From patchwork Tue Apr 21 12:28:30 2009 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeff Layton X-Patchwork-Id: 19167 Received: from lists.samba.org (mail.samba.org [66.70.73.150]) by demeter.kernel.org (8.14.2/8.14.2) with ESMTP id n3LCUNN4020482 for ; Tue, 21 Apr 2009 12:30:23 GMT Received: from dp.samba.org (localhost [127.0.0.1]) by lists.samba.org (Postfix) with ESMTP id 554B0163BB4 for ; Tue, 21 Apr 2009 12:30:01 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on dp.samba.org X-Spam-Level: X-Spam-Status: No, score=-3.8 required=3.8 tests=AWL,BAYES_00, FORGED_RCVD_HELO,SPF_HELO_PASS,SPF_PASS autolearn=ham version=3.1.7 X-Original-To: linux-cifs-client@lists.samba.org Delivered-To: linux-cifs-client@lists.samba.org Received: from mx2.redhat.com (mx2.redhat.com [66.187.237.31]) by lists.samba.org (Postfix) with ESMTP id 2FB78163B70; Tue, 21 Apr 2009 12:28:48 +0000 (GMT) Received: from int-mx2.corp.redhat.com (int-mx2.corp.redhat.com [172.16.27.26]) by mx2.redhat.com (8.13.8/8.13.8) with ESMTP id n3LCT9KW016333; Tue, 21 Apr 2009 08:29:09 -0400 Received: from ns3.rdu.redhat.com (ns3.rdu.redhat.com [10.11.255.199]) by int-mx2.corp.redhat.com (8.13.1/8.13.1) with ESMTP id n3LCT7ZB026891; Tue, 21 Apr 2009 08:29:08 -0400 Received: from localhost.localdomain (vpn-10-136.str.redhat.com [10.32.10.136]) by ns3.rdu.redhat.com (8.13.8/8.13.8) with ESMTP id n3LCSvVp023411; Tue, 21 Apr 2009 08:29:04 -0400 From: Jeff Layton To: linux-cifs-client@lists.samba.org Date: Tue, 21 Apr 2009 08:28:30 -0400 Message-Id: <1240316911-15822-2-git-send-email-jlayton@redhat.com> In-Reply-To: <1240316911-15822-1-git-send-email-jlayton@redhat.com> References: <1240316911-15822-1-git-send-email-jlayton@redhat.com> X-Scanned-By: MIMEDefang 2.58 on 172.16.27.26 Cc: samba-technical@lists.samba.org Subject: [linux-cifs-client] [PATCH 1/2] cifs.upcall: allow use of alternate credcache name X-BeenThere: linux-cifs-client@lists.samba.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: The Linux CIFS VFS client List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-cifs-client-bounces+patchwork-cifs-client=patchwork.kernel.org@lists.samba.org Errors-To: linux-cifs-client-bounces+patchwork-cifs-client=patchwork.kernel.org@lists.samba.org If the kernel passes cifs.upcall a ccname, use it for getting the creds. Signed-off-by: Jeff Layton --- source3/client/cifs.upcall.c | 34 +++++++++++++++++++++++----------- 1 files changed, 23 insertions(+), 11 deletions(-) diff --git a/source3/client/cifs.upcall.c b/source3/client/cifs.upcall.c index 4110de3..4fa43d1 100644 --- a/source3/client/cifs.upcall.c +++ b/source3/client/cifs.upcall.c @@ -58,15 +58,15 @@ typedef enum _secType { * ret: 0 - success, others - failure */ static int -handle_krb5_mech(const char *oid, const char *principal, - DATA_BLOB * secblob, DATA_BLOB * sess_key) +handle_krb5_mech(const char *oid, const char *principal, DATA_BLOB *secblob, + DATA_BLOB *sess_key, char *ccname) { int retval; DATA_BLOB tkt, tkt_wrapped; /* get a kerberos ticket for the service and extract the session key */ - retval = cli_krb5_get_ticket(principal, 0, - &tkt, sess_key, 0, NULL, NULL); + retval = cli_krb5_get_ticket(principal, 0, &tkt, sess_key, 0, + ccname, NULL); if (retval) return retval; @@ -88,21 +88,21 @@ handle_krb5_mech(const char *oid, const char *principal, #define DKD_HAVE_IPV4 8 #define DKD_HAVE_IPV6 16 #define DKD_HAVE_UID 32 +#define DKD_HAVE_CCNAME 64 #define DKD_MUSTHAVE_SET (DKD_HAVE_HOSTNAME|DKD_HAVE_VERSION|DKD_HAVE_SEC) static int -decode_key_description(const char *desc, int *ver, secType_t * sec, - char **hostname, uid_t * uid) +decode_key_description(const char *desc, int *ver, secType_t *sec, + char **hostname, uid_t *uid, char **credinfo) { int retval = 0; + int len; char *pos; const char *tkn = desc; do { pos = index(tkn, ';'); if (strncmp(tkn, "host=", 5) == 0) { - int len; - if (pos == NULL) { len = strlen(tkn); } else { @@ -146,6 +146,17 @@ decode_key_description(const char *desc, int *ver, secType_t * sec, } else { retval |= DKD_HAVE_VERSION; } + } else if (strncmp(tkn, "credinfo=", 9) == 0) { + if (pos == NULL) + len = strlen(tkn); + else + len = pos - tkn; + + len -= 8; + SAFE_FREE(*credinfo); + *credinfo = SMB_XMALLOC_ARRAY(char, len); + strlcpy(*credinfo, tkn + 9, len); + retval |= DKD_HAVE_CCNAME; } if (pos == NULL) break; @@ -226,7 +237,7 @@ int main(const int argc, char *const argv[]) uid_t uid = 0; int kernel_upcall_version = 0; int c, use_cifs_service_prefix = 0; - char *buf, *hostname = NULL; + char *buf, *hostname = NULL, *credinfo = NULL; const char *oid; openlog(prog, 0, LOG_DAEMON); @@ -278,7 +289,7 @@ int main(const int argc, char *const argv[]) } rc = decode_key_description(buf, &kernel_upcall_version, §ype, - &hostname, &uid); + &hostname, &uid, &credinfo); if ((rc & DKD_MUSTHAVE_SET) != DKD_MUSTHAVE_SET) { syslog(LOG_WARNING, "unable to get from description necessary params"); @@ -333,7 +344,8 @@ int main(const int argc, char *const argv[]) else oid = OID_KERBEROS5; - rc = handle_krb5_mech(oid, princ, &secblob, &sess_key); + rc = handle_krb5_mech(oid, princ, &secblob, &sess_key, + credinfo); SAFE_FREE(princ); break; }