diff --git a/Make_the_PAM_security_directory_configurable_at_compile_time.patch b/Make_the_PAM_security_directory_configurable_at_compile_time.patch new file mode 100644 index 0000000..90e428a --- /dev/null +++ b/Make_the_PAM_security_directory_configurable_at_compile_time.patch @@ -0,0 +1,35 @@ +Author: Lars Mueller +Subject: Make PAM security install directory configurable at compile time +Reported-upstream: yes +Bugzilla: bso#10513 + +Index: cifs-utils-6.3/configure.ac +=================================================================== +--- cifs-utils-6.3.orig/configure.ac ++++ cifs-utils-6.3/configure.ac +@@ -58,6 +58,12 @@ AC_ARG_WITH(idmap-plugin, + AC_DEFINE_UNQUOTED(IDMAP_PLUGIN_PATH, "$pluginpath", [Location of plugin that ID mapping infrastructure should use. (usually a symlink to real plugin)]) + AC_SUBST([pluginpath]) + ++AC_ARG_WITH(pamdir, ++ [AC_HELP_STRING([--with-pamdir=DIR],[Where to install the PAM module [[$(libdir)/security]]])], ++ pamdir=$withval, ++ pamdir="\$(libdir)/security") ++AC_SUBST([pamdir]) ++ + # check for ROOTSBINDIR environment var + if test -z $ROOTSBINDIR; then + ROOTSBINDIR="/sbin" +Index: cifs-utils-6.3/Makefile.am +=================================================================== +--- cifs-utils-6.3.orig/Makefile.am ++++ cifs-utils-6.3/Makefile.am +@@ -92,8 +92,6 @@ idmapwb.8: idmapwb.8.in + endif + + if CONFIG_PAM +-pamdir = $(libdir)/security +- + pam_PROGRAMS = pam_cifscreds.so + + pam_cifscreds.so: pam_cifscreds.c cifskey.c resolve_host.c util.c diff --git a/cifs-utils-6.2.tar.bz2 b/cifs-utils-6.2.tar.bz2 deleted file mode 100644 index 90c9d77..0000000 --- a/cifs-utils-6.2.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:34676e374ee139ce1b6566ed1802c55f92b5d74cc58417a4989df7438ff2cd33 -size 392856 diff --git a/cifs-utils-6.2.tar.bz2.asc b/cifs-utils-6.2.tar.bz2.asc deleted file mode 100644 index 9e8714a..0000000 --- a/cifs-utils-6.2.tar.bz2.asc +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v2.0.19 (GNU/Linux) - -iQEcBAABAgAGBQJSTqdBAAoJEFr9v7Jw87mBkuEIAJYLgPt4IJW/9o5CSAD3FJCR -yVixXU0xevx6Y0+A/35juOUxas0BR4QQGeNu5DHs/EEYfQcB/7quv6zoDSbPAtbi -wVOFYlLXPOyC7H4t9n7pWhkYcIUuH5Jkth8QFoA9BwzFHwIOPEeneL0TSf6m6jzM -An54JwG2Cq9NWTmpNbTFS/8IfpzgmiDm0QQlaAgYpc8v4rxxkboIwK8Fvn9dtFLC -mCD3f2XnVzV5/6Bi53qnaK30ha4tGJ4EoN1OTCTi8jEkAD7cgjzI0wC43iDsX04W -VYba+hu+PGcftriw1pgccIgeU2kMSrrK8k3Ttb1O6V/60Ic3nl+qAGPYcH+L2zo= -=1AK2 ------END PGP SIGNATURE----- diff --git a/cifs-utils-6.3.tar.bz2 b/cifs-utils-6.3.tar.bz2 new file mode 100644 index 0000000..f1f45a0 --- /dev/null +++ b/cifs-utils-6.3.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:fff73b2a2547628acba05d324cf096e50f13fa8712f01bf0eb0dbabfe268375b +size 392465 diff --git a/cifs-utils-6.3.tar.bz2.asc b/cifs-utils-6.3.tar.bz2.asc new file mode 100644 index 0000000..a5f730c --- /dev/null +++ b/cifs-utils-6.3.tar.bz2.asc @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.0.22 (GNU/Linux) + +iQEcBAABAgAGBQJSzsyiAAoJEFr9v7Jw87mBQ1IH+wWOvX/ccSnSEBetPQupThww +3lCwyrC1PJhwHJvCOTR7axVVu4F/fVVaoBu8Hl6inqvnE/Ds2a4vnWYulSrR9Mii +uUArW/DLqM2bFpkXSV6HjhJ4FOU9Ps2HKl6sSTdCbXqzfg6vUobdoog9NBx5LlyC +CSI4ncWRdigyI6/lSMAWyzRaI1pfVlNBLMgrsN9EZwpqtly/Knt/Z9UJBXIC6Hrs +sKBg+mbtGymq2pRkfLbaepIcyfyF1shV7Hem0A3Wpm/yt6AmVkEpAMqSYG9sIgWz +3G3JxQKl6I58LNQI5TH/IZ1dMawhJcaxz7HqkI9DcBv2KGpWqsLxrHciNuvDf30= +=JWC6 +-----END PGP SIGNATURE----- diff --git a/cifs-utils.changes b/cifs-utils.changes index e00bb70..d49a2de 100644 --- a/cifs-utils.changes +++ b/cifs-utils.changes @@ -1,3 +1,14 @@ +------------------------------------------------------------------- +Thu Mar 20 19:40:40 UTC 2014 - lmuelle@suse.com + +- Update to cifs-utils 6.3. + + fixes for various bugs turned up by Coverity + + clean unused cruft out of upcall binary + + add new pam_cifscreds PAM module for establishing NTLM creds on login + which BuildRequires the pam-devel package +- Make the PAM security directory configurable at compile time; (bso#10513). + + Make_the_PAM_security_directory_configurable_at_compile_time.patch + ------------------------------------------------------------------- Wed Oct 9 12:16:57 UTC 2013 - lmuelle@suse.com diff --git a/cifs-utils.spec b/cifs-utils.spec index 886ecb3..c74970b 100644 --- a/cifs-utils.spec +++ b/cifs-utils.spec @@ -1,7 +1,7 @@ # # spec file for package cifs-utils # -# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ Name: cifs-utils -Version: 6.2 +Version: 6.3 Release: 0 Summary: Utilities for doing and managing mounts of the Linux CIFS filesyste License: GPL-3.0+ @@ -35,6 +35,7 @@ Source1: cifs.init Source2: mkinitrd_scripts_boot-cifs.sh Source3: mkinitrd_scripts_setup-cifs.sh Source4: cifstab +Patch: Make_the_PAM_security_directory_configurable_at_compile_time.patch %if 0%{?suse_version} PreReq: insserv %{?fillup_prereq} mkinitrd %else @@ -67,6 +68,7 @@ BuildRequires: libkeyutils-devel %if 0%{?centos_version} > 599 || 0%{?fedora_version} > 14 || 0%{?rhel_version} > 599 || 0%{?suse_version} > 1020 BuildRequires: libwbclient-devel %endif +BuildRequires: pam-devel %if 0%{?suse_version} > 1020 BuildRequires: pkg-config %else @@ -91,14 +93,31 @@ The SMB/CIFS protocol is a standard file sharing protocol widely deployed on Microsoft Windows machines. This package contains the header file necessary for building ID mapping plugins for cifs-utils. +%package -n pam_cifscreds +Summary: PAM module to manage NTLM credentials in kernel keyring +Group: System/Libraries + +%description -n pam_cifscreds +The pam_cifscreds PAM module is a tool for automatically adding +credentials (username and password) for the purpose of establishing +sessions in multiuser mounts. + +When a cifs filesystem is mounted with the "multiuser" option, and does +not use krb5 authentication, it needs to be able to get the credentials +for each user from somewhere. The pam_cifscreds module can be used to +provide these credentials to the kernel automatically at login. + %prep %{?gpg_verify: %gpg_verify --keyring %{SOURCE6} %{SOURCE5}} %setup -q +%patch -p1 %build export CFLAGS="$RPM_OPT_FLAGS -D_GNU_SOURCE -fpie" export LDFLAGS="-pie" -%{configure} +autoreconf -i +%{configure} \ + --with-pamdir=/%{_lib}/security %{__make} %{?_smp_mflags} %install @@ -208,4 +227,9 @@ exit 0 %defattr(-,root,root) %{_includedir}/cifsidmap.h +%files -n pam_cifscreds +%defattr(-,root,root) +/%{_lib}/security/pam_cifscreds.so +%{_mandir}/man8/pam_cifscreds.8.* + %changelog