-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Time for another cifs-utils release! Most of the patches in this release are for cifs.idmap, getcifsacl and setcifsacl. There were many bugs in those tools, so anyone that's deploying or using them is highly encouraged to upgrade. Highlights: * NFS-style device names are being deprecated in 6.0. Anyone using that sort of device name should move to the UNC-style syntax that the manpage has always documented. * Many bugs in cifs.idmap, getcifsacl and setcifsacl have been fixed. These tools should also be more efficient now and work correctly on big-endian architectures. webpage: https://wiki.samba.org/index.php/LinuxCIFS_utils tarball: ftp://ftp.samba.org/pub/linux-cifs/cifs-utils/ git: git://git.samba.org/cifs-utils.git gitweb: http://git.samba.org/?p=cifs-utils.git;a=summary Detailed list of changes since 5.8: commit 819018e34696b0fb9bf1b386304b5dce39ae0e6d Author: Jeff Layton <jlayton@xxxxxxxxx> Date: Fri Oct 12 13:28:37 2012 -0400 autoconf: set release to 5.7.1 for interim builds Signed-off-by: Jeff Layton <jlayton@xxxxxxxxx> commit 679fbebb5a656b4eb1a8988fb0d8697a5f919794 Author: Scott Lovenberg <scott.lovenberg@xxxxxxxxx> Date: Tue Oct 23 15:37:03 2012 -0400 mount.cifs: add warning that NFS syntax is deprecated and will be removed in cifs-utils-6.0. [jlayton: Added newline to end of warning] Signed-off-by: Scott Lovenberg <scott.lovenberg@xxxxxxxxx> commit 60bca663f94e27436ed1afe1e673a8afa3342e1d Author: Jeff Layton <jlayton@xxxxxxxxx> Date: Mon Oct 29 15:45:37 2012 -0400 cifs.idmap: make sure cifsacl structs are packed The kernel equivalent definitions are defined with __attribute__((packed)), and the code seems to assume the userspace and kernel ones will be properly aligned. Fix the userspace definitions in a similar fashion. Given the way these structs are, there is probably not any padding between fields on most arches, but it's best to be safe here. Reviewed-by: Shirish Pargaonkar <shirishpargaonkar@xxxxxxxxx> Signed-off-by: Jeff Layton <jlayton@xxxxxxxxx> commit 1a0523fbc469e34560bec0f06ce4622bb7db7b04 Author: Jeff Layton <jlayton@xxxxxxxxx> Date: Mon Oct 29 15:45:37 2012 -0400 cifs.idmap: get rid of useless strcmp prior to idmapping The code copies off the key description and then ensures that it's prefixed with "cifs.idmap". What's the point of that? Presumably request-key would never have called this otherwise. There's little harm in going ahead and doing the idmapping if this is called with the wrong string. Also, the error handling here is wrong. If the prefix doesn't match the code will exit 0 without doing any mapping. Just remove it. Reviewed-by: Shirish Pargaonkar <shirishpargaonkar@xxxxxxxxx> Signed-off-by: Jeff Layton <jlayton@xxxxxxxxx> commit d9b876bc5b047682854123aed082c1004b995b69 Author: Jeff Layton <jlayton@xxxxxxxxx> Date: Mon Oct 29 15:45:37 2012 -0400 cifs.idmap: add an options struct to handle long options ...since the manpage advertises them. Reviewed-by: Shirish Pargaonkar <shirishpargaonkar@xxxxxxxxx> Signed-off-by: Jeff Layton <jlayton@xxxxxxxxx> commit 035f69a9b5fe3c72df73bbbda2d7e570891f971e Author: Jeff Layton <jlayton@xxxxxxxxx> Date: Mon Oct 29 15:45:37 2012 -0400 cifs.idmap: clean up strget and avoid memory allocation Don't do a strlen() call if strstr() isn't going to match anyway. There's no need to duplicate the string here. None of the callers modify it, so just return a pointer into the original string. Reviewed-by: Shirish Pargaonkar <shirishpargaonkar@xxxxxxxxx> Signed-off-by: Jeff Layton <jlayton@xxxxxxxxx> commit 803feff6aa66c0bb0f0a703eb2404477889a56d5 Author: Jeff Layton <jlayton@xxxxxxxxx> Date: Mon Oct 29 15:45:37 2012 -0400 cifs.idmap: don't use atoi to convert unsigned int to number atoi() is for signed integers, and is deprecated in any case. Use strtoul() instead and check the result carefully before using it. Also add a log message when the string(s) can't be converted and fix the signedness of the types in other log messages. Reviewed-by: Shirish Pargaonkar <shirishpargaonkar@xxxxxxxxx> Signed-off-by: Jeff Layton <jlayton@xxxxxxxxx> commit 0454be8978815b90baae7652b0717d0c0696e295 Author: Jeff Layton <jlayton@xxxxxxxxx> Date: Mon Oct 29 15:45:37 2012 -0400 cifs.idmap: set a timeout on keys that it instantiates ...and add a command-line option to allow the admin to tune that value. I think this is a better way to handle this instead of trying to set the timeouts in kernel space. Reviewed-by: Shirish Pargaonkar <shirishpargaonkar@xxxxxxxxx> Signed-off-by: Jeff Layton <jlayton@xxxxxxxxx> commit c49a6767051979368eea1087c9724a2c2994bd56 Author: Jeff Layton <jlayton@xxxxxxxxx> Date: Mon Oct 29 15:45:37 2012 -0400 cifs.idmap: add a --help option for cifs.idmap To make it print the usage message and exit. Reviewed-by: Shirish Pargaonkar <shirishpargaonkar@xxxxxxxxx> Signed-off-by: Jeff Layton <jlayton@xxxxxxxxx> commit f0269e2a0efacf5299b123801d9ec49695ed30b6 Author: Jeff Layton <jlayton@xxxxxxxxx> Date: Mon Oct 29 16:04:11 2012 -0400 setcifsacl: clean up sizing of cifs_sid The max number of subauthorities on windows and in winbind is generally 15, not 5. If winbind sends more than 5, then this code may end up overrunning the buffer. Also, define some preprocessor constants and use those instead of hardcoding '5' and '6' all over the place. Signed-off-by: Jeff Layton <jlayton@xxxxxxxxx> commit c8cd10850eeac03dc21679c19859d5e2fd3d861f Author: Jeff Layton <jlayton@xxxxxxxxx> Date: Wed Nov 7 10:19:14 2012 -0500 setcifsacl: fix overrun of subauths array when copying SIDs copy_sec_desc() copies the owner and group SIDs from one security descriptor to another. Unfortunately, it doesn't take into account the fact that these are variable length and routinely overruns the SID structure when doing this copy and scribbles over the destination ACL. This wasn't noticed before the change in the maximum number of subauths because the code either overwrote the damage afterward, or the overrun part was the same between source and destination anyway. Now that the max number of subauths is 15, it's more noticable. Fix it to only copy the number of subauths that claimed in the buffer instead. Signed-off-by: Jeff Layton <jlayton@xxxxxxxxx> commit 30fabc23eb74ec9de69fb0f0331815970aa9bf12 Author: Jeff Layton <jlayton@xxxxxxxxx> Date: Wed Nov 7 10:19:15 2012 -0500 setcifsacl: clean up get_numfaces pntsd is never NULL here, and get rid of extra "else" that adds some unneeded indentation. Signed-off-by: Jeff Layton <jlayton@xxxxxxxxx> commit 1b2b1ab1084b1fbae324c8461a515b6851167e06 Author: Jeff Layton <jlayton@xxxxxxxxx> Date: Wed Nov 7 10:19:15 2012 -0500 get/setcifsacl: set "prog" via basename(argv[0]) This saves a tiny bit of memory, and doesn't make the program assume that the binary is named something in particular. Signed-off-by: Jeff Layton <jlayton@xxxxxxxxx> commit b578467bf04f0290ab3bcaa82ef007d9f39f186b Author: Jeff Layton <jlayton@xxxxxxxxx> Date: Wed Nov 7 10:19:15 2012 -0500 setcifsacl: declare an enum for the action values ...instead of relying on magic values of an int. Signed-off-by: Jeff Layton <jlayton@xxxxxxxxx> commit 7b3796695ec4b2afe2feb05678be8f8a6b64044c Author: Jeff Layton <jlayton@xxxxxxxxx> Date: Wed Nov 7 10:19:15 2012 -0500 setcifsacl: fix up getopt() usage '?' has a special meaning in getopt(). It means that the option character was not recognized. You can override that behavior by making ':' the first character of the optstring, but that wasn't done here. I'm not sure what the effect of having '?' in the actual optstring is in this case, but it's probably best not to put it in there. Remove '?' from the optstring and replace it 'h'. Also add '-h' as a valid option to the manpage. '-v' doesn't require an argument, so fix the optstring to reflect that. Finally declare a new variable to hold optarg. Currently we only call getopt() once, which is a little odd. Eventually we may want to make it call it more than once, in which case we'll need some way to store the optarg on each pass. Signed-off-by: Jeff Layton <jlayton@xxxxxxxxx> commit 49d24798aec743f7acee76d7c9953cd2501f78d8 Author: Jeff Layton <jlayton@xxxxxxxxx> Date: Wed Nov 7 10:19:16 2012 -0500 cifsacl: header file cleanup Remove the unused ace_action enum, and express mask values by or'ing what they represent. Add a comment about the endianness of these values in the packed structs too. Signed-off-by: Jeff Layton <jlayton@xxxxxxxxx> commit 78a2a8b9c6b5ce040122f87e6000636ca8574544 Author: Jeff Layton <jlayton@xxxxxxxxx> Date: Wed Nov 7 10:19:16 2012 -0500 setcifsacl: fix endianness on SIDs provided by winbind routines Winbind keeps SID fields in host-endian format, but setcifsacl doesn't currently account for that. Make sure that when we get a valid SID from wbc that we convert the subauth fields to little-endian, which the server will expect. The other fields are single bytes and don't need conversion. Signed-off-by: Jeff Layton <jlayton@xxxxxxxxx> commit 47400ee5dcdda7e7b77b536f4befb5c04c1c5144 Author: Jeff Layton <jlayton@xxxxxxxxx> Date: Wed Nov 7 10:19:16 2012 -0500 cifs.idmap: fix endianness on SIDs before sending to kernel Winbind keeps wbcDomainSids in host-endian format. They must be converted to little-endian before we can ship them off to the kernel. Signed-off-by: Jeff Layton <jlayton@xxxxxxxxx> commit b07c3d72ff27e1818e3c1a38466d027d04a54e04 Author: Jeff Layton <jlayton@xxxxxxxxx> Date: Wed Nov 7 10:19:16 2012 -0500 setcifsacl: fix up endianness conversions Don't use htole32 when you really want le32toh. Also, when copying or comparing ACEs, it's incorrect to convert the endianness of these fields. Let's just keep things simple and declare that multibyte fields in all of these structs are always kept in little-endian. Signed-off-by: Jeff Layton <jlayton@xxxxxxxxx> commit 6575515e37363b0db04ed13e7d627ef1a7c36ede Author: Jeff Layton <jlayton@xxxxxxxxx> Date: Wed Nov 7 10:19:17 2012 -0500 setcifsacl: clean up get_numcaces No need to walk the string twice or to hand-roll our own version of strchr(). Also, move the check for no argument out into main(). Signed-off-by: Jeff Layton <jlayton@xxxxxxxxx> commit e2bfd38719c05c2d04579adda5f089755c79eba0 Author: Jeff Layton <jlayton@xxxxxxxxx> Date: Wed Nov 7 10:19:17 2012 -0500 setcifsacl: clean up parse_cmdline_aces One of the reasons to use "goto" in an error condition is to eliminate unnecessary indentation. Fix that here by revering some error checks end getting rid of some unneeded "else" cases. After using strstr() to find "ACL:", there's no need to then use strchr() to find ':'. We know where it is -- it's 3 bytes past the current position. Finally, there's no need to copy these strings into new buffers, just set the pointers in the array to their original values. Signed-off-by: Jeff Layton <jlayton@xxxxxxxxx> commit 5ba83a1f28d8feb0110a129fa24b8749016f2be7 Author: Jeff Layton <jlayton@xxxxxxxxx> Date: Wed Nov 7 10:19:17 2012 -0500 setcifsacl: fix verify_ace_sid The current method of trying to convert a name to a password struct and then back to a SID is just weird. It also doesn't seem to work correctly. Instead, look for a '\\' in the string. If there isn't one then try to convert it directly to a SID. If there is a '\\' or the direct-to-SID conversion didn't work, then use wbcLookupName to do the conversion directly to a SID instead. Also, fix the error handling. These routines return a wbcErr, so we should use their macros to check whether it worked or not. Signed-off-by: Jeff Layton <jlayton@xxxxxxxxx> commit 034a4baa9f3d496a19dbe3eb46d51cf8ef3adffd Author: Jeff Layton <jlayton@xxxxxxxxx> Date: Wed Nov 7 10:19:17 2012 -0500 getcifsacl: clarify magic number if print_ace Signed-off-by: Jeff Layton <jlayton@xxxxxxxxx> commit cc3417e69ca39a8b7eaf0df5ba848d0d4822924e Author: Jeff Layton <jlayton@xxxxxxxxx> Date: Wed Nov 7 10:19:18 2012 -0500 getcifsacl: fix endianness before handing off SID to winbind winbind expects SIDs to be expressed in host-endian. Convert them from little-endian before asking winbind to convert them to names. Also use the WBC_ERROR_IS_OK() macro to check the return code. Signed-off-by: Jeff Layton <jlayton@xxxxxxxxx> commit 067a0c8c63c8e5e4e7e70a95009d25a9d089b5dd Author: Jeff Layton <jlayton@xxxxxxxxx> Date: Wed Nov 7 10:19:18 2012 -0500 getcifsacl: don't use wbcDomainSid internally Use our own cifs_sid instead and cast it to a wbcDomainSid before handing it off to winbind. Signed-off-by: Jeff Layton <jlayton@xxxxxxxxx> commit 4fae92dc32fb5e04fdb0533140997797614a9ed5 Author: Jeff Layton <jlayton@xxxxxxxxx> Date: Wed Nov 7 10:19:18 2012 -0500 getcifsacl: fix raw SID printing routine The current routine prints multiple authority values as different numbers instead of combining them, which is wrong. Print the SID according to the rules in MS-DTYP. Signed-off-by: Jeff Layton <jlayton@xxxxxxxxx> commit 786725279edf0a3ab684e68743e56c1412d95c59 Author: Jeff Layton <jlayton@xxxxxxxxx> Date: Wed Nov 7 10:19:18 2012 -0500 setcifsacl: consolidate SID copying routines ...instead of open-coding it thrice. Signed-off-by: Jeff Layton <jlayton@xxxxxxxxx> commit 486eae46e07f792e83fb9c83df61834b5d7e0077 Author: Jeff Layton <jlayton@xxxxxxxxx> Date: Wed Nov 7 10:19:19 2012 -0500 setcifsacl: fix some bugs in build_fetched_aces Pavel Raiskup reported the following defects that he found with Coverity: "If the variable 'facesptr' on line cifs-utils-4.8.1/setcifsacl.c|365| has not enough memory to be allocated, program 'setcifsacl' will fail with segfault on line 365 (dereferencing facesptr)." "you may return freed pointer here. There is some kind of return code ('rc') which should be transferred to >NULL< when is rc nonzero (and returned)" There are also a couple of other bugs here: malloc doesn't necessarily set errno to anything when an allocation fails, so having the error handling rely on that is wrong. Fix all of these bugs by reorganzing this function to fix up the error handling. Reported-by: Pavel Raiskup <praiskup@xxxxxxxxxx> Signed-off-by: Jeff Layton <jlayton@xxxxxxxxx> commit aa7cbf3ebc5df89b592815623459dabf6a21f5eb Author: Jeff Layton <jlayton@xxxxxxxxx> Date: Wed Nov 7 10:19:19 2012 -0500 setcifsacl: fix some bugs in build_cmdline_aces Pavel Raiskup found the following defect in setcifsacl with Coverity: "segfault may occur also in cifs-utils-4.8.1/setcifsacl.c|644| because of casesptr dereferencing. When you look e.g. at the line 605, in this time any part of 'caseptr' may be yet uninitialized and program is going through 'goto' to freeing -> and there you are freeing the 'caseptr[i]' address." The analysis there seems a little off, but is basically correct. The freeing loop counts down from the current value of i to free the secondary allocations here. There is one situation though where this could go badly. If the strtok parsing near the beginning of the loop fails, then we could end up trying to free an uninitialized pointer. Fix this by changing the cacesptr allocation to use calloc(), and stop trying to be clever with the freeing loop. Just have it walk the entire array and attempt to free each slot. Reported-by: Pavel Raiskup <praiskup@xxxxxxxxxx> Signed-off-by: Jeff Layton <jlayton@xxxxxxxxx> commit 3a41103dfea64856c8317099496716a7f9010769 Author: Jeff Layton <jlayton@xxxxxxxxx> Date: Wed Nov 7 10:19:19 2012 -0500 getcifsacl: fix endianness bug in getcifsacl and add better bounds checks getcifsacl must convert the access_req field from little endian. Also, we should ensure that the "size" field in the ACE is reachable before trying to access it. Signed-off-by: Jeff Layton <jlayton@xxxxxxxxx> commit 6a091a5aa6fd9de3e2ea700896e1949a5623b1c6 Author: Jeff Layton <jlayton@xxxxxxxxx> Date: Wed Nov 7 10:19:19 2012 -0500 setcifsacl: fix up ACE mask handling Change verify_ace_mask to just attempt to convert the argument to an unsigned long first. If that fails, then try to treat it as a symbolic mask string. Also, clean up ace_mask_value. There's no need to walk the string twice. Walk it once and turn the single-char mask checks into a switch statement instead of if/else clauses. Finally, fix the endianness of the resulting value. It must be in LE. Signed-off-by: Jeff Layton <jlayton@xxxxxxxxx> commit c74be6c4f2d75008772ce5f4224d36e2556d31ac Author: Jeff Layton <jlayton@xxxxxxxxx> Date: Wed Nov 7 10:19:20 2012 -0500 setcifsacl: fix endianness of ->size in build_cmdline_aces The size must also be kept in little-endian. Signed-off-by: Jeff Layton <jlayton@xxxxxxxxx> commit 3759dfa1f6c4990d7dd017eeb341965673382b07 Author: Jeff Layton <jlayton@xxxxxxxxx> Date: Wed Nov 7 10:19:20 2012 -0500 setcifsacl: fix some build warnings Signed-off-by: Jeff Layton <jlayton@xxxxxxxxx> commit 3ff520f4380b8826d9eeda71da87e4e4548c4f4a Author: Jeff Layton <jlayton@xxxxxxxxx> Date: Wed Nov 7 10:19:20 2012 -0500 cifs.idmap: fix up some compile-time warnings Get rid of some unused variables, and fix a strict-aliasing problem by copying the SID data to a new place instead of converting the endianness in-place. Signed-off-by: Jeff Layton <jlayton@xxxxxxxxx> commit fd3d58c4e78098700a03551c7e7d2f2b63777502 Author: Jeff Layton <jlayton@xxxxxxxxx> Date: Wed Nov 7 10:20:46 2012 -0500 getcifsacl: fix up printing of REVISION: and CONTROL: fields They need endianness conversion too... Signed-off-by: Jeff Layton <jlayton@xxxxxxxxx> commit feab5b327c5fea393d626f0ae3c33810fdafe518 Author: Jeff Layton <jlayton@xxxxxxxxx> Date: Fri Nov 9 06:08:38 2012 -0500 mount.cifs: fix argument count check The argv < 3 check could return true if you pass in some option flags. If you don't provide any further arguments then you might just walk off the end of the argv array. The values past the end aren't guaranteed to be NULL in that case. Fix the check to just look at whether there are 2 more arguments after the getopt processing is done. Signed-off-by: Jeff Layton <jlayton@xxxxxxxxx> commit ec80b4feeb2a86b3661e9c710b942196492a9af4 Author: Jeff Layton <jlayton@xxxxxxxxx> Date: Fri Nov 9 06:33:48 2012 -0500 getcifsacl: don't freely cast between wbcDomainSid and cifs_sid While they are very similar, the cifs_sid is "packed" and the wbcDomainSid isn't. There are also aliasing problems with gcc in some cases. Instead of trying to cast and fix endianness in place, make a separate copy instead. Signed-off-by: Jeff Layton <jlayton@xxxxxxxxx> commit ea0441d56862538b6c72ebbe085f98d9da8e14ea Author: Jeff Layton <jlayton@xxxxxxxxx> Date: Fri Nov 9 06:40:14 2012 -0500 setcifsacl: don't freely cast between wbcDomainSid and cifs_sid Since they are not necessarily aligned the same and potentially store their fields with different endianness. Copy from the wbcDomainSid to the cifs_sid as appropriate. Also rename the same function in cifs.idmap.c for consistency. Signed-off-by: Jeff Layton <jlayton@xxxxxxxxx> commit 60df9bbd90fc43e388ae42d6ed73415b45e43227 Author: Jeff Layton <jlayton@xxxxxxxxx> Date: Fri Nov 9 07:49:43 2012 -0500 setcifsacl: fix format specifier in error message setcifsacl.c:833: warning: format '%ld' expects type 'long int', but argument 3 has type 'ssize_t' Signed-off-by: Jeff Layton <jlayton@xxxxxxxxx> commit 62b6e9429c6190a4e31dfe6a028ca9b2689d3f07 Author: Jeff Layton <jlayton@xxxxxxxxx> Date: Sun Nov 11 06:09:23 2012 -0500 autoconf: set version to 5.8 Signed-off-by: Jeff Layton <jlayton@xxxxxxxxx> - -- Jeff Layton <jlayton@xxxxxxxxx> -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) iQIcBAEBAgAGBQJQn43cAAoJEAAOaEEZVoIVG7cQAKdnGCsrq1IhcttK7xycNjLg T/7Igyx8Rsus3pi2GLHedWXOH3BWUPYgFct0skl0aG8DBWFn6FhddpB0/PE2Mxpv HX2xE3R7P7o0HgicLRUq9ZXf6ZDxd3cQz1xHAeQs5Spyr+3j0SdIxrec3vCM7hmo KeAJFg7LLHjt52TNt5AUZdWNiGeM61vaSqqFpsdRFWhmtcNgOZiKh653f5Zoaslx ClABZVQ16ln+B8e/3Tei4mcCwlF6MRSixhJwB5vjLd13JUITxN3YZVgtHSTso5lc shHjW8ULNGrhj/9DNkJaDtFJuHG3hDtLax7BHABei4qvs3A1fpb/fH+FobhYWI4Y 0aHW3xJpcm2Ot6PySJiQa4IFLY0jZ1KlLnntJd/hXc8f7bWVOCkg98FcOuINmxCL lJpfoqbWM+jdzm9Cpg018XEN3BJBl//jFP9rdikXFIut/vvXuVgp9T718ynT/U2H sjTdhSRj908F+PAsDxLva7YRg9ec6ooOBmezqhYFyYVlgPCf5yhE8yaQcKMW9nE5 mBOqA+b5JTv5Xk9dFaV+4I3D1B6kfjW9/FGJWd9ZOLcXA0FRW812GxEH7ImKRsfx Dsma8SVxWXDIPq7Qp+slerSvZvP+d0kZeq9l3GkWujP+TkXuW9KF9ZmnTIvBjVtk GCDAHWN4Pn2bFS4yek7t =B3ES -----END PGP SIGNATURE----- ÿôèº{.nÇ+?·?®??+%?Ëÿ±éݶ¥?wÿº{.nÇ+?·¥?{±ýÈ?³ø§¶?¡Ü¨}©?²Æ zÚ&j:+v?¨þø¯ù®w¥þ?à2?Þ?¨èÚ&¢)ß¡«a¶Úÿÿûàz¿äz¹Þ?ú+?ù???Ý¢jÿ?wèþf