@@ -58,15 +58,15 @@ typedef enum _secType {
* ret: 0 - success, others - failure
*/
static int
-handle_krb5_mech(const char *oid, const char *principal,
- DATA_BLOB * secblob, DATA_BLOB * sess_key)
+handle_krb5_mech(const char *oid, const char *principal, DATA_BLOB *secblob,
+ DATA_BLOB *sess_key, char *ccname)
{
int retval;
DATA_BLOB tkt, tkt_wrapped;
/* get a kerberos ticket for the service and extract the session key */
- retval = cli_krb5_get_ticket(principal, 0,
- &tkt, sess_key, 0, NULL, NULL);
+ retval = cli_krb5_get_ticket(principal, 0, &tkt, sess_key, 0,
+ ccname, NULL);
if (retval)
return retval;
@@ -88,21 +88,21 @@ handle_krb5_mech(const char *oid, const char *principal,
#define DKD_HAVE_IPV4 8
#define DKD_HAVE_IPV6 16
#define DKD_HAVE_UID 32
+#define DKD_HAVE_CCNAME 64
#define DKD_MUSTHAVE_SET (DKD_HAVE_HOSTNAME|DKD_HAVE_VERSION|DKD_HAVE_SEC)
static int
-decode_key_description(const char *desc, int *ver, secType_t * sec,
- char **hostname, uid_t * uid)
+decode_key_description(const char *desc, int *ver, secType_t *sec,
+ char **hostname, uid_t *uid, char **credinfo)
{
int retval = 0;
+ int len;
char *pos;
const char *tkn = desc;
do {
pos = index(tkn, ';');
if (strncmp(tkn, "host=", 5) == 0) {
- int len;
-
if (pos == NULL) {
len = strlen(tkn);
} else {
@@ -146,6 +146,17 @@ decode_key_description(const char *desc, int *ver, secType_t * sec,
} else {
retval |= DKD_HAVE_VERSION;
}
+ } else if (strncmp(tkn, "credinfo=", 9) == 0) {
+ if (pos == NULL)
+ len = strlen(tkn);
+ else
+ len = pos - tkn;
+
+ len -= 8;
+ SAFE_FREE(*credinfo);
+ *credinfo = SMB_XMALLOC_ARRAY(char, len);
+ strlcpy(*credinfo, tkn + 9, len);
+ retval |= DKD_HAVE_CCNAME;
}
if (pos == NULL)
break;
@@ -226,7 +237,7 @@ int main(const int argc, char *const argv[])
uid_t uid = 0;
int kernel_upcall_version = 0;
int c, use_cifs_service_prefix = 0;
- char *buf, *hostname = NULL;
+ char *buf, *hostname = NULL, *credinfo = NULL;
const char *oid;
openlog(prog, 0, LOG_DAEMON);
@@ -278,7 +289,7 @@ int main(const int argc, char *const argv[])
}
rc = decode_key_description(buf, &kernel_upcall_version, §ype,
- &hostname, &uid);
+ &hostname, &uid, &credinfo);
if ((rc & DKD_MUSTHAVE_SET) != DKD_MUSTHAVE_SET) {
syslog(LOG_WARNING,
"unable to get from description necessary params");
@@ -333,7 +344,8 @@ int main(const int argc, char *const argv[])
else
oid = OID_KERBEROS5;
- rc = handle_krb5_mech(oid, princ, &secblob, &sess_key);
+ rc = handle_krb5_mech(oid, princ, &secblob, &sess_key,
+ credinfo);
SAFE_FREE(princ);
break;
}
If the kernel passes cifs.upcall a ccname, use it for getting the creds. Signed-off-by: Jeff Layton <jlayton@redhat.com> --- source3/client/cifs.upcall.c | 34 +++++++++++++++++++++++----------- 1 files changed, 23 insertions(+), 11 deletions(-)