From patchwork Fri Aug 7 19:43:14 2009 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeff Layton X-Patchwork-Id: 30966 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.samba.org (fn.samba.org [216.83.154.106]) by bilbo.ozlabs.org (Postfix) with ESMTP id E21F1B7B3E for ; Sat, 8 Aug 2009 05:43:26 +1000 (EST) Received: from fn.samba.org (localhost [127.0.0.1]) by lists.samba.org (Postfix) with ESMTP id 67D1FAD06A; Fri, 7 Aug 2009 13:39:08 -0600 (MDT) X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on fn.samba.org X-Spam-Level: X-Spam-Status: No, score=-3.0 required=3.8 tests=AWL, BAYES_00, NO_MORE_FUNN, SPF_PASS autolearn=no version=3.2.5 X-Original-To: linux-cifs-client@lists.samba.org Delivered-To: linux-cifs-client@lists.samba.org Received: from cdptpa-omtalb.mail.rr.com (cdptpa-omtalb.mail.rr.com [75.180.132.123]) by lists.samba.org (Postfix) with ESMTP id C89E4ACFA6; Fri, 7 Aug 2009 13:39:01 -0600 (MDT) Received: from mail.poochiereds.net ([71.70.153.3]) by cdptpa-omta03.mail.rr.com with ESMTP id <20090807194318093.JGPR22765@cdptpa-omta03.mail.rr.com>; Fri, 7 Aug 2009 19:43:18 +0000 Received: by mail.poochiereds.net (Postfix, from userid 4447) id C743858142; Fri, 7 Aug 2009 15:43:17 -0400 (EDT) From: Jeff Layton To: linux-cifs-client@lists.samba.org, samba-technical@lists.samba.org Date: Fri, 7 Aug 2009 15:43:14 -0400 Message-Id: <1249674197-1065-5-git-send-email-jlayton@redhat.com> X-Mailer: git-send-email 1.6.0.6 In-Reply-To: <1249674197-1065-1-git-send-email-jlayton@redhat.com> References: <1249674197-1065-1-git-send-email-jlayton@redhat.com> Subject: [linux-cifs-client] [PATCH 4/7] cifs.upcall: try getting a "cifs/" principal and fall back to "host/" X-BeenThere: linux-cifs-client@lists.samba.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: The Linux CIFS VFS client List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: linux-cifs-client-bounces@lists.samba.org Errors-To: linux-cifs-client-bounces@lists.samba.org cifs.upcall takes a "-c" flag that tells the upcall to get a principal in the form of "cifs/hostname.example.com@REALM" instead of "host/hostname.example.com@REALM". This has turned out to be a source of great confusion for users. Instead of requiring this flag, have the upcall try to get a "cifs/" principal first. If that fails, fall back to getting a "host/" principal. Signed-off-by: Jeff Layton --- client/cifs.upcall.c | 28 ++++++++++++++++------------ docs-xml/manpages-3/cifs.upcall.8.xml | 4 ++-- 2 files changed, 18 insertions(+), 14 deletions(-) diff --git a/client/cifs.upcall.c b/client/cifs.upcall.c index 0ddcc75..e60fb50 100644 --- a/client/cifs.upcall.c +++ b/client/cifs.upcall.c @@ -30,7 +30,7 @@ create dns_resolver * * /usr/local/sbin/cifs.upcall %k #include "cifs_spnego.h" -const char *CIFSSPNEGO_VERSION = "1.2"; +const char *CIFSSPNEGO_VERSION = "1.3"; static const char *prog = "cifs.upcall"; typedef enum _sectype { NONE = 0, @@ -291,8 +291,8 @@ cifs_resolver(const key_serial_t key, const char *key_descr) static void usage(void) { - syslog(LOG_INFO, "Usage: %s [-c] [-v] key_serial", prog); - fprintf(stderr, "Usage: %s [-c] [-v] key_serial\n", prog); + syslog(LOG_INFO, "Usage: %s [-v] key_serial", prog); + fprintf(stderr, "Usage: %s [-v] key_serial\n", prog); } int main(const int argc, char *const argv[]) @@ -303,7 +303,7 @@ int main(const int argc, char *const argv[]) key_serial_t key = 0; size_t datalen; long rc = 1; - int c, use_cifs_service_prefix = 0; + int c; char *buf, *princ, *ccname = NULL; struct decoded_args arg = { }; const char *oid; @@ -313,7 +313,7 @@ int main(const int argc, char *const argv[]) while ((c = getopt(argc, argv, "cv")) != -1) { switch (c) { case 'c': - use_cifs_service_prefix = 1; + /* legacy option -- skip it */ break; case 'v': printf("version: %s\n", CIFSSPNEGO_VERSION); @@ -395,19 +395,23 @@ int main(const int argc, char *const argv[]) break; } - if (use_cifs_service_prefix) - strlcpy(princ, "cifs/", datalen); - else - strlcpy(princ, "host/", datalen); - - strlcpy(princ + 5, arg.hostname, datalen - 5); - if (arg.sec == MS_KRB5) oid = OID_KERBEROS5_OLD; else oid = OID_KERBEROS5; + /* + * try getting a cifs/ principal first and then fall back to + * getting a host/ principal if that doesn't work. + */ + strlcpy(princ, "cifs/", datalen); + strlcpy(princ + 5, arg.hostname, datalen - 5); rc = handle_krb5_mech(oid, princ, &secblob, &sess_key, ccname); + if (rc) { + memcpy(princ, "host/", 5); + rc = handle_krb5_mech(oid, princ, &secblob, &sess_key, + ccname); + } SAFE_FREE(princ); break; default: diff --git a/docs-xml/manpages-3/cifs.upcall.8.xml b/docs-xml/manpages-3/cifs.upcall.8.xml index 6e22bff..427bb44 100644 --- a/docs-xml/manpages-3/cifs.upcall.8.xml +++ b/docs-xml/manpages-3/cifs.upcall.8.xml @@ -48,7 +48,7 @@ to be run that way. -c - When handling a kerberos upcall, use a service principal that starts with "cifs/". The default is to use the "host/" service principal. + This option is deprecated and is currently ignored. @@ -86,7 +86,7 @@ to be run that way. #OPERATION TYPE D C PROGRAM ARG1 ARG2... #========= ============= = = ========================================== -create cifs.spnego * * /usr/local/sbin/cifs.upcall -c %k +create cifs.spnego * * /usr/local/sbin/cifs.upcall %k create dns_resolver * * /usr/local/sbin/cifs.upcall %k