RHBA-2011:0569 - Bug Fix Advisory

Topic

An updated cifs-utils package that fixes five bugs is available.

Description

The SMB/CIFS protocol is a standard file sharing protocol widely deployed
on Microsoft Windows machines. This package contains tools for mounting
shares on Linux using the SMB/CIFS protocol. The tools in this package
work in conjunction with support in the kernel to allow one to mount a
SMB/CIFS share onto a client and use it as if it were a standard Linux
file system.

The cifs-utils package has been updated to the latest upstream version. Bugs
fixed in this updated package include:

• While trying to mount a share (DFS or 'classic') with Kerberos, a "mount

error(5): Input/output error" occurred due to a problem with the MIT krb5
libraries. cifs.upcall now sets the GSSAPI checksum properly in SPNEGO blobs.
This is necessary for proper interoperability with EMC servers when using krb5
authentication, and allows for a successful mount . (BZ#645127)

• When mounting a share as root with kerberos, cifs.upcall used the ticket of

root (/tmp/krb5cc_0) instead the one of the user specified with 'uid=' or
'user='. This was due to the --legacy-uid command line option for cifs.upcall
not properly implementing. This patch ensures that it properly implements,
allowing successful mounting of a share as root with kerberos. (BZ#667382)

• When two CIFS shares were mounted on the same server, each for a different

user who had valid krb5 credentials, only the one mounted first could access the
data. This was because cifs had a built in design limitation of a single set of
credentials per mount. That limitation caused the implementation of a number of
hacks to deal with it. With this patch mount.cifs now supports the 'cruid='
mount option, fixing this issue. (BZ#669377)

• mount.cifs did not handle numeric uid=, gid=, or cuid= options correctly, and

would often return an error when they were specified. With this patch, a check
is run to see if any error occurred by setting errno to 0 before the conversion.
If one did then it will attempt to treat the value as a name, allowing them to
be correctly handled. (BZ#696951)

• In order to update the man pages and include a couple small patches,

cifs-utils has been rebased to 4.8.1. (BZ#658981)

All users who are using the cifs file system should update to this new package
in order to take advantage of these bug fixes.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Affected Products

• Red Hat Enterprise Linux Server 6 x86_64
• Red Hat Enterprise Linux Server 6 i386
• Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 x86_64
• Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 i386
• Red Hat Enterprise Linux Workstation 6 x86_64
• Red Hat Enterprise Linux Workstation 6 i386
• Red Hat Enterprise Linux Desktop 6 x86_64
• Red Hat Enterprise Linux Desktop 6 i386
• Red Hat Enterprise Linux for IBM z Systems 6 s390x
• Red Hat Enterprise Linux for Power, big endian 6 ppc64
• Red Hat Enterprise Linux for Scientific Computing 6 x86_64
• Red Hat Enterprise Linux Server from RHUI 6 x86_64
• Red Hat Enterprise Linux Server from RHUI 6 i386
• Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6 s390x

Fixes

• BZ - 645127 - Input/output error with sec=krb5
• BZ - 658981 - rebase cifs-utils to version 4.8.1 for RHEL 6.1
• BZ - 667382 - cifs.upcall does not accept the '-l' command line option
• BZ - 669377 - cifs.upcall not called when mounting second CIFS share from same server using different krb5 credentials
• BZ - 696951 - mount option uid doesn't work with krb5

CVEs

(none)

References

(none)