diff mbox series

[1/1] cifs.upcall: enable ccache init from keytab for multiuser mount sessions

Message ID 20240117132534.2623424-2-Florian.Schwalm@seven.one (mailing list archive)
State New, archived
Headers show
Series cifs.upcall: enable ccache init from keytab for multiuser mount sessions | expand

Commit Message

Schwalm, Florian Jan. 17, 2024, 1:25 p.m. UTC
Initializing the credentials cache from the provided keytab relies on
the username/principal to be known.
The kernel doesn't pass down a username for the individual user sessions
of a multiuser mount, though, we only get a uid.
This patch adds derival of a missing username based on the uid just as is
already done for the gid.
This way the keytab can also be used for initialization of user
sessions.

Signed-off-by: Florian Schwalm <Florian.Schwalm@seven.one>
---
 cifs.upcall.c | 15 +++++++++++++++
 1 file changed, 15 insertions(+)
diff mbox series

Patch

diff --git a/cifs.upcall.c b/cifs.upcall.c
index 52c0328..492fcb6 100644
--- a/cifs.upcall.c
+++ b/cifs.upcall.c
@@ -1515,6 +1515,21 @@  int main(const int argc, char *const argv[])
 		goto out;
 	}
 
+	/*
+	 * The kernel doesn't pass down the username for individual sessions
+	 * of a multiuser mount, so we resort here to scraping one
+	 * out of the passwd nss db.
+	 */
+	if(arg->username[0] == '\0') {
+		if (strlen(pw->pw_name) > sizeof(arg->username)-1) {
+			syslog(LOG_ERR, "pw_name value too long for buffer");
+		} else {
+			memset(arg->username, 0, sizeof(arg->username));
+			strncpy(arg->username, pw->pw_name, strlen(pw->pw_name));
+			syslog(LOG_DEBUG, "Added username derived from uid:%s", arg->username);
+		}
+	}
+
 	ccache = get_existing_cc(env_cachename);
 	/* Couldn't find credcache? Try to use keytab */
 	if (ccache == NULL && arg->username[0] != '\0')