-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 With the merge of the new plugin interface, it's probably a good time for a new cifs-utils release. Distro packagers should take special note of the changes with the new plugin interface since it has implications for how the tools are packaged. In particular, it's necessary to set a symlink to the plugin in the correct location (/etc/cifs-utils/idmap-plugin by default). Here are the main highlights: * There is a new plugin architecture for the ID mapping tools. This encapsulates the winbind interfaces inside a plugin and allows the writing of others. * The DOMAIN\username@password format for username= arguments have been deprecated. The discrete mount options for each of those values should be used instead. * Full RELRO (vs. partial) is now enabled on all binaries by default Go forth and download! webpage: https://wiki.samba.org/index.php/LinuxCIFS_utils tarball: ftp://ftp.samba.org/pub/linux-cifs/cifs-utils/ git: git://git.samba.org/cifs-utils.git gitweb: http://git.samba.org/?p=cifs-utils.git;a=summary Detailed list of changes since 5.8: commit 92e12ecc28ac1a41eb48f693837be0ba070dc8af Author: Jeff Layton <jlayton@xxxxxxxxx> Date: Thu Nov 15 15:22:13 2012 -0500 autoconf: set version to 5.8.1 for interim builds Signed-off-by: Jeff Layton <jlayton@xxxxxxxxx> commit 8b6e0cc242fc62436b0dd073e393bbdd62f39a83 Author: Jeff Layton <jlayton@xxxxxxxxx> Date: Sun Nov 18 20:38:38 2012 -0500 mount.cifs: treat uid=,gid=,cruid= options as name before assuming they're a number Sergio Conrad reported a problem trying to set up an autofs map to do a krb5 mount. In his environment, many users have usernames that are comprised entirely of numbers. While that's a bit odd, POSIX apparently allows for it. The current code assumes that when a numeric argument is passed to one of the above options, that it's a uid or gid. Instead, try to treat the argument as a user or group name first, and only try to treat it as a number if that fails. Signed-off-by: Jeff Layton <jlayton@xxxxxxxxx> commit de299f69392c18dc71d207482566f38abc909837 Author: Jeff Layton <jlayton@xxxxxxxxx> Date: Wed Nov 28 15:17:44 2012 -0500 mount.cifs: don't pass "flag" options to the kernel When certain options are passed to the mount helper, we want to turn them into mountflags for the mount() syscall. There's no need to copy them to the options string in that case though. Signed-off-by: Jeff Layton <jlayton@xxxxxxxxx> commit 7e3149fe1529f0043f4fdf60082ea359ae8d656f Author: Jeff Layton <jlayton@xxxxxxxxx> Date: Mon Dec 3 11:03:19 2012 -0500 autotools: remove unnecessary files from distro Having them in the distro prevents autoreconf -i from installing the latest copies. Signed-off-by: Jeff Layton <jlayton@xxxxxxxxx> commit 7dacd96a24edf9ab2e3d7ed798bd28bba5425349 Author: Jeff Layton <jlayton@xxxxxxxxx> Date: Mon Dec 3 13:41:12 2012 -0500 getcifsacl: use "size" instead of reconverting original field to host endian Signed-off-by: Jeff Layton <jlayton@xxxxxxxxx> commit c1fd5753a3f996203e4b39158e360f4b799a3254 Author: Jeff Layton <jlayton@xxxxxxxxx> Date: Tue Dec 4 06:12:13 2012 -0500 getcifsacl: free strings returned by wbcLookupSid Signed-off-by: Jeff Layton <jlayton@xxxxxxxxx> commit bacbbf7c0994bdeaf49234abd07d840673d37e95 Author: Jeff Layton <jlayton@xxxxxxxxx> Date: Tue Dec 4 06:21:06 2012 -0500 getcifsacl: ensure that we don't overrun the wbcDomainSid when converting If we get a SID that contains more than 15 subauthorities, we'll end up overrunning the struct wbcDomainSid. Just ignore any past 15. Signed-off-by: Jeff Layton <jlayton@xxxxxxxxx> commit 2584e62c06dbea59bbd6a001040d7780959c8358 Author: Jeff Layton <jlayton@xxxxxxxxx> Date: Thu Dec 6 06:45:57 2012 -0500 autoconf: enable full RELRO in cifs-utils binaries This is safer since it also protects the GOT from getting clobbered. Signed-off-by: Jeff Layton <jlayton@xxxxxxxxx> commit 53894f4e2cb4d15fedf0612e9a4bd47a537284b3 Author: Jeff Layton <jlayton@xxxxxxxxx> Date: Thu Dec 6 07:17:17 2012 -0500 cifs-utils: only link in -lrt to binaries that need it ...which is really only mount.cifs. Cc: Björn Jacke <bj@xxxxxxxxx> Signed-off-by: Jeff Layton <jlayton@xxxxxxxxx> commit fac79a1425a1474f0daf0795900d227307ec5db3 Author: Jeff Layton <jlayton@xxxxxxxxx> Date: Fri Dec 7 08:39:16 2012 -0500 getcifsacl: remove unneeded openlog() call getcifsacl doesn't log to syslog, so there's no need to open a channel to it. Also, remove the unneeded "prog" global variable since only the usage() function needs it. Signed-off-by: Jeff Layton <jlayton@xxxxxxxxx> commit b4dc50798e6baf026d6101ff3775ffc0c3a0e2f2 Author: Jeff Layton <jlayton@xxxxxxxxx> Date: Fri Dec 7 12:07:23 2012 -0500 setcifsacl: remove syslog goop setcifsacl doesn't use syslog, so no need to open a channel to it. Signed-off-by: Jeff Layton <jlayton@xxxxxxxxx> commit d4f9df9159c5ac93b97c36b0f98ffbd318866e38 Author: Jeff Layton <jlayton@xxxxxxxxx> Date: Thu Dec 13 08:58:54 2012 -0500 cifs-utils: struct cifs_sid definition to new cifsidmap.h header People who want to build a plugin for the idmapping routines will need a header to describe the data types that they need. Add a cifsidmap.h file and move the struct cifs_sid definition into it, along with the constants needed to describe it. Signed-off-by: Jeff Layton <jlayton@xxxxxxxxx> commit 6a25042ae1f010d7ea0852c8245b481c31d9789d Author: Jeff Layton <jlayton@xxxxxxxxx> Date: Mon Dec 3 12:35:38 2012 -0500 cifs-utils: new plugin architecture for ID mapping code Currently, the ACL-related tools in cifs-utils call into the wbclient libs directly in order to do their bidding. The wbclient developers want to get away from needing to configure winbind on the clients and instead allow sssd to handle the mapping in most cases. This patch represents an initial step in that direction. It adds a plugin architecture for cifs-utils, adds wrappers around the calls into libwbclient that find an idmap plugin library to use and then has it call into that plugin to do the actual ID mapping. The application will call into a set of routines that find the correct plugin and dlopen() it. Currently the plugin is located in a well-known location that is settable via autoconf. That location is intended to be a symlink that points to the real plugin (generally under $pkglibdir). The plugin will export a number of functions with well-known names. The wrappers find those by using dlsym() and then call them. Signed-off-by: Jeff Layton <jlayton@xxxxxxxxx> commit 4a895bf49d80f6592cc42d2487103e314b5aa888 Author: Jeff Layton <jlayton@xxxxxxxxx> Date: Fri Dec 7 12:17:03 2012 -0500 cifs-utils: convert setcifsacl to use the plugin interface Add str_to_sid() functionality to the plugin API and have setcifsacl use it. Signed-off-by: Jeff Layton <jlayton@xxxxxxxxx> commit 98ac6343836f1447852a1a3401dc68aebd9c49d1 Author: Jeff Layton <jlayton@xxxxxxxxx> Date: Wed Dec 19 14:52:42 2012 -0500 cifs-utils: add autoconf test for WBC_ID_TYPE_BOTH WBC_ID_TYPE_BOTH is a new addition (in Samba 4.0 only). Add a test for its presence. Because it's an enum, we have to jump through some extra hoops here... Signed-off-by: Jeff Layton <jlayton@xxxxxxxxx> commit e5f0246b3085a5679253041aaabbbe6881e473ab Author: Jeff Layton <jlayton@xxxxxxxxx> Date: Sat Dec 8 21:28:08 2012 -0500 cifs-utils: convert cifs.idmap to use plugin interface Add routines for the various things that cifs.idmap needs and have it call them. Signed-off-by: Jeff Layton <jlayton@xxxxxxxxx> commit bb27a52810198b61f37e0efd05047b8a5ea981a7 Author: Jeff Layton <jlayton@xxxxxxxxx> Date: Mon Dec 17 11:45:41 2012 -0500 cifs-utils: add a manpage for idmapwb ...and clean up references to winbind in various tool manpages. Signed-off-by: Jeff Layton <jlayton@xxxxxxxxx> commit 70f744ab7aa2bb1c30d2615446a6eb83f32a665b Author: Jeff Layton <jlayton@xxxxxxxxx> Date: Wed Jan 2 06:27:35 2013 -0500 cifs-utils: fix cifsidmap.h comment It's actually OK to set this to BOTH. Signed-off-by: Jeff Layton <jlayton@xxxxxxxxx> commit 85d18a1edfa95e9329a57615e92a58a5ab1902c1 Author: Jeff Layton <jlayton@xxxxxxxxx> Date: Mon Jan 7 07:19:46 2013 -0500 mount.cifs: remove support for "complex" usernames from mount.cifs In commit 569cfcb3a, we added a warning of the removal for support for username= options in the form of DOMAIN/username%password. This patch removes that support as promised prior to the 5.9 release. Signed-off-by: Jeff Layton <jlayton@xxxxxxxxx> commit 353d491dcb5d69d31434abeb962c8e9a49c36867 Author: Jeff Layton <jlayton@xxxxxxxxx> Date: Mon Jan 7 07:19:46 2013 -0500 autoconf: set version to 5.9 Signed-off-by: Jeff Layton <jlayton@xxxxxxxxx> - -- Jeff Layton <jlayton@xxxxxxxxx> -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) iQIcBAEBAgAGBQJQ6sOIAAoJEAAOaEEZVoIV934P/3V1nQhNBXsekLeOAAUYmi/s voq8PKrgxbi87hVJjUW1vqp9T76OObe1gBlV5jwBgFJCtPSk8NXn4L6YYbO5C+rc 9IVYd3meDzutSPbaRBGJITV+yEx2IJT6qlldOyFz28M0bf4H1F1WkKBSysHJ1YLx qr5jT+DYnHjgdb8M+fb4U4KlwqHNyNxPjDmazw9fiOY0YAhfw4wf6I2VVc2RyDX0 AgLZviqSc3+Ogn/HWKGYy0GGMNjbC3E/oQk0wxI/RPeLB8REaiOVSy17fjjUDXhm e77VhV6lnlZPPHUGx1X6AYS9vESV0TUGnIEcDpincnjdrtVBFmWvqp3aLbNrCURu M/v0CgXpIvy8uK7UD6SDNmUndoSOngieCL1ewdHyD197zLAsZxMKl/mQetmbYdgh sDmk/6mvXBmtZaK0DUbia8NJPZpqMueyHbmSajMHfeI9dfiZwwcVWUoY993rs2xU SWpDXG35DxN3lZLv1IF86uk1Py09qfCuSlsdSNHdJZjmDn2QZGWlfwq48K5hzFWW VvXzkPNZZMUMjs4wVCvI4AawkwyZMboGxY/Yk6QeZSe49MFRgVujbHLCacR9NUPz v+xyhl3UrAQzEVmg5mWATOd0+GMpqEak5Onz/OC6f6wXk0sCDU2UJj4to9v6Sr/B jlLymmTvNcsUFGMcNEEz =AkH/ -----END PGP SIGNATURE----- ÿôèº{.nÇ+?·?®??+%?Ëÿ±éݶ¥?wÿº{.nÇ+?·¥?{±ýÈ?³ø§¶?¡Ü¨}©?²Æ zÚ&j:+v?¨þø¯ù®w¥þ?à2?Þ?¨èÚ&¢)ß¡«a¶Úÿÿûàz¿äz¹Þ?ú+?ù???Ý¢jÿ?wèþf