diff mbox series

[cifs-utils,RFC,03/12] contrib: add cifs-upcall-helper script

Message ID 20250510161609.2615639-4-sorenson@redhat.com
State New
Headers show
Series cifs.upcall helper script enabling complex key description matching | expand

Commit Message

Frank Sorenson May 10, 2025, 4:16 p.m. UTC 
Add a helper script for cifs.upcall, enabling complex matching
of the key's description, and execution of cifs.upcall with
specified options.

At this stage, the script does little more than call cifs.upcall.

Signed-off-by: Frank Sorenson <sorenson@redhat.com>
---
 contrib/upcall-helper/cifs-upcall-helper | 74 ++++++++++++++++++++++++
 1 file changed, 74 insertions(+)
 create mode 100755 contrib/upcall-helper/cifs-upcall-helper
diff mbox series

Patch

diff --git a/contrib/upcall-helper/cifs-upcall-helper b/contrib/upcall-helper/cifs-upcall-helper
new file mode 100755
index 0000000..eead9c7
--- /dev/null
+++ b/contrib/upcall-helper/cifs-upcall-helper
@@ -0,0 +1,74 @@ 
+#!/usr/bin/perl -w
+
+# Copyright (C) Frank Sorenson (sorenson@redhat.com) 2025
+
+# helper script to replace cifs.upcall in /etc/request-key.d/cifs.spnego
+#   to enable complex matching of fields in the description field
+#   of the key when using krb5 for cifs mounts; cifs.upcall is then
+#   executed with specified arguments.
+
+
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+use strict;
+use warnings;
+use Sys::Syslog;
+
+my $log_ident = 'cifs-upcall-helper';
+my $log_open = 0;
+my $log_level = 0;
+# 0 - only errors (LOG_ERR)
+# 1 - relevant messages (LOG_INFO)
+# 2 - verbose debugging (LOG_INFO)
+
+my $keyid;
+
+sub log_msg {
+	my $msg_level = shift;
+
+	if ($log_level >= $msg_level) {
+		my $msg = shift;
+		my $syslog_level = 'info';
+
+		if (! $log_open) {
+			$log_open = 1 if openlog($log_ident, 'ndelay,pid', 'daemon');
+		}
+		return if ! $log_open;
+
+		$syslog_level = 'err' if $msg_level < 1;
+
+		syslog($syslog_level, $msg);
+	}
+}
+sub exec_upcall {
+	my @upcall_args = ( '/usr/sbin/cifs.upcall' );
+	push @upcall_args, $keyid;
+
+	log_msg 1, sprintf("executing cifs.upcall: %s", join(' ', @upcall_args));
+	exec { $upcall_args[0] } @upcall_args;
+}
+
+if ($#ARGV ne 0) {
+	if (-t STDOUT) {
+		printf "usage: $0 <keyid>\n";
+	} else {
+		log_msg 0, "usage $0 <keyid>";
+	}
+	exit -1;
+}
+$keyid = $ARGV[0];
+
+log_msg 1, "$log_ident - keyid: $keyid";
+
+exec_upcall;