[Samba] ANNOUNCE: cifs-utils release 5.6 is ready for download
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Time for another cifs-utils release!
Nothing terribly earth shattering here. Some distros (like Fedora) are
moving krb5 credcaches out of /tmp by default. Users of these distros
will definitely want to upgrade.
Highlights:
* Fixes for mounting with '/' in usernames with sec=krb5
* Support for DIR: type krb5 ccaches
* support for nofail option in mount.cifs
webpage:https://wiki.samba.org/index.php/LinuxCIFS_utils
tarball:ftp://ftp.samba.org/pub/linux-cifs/cifs-utils/
git:git://git.samba.org/cifs-utils.git
gitweb: http://git.samba.org/?p=cifs-utils.git;a=summary
Detailed list of changes since 5.6:
commit 692842e34c1f2fcc84b6b64136f5e28dd7062f46
Author: Jeff Layton jlay...@samba.org
Date: Tue Aug 7 11:06:41 2012 -0400
autoconf: set version to 5.6.1 for interim builds
Signed-off-by: Jeff Layton jlay...@samba.org
commit 569cfcb3a467dfdf967a36ed6f7896559edab2ba
Author: Jeff Layton jlay...@samba.org
Date: Tue Aug 7 11:11:26 2012 -0400
mount.cifs: deprecate the DOMAIN/username%password username syntax
mount.cifs has in the past allowed users to specify a username using
the above syntax, which would populate the domain and password fields
with the different pieces.
Unfortunately, there are cases where it is legit to have a '/' in a
username. krb5 SPNs generally contain a '/' and we have no clear way
to distinguish between the two.
I don't see any real value in keeping that syntax allowed. It's no
easier than specifying pass= and domain= on the command line. Ditto
for credential files.
Begin the transition away from that syntax by adding a warning message
that support for it will be removed in 5.9.
Signed-off-by: Jeff Layton jlay...@samba.org
commit 3a965467611637ca05bcd55460ff69fec6ad8be7
Author: Jeff Layton jlay...@samba.org
Date: Tue Aug 7 11:52:15 2012 -0400
mount.cifs: handle username= differently depending on sec= option
This patch is intended as a temporary workaround for krb5 users that need
to specify usernames with '/' in them. I intend to remove this hack from
mount.cifs once the legacy username handling code is removed.
The idea here is to save off the raw username string while we're parsing
options. If the mount options specify sec=krb5 or sec=krb5i then
we'll not do the legacy username parsing and will instead just pass in
the username string as-is.
Obviously, this is a nasty hack and we don't really want to carry this
in perpetuity, so this can go away once the legacy username parsing
has gone away.
Signed-off-by: Jeff Layton jlay...@samba.org
commit 377898e63a8689b0e8c5c656ce9cfa98223cf74b
Author: Jeff Layton jlay...@samba.org
Date: Tue Aug 21 15:18:54 2012 -0400
cifs-utils: fix up references to getcifsacl and setcifsacl files
When I moved the manpages for this to section 1, I missed some references
to them. Also, get rid of the unneeded clean-local-aclprogs makefile target.
Signed-off-by: Jeff Layton jlay...@samba.org
commit d006986221b7f1aad50e894851dc573650b7611c
Author: Nalin Dahyabhai na...@redhat.com
Date: Thu Aug 23 11:14:45 2012 -0400
cifs.upcall: also consider DIR:-type ccaches
If we encounter a subdirectory while scanning a directory for a user's
ccache, check if it's a DIR ccache. Otherwise, continue as before,
checking if it's a FILE ccache if it looks like a regular file.
commit ca0894e40480a9115c6bad670149b075646ead2c
Author: Nalin Dahyabhai na...@redhat.com
Date: Thu Aug 23 11:14:56 2012 -0400
cifs.upcall: scan /run/user/${UID} for ccaches, too
When scanning for credential caches, check the user's directory under
/run/user first, then fall back to /tmp as we have previously. Because
we now call find_krb5_cc() twice (once for each directory), we move its
state to be outside of the function. We also add a substitution
mechanism to make the process of resolving the location of the user's
home directory before searching it a bit more explicable.
commit 72bce53289d939c3539b7d3cb957b748a4b1d2ec
Author: Jeff Layton jlay...@samba.org
Date: Thu Aug 23 07:46:40 2012 -0400
cifs.upcall: use strncmp in scandir filter function
We want to require that the filename begins with the correct string,
not just that it contains it somewhere.
Signed-off-by: Jeff Layton jlay...@samba.org
commit a0bf123541ec6fd53948f41f17c9dba5d6a43648
Author: Jeff Layton jlay...@samba.org
Date: Thu Aug 23 10:18:02 2012 -0400
mount.cifs: silence compiler warnings about ignoring return code
In this case we explicitly don't care what these functions return, so
declare a couple of unused variables to catch the results.
Signed-off-by: Jeff Layton jlay...@samba.org
commit 82f93c44343f281ce61f547ff8f9e5f79945cb20
Author: Jeff Layton
[Samba] ANNOUNCE: cifs-utils release 5.6 is ready for download
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Time for another cifs-utils release! Highlights: * binaries are now built by default with PIE and RELRO support for better protection against exploits * better debugging and warnings for cifs.upcall and cifscreds * better integration with systemd by having mount.cifs use systemd-ask-password if it's appropriate and available webpage:https://wiki.samba.org/index.php/LinuxCIFS_utils tarball:ftp://ftp.samba.org/pub/linux-cifs/cifs-utils/ git:git://git.samba.org/cifs-utils.git gitweb: http://git.samba.org/?p=cifs-utils.git;a=summary Detailed list of changes since 5.5: commit df561d40947e0b520deb48e1a4749afe9787949a Author: Jeff Layton jlay...@samba.org Date: Fri Jun 1 13:56:21 2012 -0400 autoconf: set version to 5.5.1 for interim builds Signed-off-by: Jeff Layton jlay...@samba.org commit 74edf24d9780900f3ce15d2403c6e331b031d454 Author: Jeff Layton jlay...@samba.org Date: Thu Jun 14 10:59:18 2012 -0400 automake: revert -Werror by default I think in hindsight, that adding -Werror by default was a mistake. cifs-utils is built in a wide range of environments and tools, and it's very difficult to eliminate all of the possible warnings. Let's go ahead and remove it and reduce the steady trickle of patches that are simply to silence obscure warnings. Cc: Suresh Jayaraman sjayara...@suse.com Signed-off-by: Jeff Layton jlay...@samba.org commit 0eb3daa4b17ee64b464594f1a5d413ecb364957c Author: Jeff Layton jlay...@samba.org Date: Thu Jun 14 10:59:18 2012 -0400 mount.cifs: set rc to 0 in libcap toggle_dac_capability Thus spake Jochen: The mount.cifs program from the cifs-utils package 5.5 did not work on my Linux system. It just exited without an error message and did not mount anything. [...] I think, when this variable rc is now used in this function, it has also to be properly initialized there. Reported-by: Jochen Roderburg roderb...@uni-koeln.de Signed-off-by: Jeff Layton jlay...@samba.org commit b7bea5254443cb121b0cf03a64b123b85d7f9fbb Author: Jeff Layton jlay...@samba.org Date: Thu Jun 14 11:05:43 2012 -0400 cifs.upcall: more debug logging for krb5 upcalls While helping to track down a configuration problem, I found this little bit of extra debug logging to be helpful. Might as well make it part of the stock binary. Signed-off-by: Jeff Layton jlay...@samba.org commit a8611e25d44211cd57a91dce4fe7d7a7ad7534d4 Author: Jeff Layton jlay...@samba.org Date: Fri Jul 6 11:48:18 2012 -0400 replace: remove bzero() redefinition from replace.h I borrowed replace.h from samba when I split off the package, and we have a ton of definitions in there that we don't really need. This is one of them and it causes a warning when we build on RHEL5. Reported-by: Andreas Schneider a...@samba.org Signed-off-by: Jeff Layton jlay...@samba.org commit 233e17db8ef7edba1fea660e076a03a56b0117d2 Author: Jeff Layton jlay...@samba.org Date: Mon Jul 9 14:12:33 2012 -0400 autoconf: add --enable-pie and --enable-relro -pie and -fpie enable the building of position-independent executables, and -Wl,-z,relro turns on read-only relocation support in gcc. These options are important for security purposes to guard against possible buffer overflows that lead to exploits. Follow the example of samba here and enable these by default, but add configure options that allow people to turn them off at build-time if necessary. We may also want to eventually add checks to ensure that the compiler and linker understand these options, but I'll wait until we have some evidence that it's needed before I expend the effort. Reported-by: Andreas Schneider a...@samba.org Signed-off-by: Jeff Layton jlay...@samba.org commit ced19dedc0fa7b36087b8eaeef6a6a9dc76aa55e Author: Andreas Schneider a...@cryptomilk.org Date: Mon Jul 9 22:21:04 2012 -0400 autoconf: Fix building with autoconf version older than 2.60. AC_PROG_SED is only avaliable in recent autoconf versions. Use AC_CHECK_PROG instead if AC_PROG_SED is not present. Signed-off-by: Andreas Schneider a...@cryptomilk.org commit 4e264031d0da7d3f2a287337e86b623e814f5c56 Author: Ankit Jain jan...@suse.de Date: Wed Jul 18 06:47:07 2012 -0400 mount.cifs: Use systemd's mechanism for getting password, if present. If systemd is running and /bin/systemd-ask-password if available, then use that else fallback on getpass(..). And add a --enable-systemd configure option, which defaults to yes. Signed-off-by: Ankit Jain jan...@suse.com commit 877701f3cc23df3cb2a293c060bdbf05a87bff6a Author: Luk Claes l...@debian.org Date: Thu Jul 19 09:27:01 2012 -0400 mount.cifs: Use errno instead of having unknown error
