| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Using a more permanent ccache is potentially problematic when we're
instantiating a new one. We might be operating under different creds
than expected. Just use a MEMORY: ccache since we don't need it to
last longer than the life of the upcall anyway.
Reported-and-Tested-by: Chad William Seys <cwseys@physics.wisc.edu>
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Setuid programs triggering upcalls could trick the program here. Also,
the d_automount method is done with credentials overridden so if you
can end up with mismatched creds and env vars due to that as well.
It's a hack, but the only recourse I can see is to avoid doing this
when the uid is 0. That means we can't rely on finding root credcaches
in alternate locations using $KRB5CCNAME, but I think that's the best
we can do.
Reported-and-Tested-by: Chad William Seys <cwseys@physics.wisc.edu>
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
We don't want to trust $KRB5CCNAME when creating or updating a new
credcache since we could be operating under the wrong credentials.
Always create new credcaches in the default location instead.
Reported-by: Chad William Seys <cwseys@physics.wisc.edu>
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
It just frees and then zeroes out the pointer. That's of dubious
value in the places where it's currently being used. Just use
free() instead.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Take just what we need from replace.h and move it to cifs.upcall.c.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
We really only need CAP_DAC_READ_SEARCH, not CAP_DAC_OVERRIDE, and
only when we are going to probe the environ file.
Also, fix the non-libcap-ng trim_capabilities prototype.
Reviewed-by: Simo Sorce <simo@redhat.com>
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
/proc/<pid>/environ file
Chad reported that he was seeing a regression in cifs-utils-6.6. Prior
to that, cifs.upcall was able to find credcaches in non-default FILE:
locations, but with the rework of that code, that ability was lost.
Unfortunately, the krb5 library design doesn't really take into account
the fact that we might need to find a credcache in a process that isn't
descended from the session.
When the kernel does an upcall, it passes several bits of info about the
task that initiated the upcall. One of those things is the PID (the
tgid, in particular). We can use that info to reach into the
/proc/<pid>/environ file for the process, and grab whatever value of
$KRB5CCNAME is there.
Then, after switching credentials, set $KRB5CCNAME in the environment
to the same value before opening the credcache, to hint to the krb5
libs where they ought to look.
This new behavior is on by default, but can be disabled by having
request-key pass a '-E' flag to cifs.upcall.
Reported-by: Chad William Seys <cwseys@physics.wisc.edu>
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Much of cifs.upcall can and should be run without elevated privileges.
On entry into the program, drop as many capabilities as we can get away
with, and then always drop any remaining caps after calling setuid().
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Currently, we leave the group ID alone, but in a later patch we'll be
changing cifs.upcall to scrape $KRB5CCNAME out of the originating
process. At that point, we want to be a little more careful with the
process credentials we'll be using.
After we get the uid, do a getpwuid and grab the default gid for the
user. Then use setgid to set it before calling setuid.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Instead, get a ccache handle and pass that around. That way we can keep
the cache open until the program is complete as well.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
...instead of dealing with the ccname. Push resolution of the cache
into the caller.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
The header file says that this is deprecated, and all of the info I've
seen about it mentioned that it was for performance more than
correctness. It dates back to the original code dump from Igor, so I
think we're safe to just drop it at this point.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
There's no need to keep initing a new context for every function. Just
do it once and reuse as needed.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Currently we end up groveling around in /tmp, trying to guess what the
credcache will be. Instead, just get the default ccname for the user,
and then see if it has a valid tgt. If it doesn't then we try to use
the keytab to init the credcache before proceeding.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
...don't assume that it's in /etc/krb5.keytab.
Reported-by: Konstantin Lepikhov <klepikho@redhat.com>
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Fedora is in the process of moving to KEYRING: credcaches which are not
currently handled by cifs.upcall. We could try to detect when they're in
use, but it's simpler and more robust to just try to use the default
credcache whenever we don't find a FILE: or DIR: cache.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Currently cifs.upcall only looks at the default system keytab
(/etc/krb5.keytab). It's often the case however that a dedicated keytab
is desirable. Allow administrators to set one on the command-line.
Reported-by: steve <steve@steve-ss.com>
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
When print version number, the exit code should be 0
and syslog() should not send "Negating key" to the system logger.
Signed-off-by: Peng Haitao <penght@cn.fujitsu.com>
|
|
We want to require that the filename begins with the correct string,
not just that it contains it somewhere.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
When scanning for credential caches, check the user's directory under
/run/user first, then fall back to /tmp as we have previously. Because
we now call find_krb5_cc() twice (once for each directory), we move its
state to be outside of the function. We also add a substitution
mechanism to make the process of resolving the location of the user's
home directory before searching it a bit more explicable.
|
|
If we encounter a subdirectory while scanning a directory for a user's
ccache, check if it's a "DIR" ccache. Otherwise, continue as before,
checking if it's a "FILE" ccache if it looks like a regular file.
|
|
While helping to track down a configuration problem, I found this
little bit of extra debug logging to be helpful. Might as well
make it part of the stock binary.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
krb5 < 1.7
products coming with MIT krb5 < 1.7 (like SUSE Linux Enterprise 11 SP 1
or SP 2) suffer from the same issue as described by
https://bugzilla.samba.org/show_bug.cgi?id=6918
The declaration of krb5_auth_con_set_req_cksumtype is missing.
Inspiration: https://bugzilla.samba.org/show_bug.cgi?id=6918
Acked-by: Suresh Jayaraman <sjayaraman@suse.com>
Signed-off-by: Lars Mueller <lmuelle@suse.com>
|
|
Currently, we build the string by hand then then construct the
principal name with krb5_parse_name. That bypasses the domain_realm
section in krb5.conf however.
Switch the code to use krb5_sname_to_principal instead which is more
suited to this task. In order for that to work, we change a couple of
calling functions to pass down a hostname instead of a principal
name, and then pass in "cifs" as the service name.
Reported-and-Tested-by: Nirupama Karandikar <nkarandi@redhat.com>
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
This was actually requested by the Red Hat QA group, who sometimes work
with multiple krb5.conf files when testing.
Requested-by: Marko Myllynen <myllynen@redhat.com>
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Resolve the unqualified hostname and set AI_CANONNAME to make sure that
field is populated. Scan forward to the first '.' in ai_canonname, and
append that value onto the unqualified hostname to get a FQDN. Then
prepend that value with "cifs/" and try to get a service ticket for
that principal.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Andrew Bartlett suggests the heuristic supplied in the comments.
For now, we don't try to guess the domainname when the hostname is not
qualified, but add a comment with what needs to be done in order to
support that.
Also, with this change we no longer need util.o to be linked in.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Most KDCs are case-sensitive (the notable exception being AD), but DNS
is case-insensitive. To prevent admins from having to put in all
possible case combinations of a principal, lowercase the hostname prior
to trying to get a principal.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
...and check to see if provided hostname will exceed it.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
cifs.upcall.c: In function ‘cifs_krb5_principal_get_realm’:
cifs.upcall.c:80:57: warning: unused parameter ‘context’ [-Wunused-parameter]
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Based on a patch from a few years ago by Igor Mammedov. This patch
adds the ability for cifs.upcall to establish a TGT using the
system-default keytab.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Acked-by: Igor Mammedov <niallain@gmail.com>
|
|
Signed-off-by: Jeff Layton <jlayton@samba.org>
Acked-by: Igor Mammedov <niallain@gmail.com>
|
|
Signed-off-by: Jeff Layton <jlayton@samba.org>
Acked-by: Igor Mammedov <niallain@gmail.com>
|
|
...and switch the code to using strndup. Check for allocation errors as
well, and fix some off-by-one bugs in the ones that decode strings.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Acked-by: Igor Mammedov <niallain@gmail.com>
|
|
Signed-off-by: Jeff Layton <jlayton@samba.org>
Acked-by: Igor Mammedov <niallain@gmail.com>
|
|
If cifs.upcall is passed an invalid argument then it will "goto out".
The decoded_args struct however is uninitialized at that point so it
will usually segfault when trying to free fields in it. Move the
initialization up in the function.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Reported-by: Stefan Walter <walteste@inf.ethz.ch>
Signed-off-by: Jeff Layton <jlayton@samba.org>
Reviewed-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
|
|
checksum (bug #7890)
Some closed source SMB servers doesn't support all checksum types,
so we should try to match windows clients.
This is almost the same logic which is used by Samba.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
gcc says:
cifs.upcall.c: In function ‘cifs_krb5_get_req’:
cifs.upcall.c:261:2: warning: missing initializer
cifs.upcall.c:261:2: warning: (near initialization for ‘in_creds.client’)
cifs.upcall.c: In function ‘main’:
cifs.upcall.c:622:9: warning: missing initializer
cifs.upcall.c:622:9: warning: (near initialization for ‘arg.ver’)
...this is probably just gcc being balky, but we can silence the
warning. It may also be a micro optimization in an error condition
if we delay zeroing out the struct until it's needed.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Even though all known kernels send the uid= parm to userspace,
cifs.upcall doesn't technically require it. It should though. If one
wasn't sent for some reason, then the setuid wouldn't occur. Error out
if there is no uid= or creduid= parm.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
When I did the original krb5 implementation, I goofed and ended up making
it so that when someone specifies the "uid=" mount option that also affects
the owner of the krb5 credential cache and not just the ownership of the
mount. I'm proposing a patch for the kernel to attempt to fix this by
making the kernel send a "creduid=" parameter in the upcall which is
intended to be the user that should own the credentials cache.
That's not necessarily the same user that has "ownership" of the mount.
Usually the creduid= will be set to the real uid of the user doing the
mounting. When multisession mounts are introduced they will usually set
this to the fsuid that walks into the mount.
To ease the transition, this patch also adds a command line switch that
makes cifs.upcall use the "legacy" uid= parameter instead. Use that if you
want it to behave like it used to.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
- fix URL's and email addresses
- update copyright notices
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
...coding style cleanup.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
|
|
...eventually it might be better to make autoconf set -I/usr/include/krb5
or whatever and get rid of the #ifdef's here. It's a little tricky to
figure out the include dir however, so this will do for now.
Signed-off-by: Torsten Kurbad <torsten@tk-webart.de>
|
|
Signed-off-by: Torsten Kurbad <torsten@tk-webart.de>
|
