1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-10 01:18:15 +03:00
Commit Graph

7 Commits

Author SHA1 Message Date
Volker Lendecke
db1e582568 Attempt to fix the build -- jlayton, please check! 2009-07-10 12:00:11 +02:00
Jeff Layton
8d1b061b51 cifs.upcall: use pid value from kernel to determine KRB5CCNAME to use
If the kernel sends the upcall a pid of the requesting process, we can
open that process' /proc/<pid>/environ file and scrape the KRB5CCNAME
value out of it.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
2009-07-09 21:04:08 -04:00
Jeff Layton
595d07d0ab mount.cifs: don't pass text ro/rw options to kernel
/bin/mount strips off the ro/rw options after setting the MS_RDONLY
flag appropriately. Make mount.cifs do the same thing.

Signed-off-by: Jeff Layton <jlayton@samba.org>
2009-06-29 06:16:38 -04:00
Jeff Layton
2032a1914d mount.cifs: add support for sending IPv6 scope ID to kernel
When getaddrinfo returns an IPv6 address with a non-zero scope_id, send
that to the kernel appended to the address with a '%' delimiter. This
allows people to mount servers via their link-local IPv6 addresses
(given a kernel that understands this address format, of course).

Signed-off-by: Jeff Layton <jlayton@redhat.com>
2009-06-25 07:27:25 -04:00
Jeff Layton
ddad58fc41 mount.cifs: explicitly handle non AF_INET/AF_INET6 addresses
If we get a non-AF_INET(6) address, then just skip it and try the next
one in the list.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
2009-06-10 09:00:21 -04:00
Jeff Layton
cc7b62269e mount.cifs: properly check for mount being in fstab when running setuid root (try#3)
This is the third attempt to clean up the checks when a setuid
mount.cifs is run by an unprivileged user. The main difference in this
patch from the last one is that it fixes a bug where the mount might
have failed if unnecessarily if CIFS_LEGACY_SETUID_CHECK was set.

When mount.cifs is installed setuid root and run as an unprivileged
user, it does some checks to limit how the mount is used. It checks that
the mountpoint is owned by the user doing the mount.

These checks however do not match those that /bin/mount does when it is
called by an unprivileged user. When /bin/mount is called by an
unprivileged user to do a mount, it checks that the mount in question is
in /etc/fstab, that it has the "user" option set, etc.

This means that it's currently not possible to set up user mounts the
standard way (by the admin, in /etc/fstab) and simultaneously protect
from an unprivileged user calling mount.cifs directly to mount a share
on any directory that that user owns.

Fix this by making the checks in mount.cifs match those of /bin/mount
itself. This is a necessary step to make mount.cifs safe to be installed
as a setuid binary, but not sufficient. For that, we'd need to give
mount.cifs a proper security audit.

Since some users may be depending on the legacy behavior, this patch
also adds the ability to build mount.cifs with the older behavior.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
2009-06-06 19:46:24 -04:00
Jelmer Vernooij
8d033ec0d1 Move mount.cifs/umount.cifs to the top level and remove the outdated copy
in Samba 4.
2009-06-02 23:24:33 +02:00