summaryrefslogtreecommitdiff
path: root/client/mount.cifs.c
AgeCommit message (Collapse)AuthorFilesLines
2009-11-11mount.cifs: get rid of CONST_DISCARDJeff Layton1-4/+3
Apparently, we need to strip the "const" attribute off of the mnt_fstype before passing it to addmntent to prevent a (somewhat bogus) compiler warning. Rather than just stripping off the "const" attribute, clarify the code by declaring a new non-const char pointer that points to the same string. We can also use that same pointer in the mount(2) call too. Signed-off-by: Jeff Layton <jlayton@redhat.com> Acked-by: Matthias Dieter Wallnöfer <mdw@samba.org>
2009-10-01mount.cifs: don't leak passwords with verbose optionJeff Layton1-16/+30
When running mount.cifs with the --verbose option, it'll print out the option string that it passes to the kernel...including the mount password if there is one. Print a placeholder string instead to help ensure that this info can't be used for nefarious purposes. Also, the --verbose option printed the option string before it was completely assembled anyway. This patch should also make sure that the complete option string is printed out. Finally, strndup passwords passed in on the command line to ensure that they aren't shown by --verbose as well. Passwords used this way can never be truly kept private from other users on the machine of course, but it's simple enough to do it this way for completeness sake. Reported-by: Ronald Volgers <r.c.volgers@student.utwente.nl> Signed-off-by: Jeff Layton <jlayton@redhat.com> Acked-by: Steve French <sfrench@us.ibm.com>
2009-10-01mount.cifs: check access of credential files before openingJeff Layton1-0/+11
It's possible for an unprivileged user to pass a setuid mount.cifs a credential or password file to which he does not have access. This can cause mount.cifs to open the file on his behalf and possibly leak the info in the first few lines of the file. Check the access permissions of the file before opening it. Reported-by: Ronald Volgers <r.c.volgers@student.utwente.nl> Signed-off-by: Jeff Layton <jlayton@redhat.com> Acked-by: Steve French <sfrench@us.ibm.com>
2009-09-24mount.cifs: print output to stderrJeff Layton1-108/+101
When a mount fails, mount.cifs often prints an error message. In most cases, this error goes to stdout instead of stderr like it should. Fix it to print errors to stderr instead. Reported-by: Jan Engelhardt <jengelh@gmx.de> Signed-off-by: Jeff Layton <jlayton@redhat.com>
2009-06-29mount.cifs: don't pass text ro/rw options to kernelJeff Layton1-0/+2
/bin/mount strips off the ro/rw options after setting the MS_RDONLY flag appropriately. Make mount.cifs do the same thing. Signed-off-by: Jeff Layton <jlayton@samba.org>
2009-06-25mount.cifs: add support for sending IPv6 scope ID to kernelJeff Layton1-0/+8
When getaddrinfo returns an IPv6 address with a non-zero scope_id, send that to the kernel appended to the address with a '%' delimiter. This allows people to mount servers via their link-local IPv6 addresses (given a kernel that understands this address format, of course). Signed-off-by: Jeff Layton <jlayton@redhat.com>
2009-06-10mount.cifs: explicitly handle non AF_INET/AF_INET6 addressesJeff Layton1-0/+2
If we get a non-AF_INET(6) address, then just skip it and try the next one in the list. Signed-off-by: Jeff Layton <jlayton@redhat.com>
2009-06-06mount.cifs: properly check for mount being in fstab when running setuid root ↵Jeff Layton1-40/+162
(try#3) This is the third attempt to clean up the checks when a setuid mount.cifs is run by an unprivileged user. The main difference in this patch from the last one is that it fixes a bug where the mount might have failed if unnecessarily if CIFS_LEGACY_SETUID_CHECK was set. When mount.cifs is installed setuid root and run as an unprivileged user, it does some checks to limit how the mount is used. It checks that the mountpoint is owned by the user doing the mount. These checks however do not match those that /bin/mount does when it is called by an unprivileged user. When /bin/mount is called by an unprivileged user to do a mount, it checks that the mount in question is in /etc/fstab, that it has the "user" option set, etc. This means that it's currently not possible to set up user mounts the standard way (by the admin, in /etc/fstab) and simultaneously protect from an unprivileged user calling mount.cifs directly to mount a share on any directory that that user owns. Fix this by making the checks in mount.cifs match those of /bin/mount itself. This is a necessary step to make mount.cifs safe to be installed as a setuid binary, but not sufficient. For that, we'd need to give mount.cifs a proper security audit. Since some users may be depending on the legacy behavior, this patch also adds the ability to build mount.cifs with the older behavior. Signed-off-by: Jeff Layton <jlayton@redhat.com>
2009-06-02Move mount.cifs/umount.cifs to the top level and remove the outdated copyJelmer Vernooij1-0/+1539
in Samba 4.