
@@ -1204,7 +1323,7 @@
char *attrname = ATTRNAME_ACL;
ace_kinds ace_kind = ACE_KIND_DACL;
- while ((c = getopt(argc, argv, "hvD:M:a:S:o:g:U")) != -1) {
+ while ((c = getopt(argc, argv, "hvD:M:a:A:S:o:g:U")) != -1) {
switch (c) {
case 'U':
ace_kind = ACE_KIND_SACL;
@@ -1222,6 +1341,10 @@
maction = ActAdd;
ace_list = optarg;
break;
+ case 'A':
+ maction = ActAddReorder;
+ ace_list = optarg;
+ break;
case 'S':
maction = ActSetAcl;
ace_list = optarg;
@@ -1374,7 +1497,7 @@
numfaces = get_numfaces((struct cifs_ntsd *)attrval, attrlen,
&aclptr, ace_kind);
- if (!numfaces && maction != ActAdd) {
+ if (!numfaces && (maction != ActAdd || maction !=
ActAddReorder)) {
/* if we are not adding aces */
fprintf(stderr, "%s: Empty DACL\n", __func__);
goto setcifsacl_facenum_ret;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cifs-utils-6.13/setcifsacl.rst.in
new/cifs-utils-6.14/setcifsacl.rst.in
--- old/cifs-utils-6.13/setcifsacl.rst.in 2021-04-13 01:34:48.000000000
+0200
+++ new/cifs-utils-6.14/setcifsacl.rst.in 2021-09-24 01:48:45.000000000
+0200
@@ -11,7 +11,7 @@
SYNOPSIS
********
- setcifsacl [-v|-U|-a|-D|-M|-S|-o|-g] "{one or more ACEs or a SID}" {file
system object}
+ setcifsacl [-v|-U|-a|-A|-D|-M|-S|-o|-g] "{one or more ACEs or a SID}" {file
system object}
***********
DESCRIPTION
@@ -46,6 +46,12 @@
Add one or more ACEs to an ACL of a security descriptor. An ACE is
added even if the same ACE exists in the ACL.
+-A
+ Add one or more ACEs to the ACL of a security descriptor, while maintaining
+ the preferred order of the ACEs.
+ The preferred order of ACEs are described in the following documentation:
+
https://docs.microsoft.com/en-us/windows/win32/secauthz/order-of-aces-in-a-dacl
+
-D
Delete one or more ACEs from an ACL of a security descriptor. Entire
ACE has to match in an existing ACL for the listed ACEs to be deleted.
@@ -100,6 +106,18 @@
setcifsacl -U -a "ACL:CIFSTESTDOM\\user1:AUDIT/SA/D" <file_name>
+Add an ACE and reorder ACL
+==========================
+
+ setcifsacl -A "ACL:CIFSTESTDOM\user3:ALLOWED/OI/FULL" <file_name>
+ setcifsacl -A "ACL:CIFSTESTDOM\user2:DENIED/0x1/D" <file_name>
+ setcifsacl -A "ACL:CIFSTESTDOM\user1:ALLOWED/OI|CI|NI/D" <file_name>
+
+ After setting above mentioned ACEs, below is output of getcifsacl:
+ ACL:CIFSTESTDOM\user2:DENIED/0x1/D
+ ACL:CIFSTESTDOM\user3:ALLOWED/OI/FULL
+ ACL:CIFSTESTDOM\user1:ALLOWED/OI|CI|NI/D
+
Delete an ACE
=============
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cifs-utils-6.13/smbinfo new/cifs-utils-6.14/smbinfo
--- old/cifs-utils-6.13/smbinfo 2021-04-13 01:34:48.000000000 +0200
+++ new/cifs-utils-6.14/smbinfo 2021-09-24 01:48:45.000000000 +0200
@@ -34,6 +34,7 @@
CIFS_QUERY_INFO = 0xc018cf07
CIFS_ENUMERATE_SNAPSHOTS = 0x800ccf06
CIFS_DUMP_KEY = 0xc03acf08
+CIFS_DUMP_FULL_KEY = 0xc011cf0a
# large enough input buffer length
INPUT_BUFFER_LENGTH = 16384
@@ -192,9 +193,11 @@
]
CIPHER_TYPES = [
- (0x00, "SMB3.0 CCM encryption"),
- (0x01, "CCM encryption"),
- (0x02, "GCM encryption"),
+ (0x00, "AES-128-CCM"),
+ (0x01, "AES-128-CCM"),
+ (0x02, "AES-128-GCM"),
+ (0x03, "AES-256-CCM"),
+ (0x04, "AES-256-GCM"),
]
def main():
@@ -253,6 +256,10 @@
sap.add_argument("file")
sap.set_defaults(func=cmd_filestandardinfo)
+ sap = subp.add_parser("filestreaminfo", help="Prints FileStreamInfo for a
cifs file")
+ sap.add_argument("file")
+ sap.set_defaults(func=cmd_filestreaminfo)
+
sap = subp.add_parser("fsctl-getobjid", help="Prints the objectid of the
file and GUID of the underlying volume.")
sap.add_argument("file")
sap.set_defaults(func=cmd_fsctl_getobjid)
@@ -753,40 +760,121 @@
print(ace)
off_dacl += ace.size
+def cmd_filestreaminfo(args):
+ qi = QueryInfoStruct(info_type=0x1, file_info_class=22,
input_buffer_length=INPUT_BUFFER_LENGTH)
+ try:
+ fd = os.open(args.file, os.O_RDONLY)
+ info = os.fstat(fd)
+ buf = qi.ioctl(fd)
+ except Exception as e:
+ print("syscall failed: %s"%e)
+ return False
+
+ print_filestreaminfo(buf)
+
+def print_filestreaminfo(buf):
+ offset = 0
+
+ while offset < len(buf):
+
+ next_offset = struct.unpack_from('<I', buf, offset + 0)[0]
+ name_length = struct.unpack_from('<I', buf, offset + 4)[0]
+ if (name_length > 0):
+ stream_size = struct.unpack_from('<q', buf, offset + 8)[0]
+ stream_alloc_size = struct.unpack_from('<q', buf, offset + 16)[0]
+ stream_utf16le_name = struct.unpack_from('< %ss'% name_length,
buf, offset + 24)[0]
+ stream_name = stream_utf16le_name.decode("utf-16le")
+ if (offset > 0):
+ print()
+ if (stream_name=="::$DATA"):
+ print("Name: %s"% stream_name)
+ else:
+ print("Name: %s"% stream_name[stream_name.find(":") + 1 :
stream_name.rfind(':$DATA')])
+ print("Size: %d bytes"% stream_size)
+ print("Allocation size: %d bytes "% stream_alloc_size)
+
+ if (next_offset == 0):
+ break
+
+ offset+=next_offset
class KeyDebugInfoStruct:
def __init__(self):
self.suid = bytearray()
self.cipher = 0
- self.auth_key = bytearray()
+ self.session_key = bytearray()
self.enc_key = bytearray()
self.dec_key = bytearray()
def ioctl(self, fd):
buf = bytearray()
buf.extend(struct.pack("= 8s H 16s 16s 16s", self.suid, self.cipher,
- self.auth_key, self.enc_key, self.dec_key))
+ self.session_key, self.enc_key, self.dec_key))
fcntl.ioctl(fd, CIFS_DUMP_KEY, buf, True)
- (self.suid, self.cipher, self.auth_key,
+ (self.suid, self.cipher, self.session_key,
self.enc_key, self.dec_key) = struct.unpack_from('= 8s H 16s 16s
16s', buf, 0)
+class FullKeyDebugInfoStruct:
+ def __init__(self):
+ # lets pick something large to be future proof
+ # 17 + 3*32 would be strict minimum as of linux 5.13
+ self.in_size = 1024
+ self.suid = bytearray()
+ self.cipher = 0
+ self.session_key_len = 0
+ self.server_in_key_len = 0
+ self.server_out_key_len = 0
+
+ def ioctl(self, fd):
+ fmt = "= I 8s H B B B"
+ size = struct.calcsize(fmt)
+ buf = bytearray()
+ buf.extend(struct.pack(fmt, self.in_size, self.suid, self.cipher,
+ self.session_key_len, self.server_in_key_len,
self.server_out_key_len))
+ buf.extend(bytearray(self.in_size-size))
+ fcntl.ioctl(fd, CIFS_DUMP_FULL_KEY, buf, True)
+ (self.in_size, self.suid, self.cipher,
+ self.session_key_len, self.server_in_key_len,
+ self.server_out_key_len) = struct.unpack_from(fmt, buf, 0)
+
+ end = size
+ self.session_key = buf[end:end+self.session_key_len]
+ end += self.session_key_len
+ self.server_in_key = buf[end:end+self.server_in_key_len]
+ end += self.server_in_key_len
+ self.server_out_key = buf[end:end+self.server_out_key_len]
+
def bytes_to_hex(buf):
return " ".join(["%02x"%x for x in buf])
def cmd_keys(args):
- kd = KeyDebugInfoStruct()
+ fd = os.open(args.file, os.O_RDONLY)
+ kd = FullKeyDebugInfoStruct()
+
try:
- fd = os.open(args.file, os.O_RDONLY)
+ # try new call first
kd.ioctl(fd)
except Exception as e:
- print("syscall failed: %s"%e)
- return False
-
- print("Session Id: %s"%bytes_to_hex(kd.suid))
- print("Cipher: %s"%type_to_str(kd.cipher, CIPHER_TYPES, verbose=True))
- print("Session Key: %s"%bytes_to_hex(kd.auth_key))
- print("Encryption key: %s"%bytes_to_hex(kd.enc_key))
- print("Decryption key: %s"%bytes_to_hex(kd.dec_key))
+ # new failed, try old call
+ kd = KeyDebugInfoStruct()
+ try:
+ kd.ioctl(fd)
+ except Exception as e:
+ # both new and old call failed
+ print("syscall failed: %s"%e)
+ return False
+ print("Session Id: %s"%bytes_to_hex(kd.suid))
+ print("Cipher: %s"%type_to_str(kd.cipher, CIPHER_TYPES, verbose=True))
+ print("Session Key: %s"%bytes_to_hex(kd.session_key))
+ print("Encryption key: %s"%bytes_to_hex(kd.enc_key))
+ print("Decryption key: %s"%bytes_to_hex(kd.dec_key))
+ else:
+ # no exception, new call succeeded
+ print("Session Id: %s"%bytes_to_hex(kd.suid))
+ print("Cipher: %s"%type_to_str(kd.cipher, CIPHER_TYPES, verbose=True))
+ print("Session Key: %s"%bytes_to_hex(kd.session_key))
+ print("ServerIn Key: %s"%bytes_to_hex(kd.server_in_key))
+ print("ServerOut key: %s"%bytes_to_hex(kd.server_out_key))
if __name__ == '__main__':
main()
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cifs-utils-6.13/smbinfo.rst
new/cifs-utils-6.14/smbinfo.rst
--- old/cifs-utils-6.13/smbinfo.rst 2021-04-13 01:34:48.000000000 +0200
+++ new/cifs-utils-6.14/smbinfo.rst 2021-09-24 01:48:45.000000000 +0200
@@ -65,6 +65,8 @@
`filestandardinfo`: Prints the FileStandardInformation class
+`filestreaminfo`: Prints the FileStreamInformation class
+
`fsctl-getobjid`: Prints the ObjectID
`getcompression`: Prints the compression setting for the file.
++++++ fix-sbin-install-error.patch ++++++
--- /var/tmp/diff_new_pack.O9vnEO/_old 2022-01-22 08:18:00.830972618 +0100
+++ /var/tmp/diff_new_pack.O9vnEO/_new 2022-01-22 08:18:00.830972618 +0100
@@ -1,7 +1,5 @@
-Index: cifs-utils-6.12/Makefile.am
-===================================================================
---- cifs-utils-6.12.orig/Makefile.am
-+++ cifs-utils-6.12/Makefile.am
+--- a/Makefile.am
++++ b/Makefile.am
@@ -118,7 +118,7 @@ endif
SUBDIRS = contrib
