[linux-cifs-client] [PATCH] patch to Igor's userspace program to work with my kernel patchset

Jeff Layton jlayton at redhat.com
Fri Nov 2 15:10:23 GMT 2007


I've had some requests for the userspace program that I'm using for
testing my kernel patchset. The patch to the program that Igor
originally posted follows. Don't expect much :-). I did the bare minimum
to allow me to test my patchset.

Anyone wanting to use it will most certainly need to change the
hardcoded hostname string that I'm using (or put back Igor's code to
determine the hostname). My request-key.conf line looks like this:

create  cifs.spnego  *     *    /usr/local/bin/cifs.spnego %k

Signed-off-by: Jeff Layton <jlayton at redhat.com>

--- /usr/src/cifs-2.6/fs/cifs/utils/cifs_spnego.c	2007-11-01 15:34:43.000000000 -0400
+++ /tmp/cifs_spnego.c	2007-11-02 10:02:32.000000000 -0400
@@ -34,6 +34,7 @@
 #include <string.h>
 #include <syslog.h>
 #include "asn_1.h"
+#include "/usr/src/cifs-2.6/fs/cifs/cifs_spnego.h"
 
 static const char* prog = "cifs.spnego";
 
@@ -55,16 +56,18 @@
 
 int
 main(const int argc, const char** argv){
-	CIFS_SPNEGO_DOWNCALL* keydata;
+//	CIFS_SPNEGO_DOWNCALL* keydata;
+	struct cifs_spnego_msg *keydata;
 	DATA_BLOB secblob, sess_key;
 	enum secType sectype = KRB5;
 	key_serial_t keyring;
 	key_serial_t key;
+	size_t datalen;
 	long rc;
 
 	openlog( prog, 0, LOG_DAEMON); 
-	if ( argc < 4 ) {
-		syslog(LOG_WARNING,"Usage: cifs_gssapi key_serial server_IP keyring");
+	if ( argc < 2 ) {
+		syslog(LOG_WARNING,"Usage: cifs_gssapi key_serial");
 		return 1;
 	}
 
@@ -76,13 +79,6 @@
 			       	strerror(errno) );
 		return 1;
 	}
-	errno = 0;
-	keyring = strtol(argv[3],NULL,10);
-	if ( errno != 0 ) {
-		syslog(LOG_WARNING,"Invalid keyring. Unable convert key to number %s:",
-				strerror(errno) );
-		return 1;
-	}
 
 	rc = keyctl_assume_authority(key);
 	if( rc == -1 ) {
@@ -91,8 +87,6 @@
 		return 1;
 	}
 
-
-
 	/* BB: someday upcall SPNEGO blob could be checked here to decide 
 	 * what mech to use */
 
@@ -102,19 +96,22 @@
 			DATA_BLOB mechtkn;
 			char * hostname,*princ;
 
+			hostname = "server.example.com";
+/*
 			hostname = get_host_name(argv[2]);
 			if ( !hostname ){
 				rc = 1;
 			}
+*/
 			princ = malloc( strlen(hostname) + 6 );
 			if ( !princ ) {
 				rc = 1;
-				free(hostname);
+//				free(hostname);
 				break;
 			}
 			strcpy(princ,"cifs/");
 			strcat(princ,hostname);
-			free(hostname);
+//			free(hostname);
 			rc = handle_krb5_mech(princ, &mechtkn, &sess_key);
 			if ( !rc ) {
 				secblob=gen_negTokenInit(OID_KERBEROS5,mechtkn);
@@ -136,19 +133,21 @@
 	}
 
 	/* pack SecurityBLob and SessionKey into downcall packet */
-	keydata = malloc( sizeof(keydata)+secblob.length+sess_key.length);
+	datalen = sizeof(struct cifs_spnego_msg) + secblob.length + sess_key.length;
+	keydata = malloc(datalen);
 	if ( !keydata ) {
 	       	return 1; 
 	}
-	keydata->secblob_length = secblob.length;
-	keydata->sesskey_length = sess_key.length;
-	memcpy( &(keydata->data), secblob.data, secblob.length );
-	memcpy( &(keydata->data)+keydata->secblob_length, 
-				sess_key.data, sess_key.length );
+	keydata->version = CIFS_SPNEGO_UPCALL_VERSION;
+	keydata->flags = 0;
+	keydata->sesskey_len = sess_key.length;
+	keydata->secblob_len = secblob.length;
+	memcpy( &(keydata->data), sess_key.data, sess_key.length );
+	memcpy( &(keydata->data)+keydata->sesskey_len, 
+				secblob.data, secblob.length );
 
 	/* setup key  */
-	rc = keyctl_instantiate( key, keydata, sizeof(CIFS_SPNEGO_DOWNCALL)+
-		keydata->secblob_length+keydata->sesskey_length, keyring);
+	rc = keyctl_instantiate( key, keydata, datalen, 0);
 
 	free_data_blob(&secblob);
 	free_data_blob(&sess_key);
@@ -199,9 +198,11 @@
 {                                                                               
 	char *emsg;                                                           
 	emsg = krb5_get_error_message (context, code);                              
-	fprintf (stderr, "%s: %s ", myprog, emsg);                                  
+//	fprintf (stderr, "%s: %s ", myprog, emsg);                                  
+	syslog(LOG_DEBUG, "%s: %s ", myprog, emsg);                                  
 	krb5_free_error_message (context, emsg);                                    
-	vfprintf (stderr, fmt, args);                                               
+//	vfprintf (stderr, fmt, args);                                               
+	vsyslog(LOG_DEBUG, fmt, args);
 	fprintf (stderr, "\n");                                                     
 } 
 


More information about the linux-cifs-client mailing list