[PATCH 1/2] cifs.upcall: allow use of alternate credcache name

[Jeff Layton]

If the kernel passes cifs.upcall a ccname, use it for getting the
creds.

Signed-off-by: Jeff Layton <jlayton at redhat.com>
---
 source3/client/cifs.upcall.c |   34 +++++++++++++++++++++++-----------
 1 files changed, 23 insertions(+), 11 deletions(-)

diff --git a/source3/client/cifs.upcall.c b/source3/client/cifs.upcall.c
index 4110de3..4fa43d1 100644
--- a/source3/client/cifs.upcall.c
+++ b/source3/client/cifs.upcall.c
@@ -58,15 +58,15 @@ typedef enum _secType {
  * ret: 0 - success, others - failure
 */
 static int
-handle_krb5_mech(const char *oid, const char *principal,
-		     DATA_BLOB * secblob, DATA_BLOB * sess_key)
+handle_krb5_mech(const char *oid, const char *principal, DATA_BLOB *secblob,
+		 DATA_BLOB *sess_key, char *ccname)
 {
 	int retval;
 	DATA_BLOB tkt, tkt_wrapped;
 
 	/* get a kerberos ticket for the service and extract the session key */
-	retval = cli_krb5_get_ticket(principal, 0,
-				     &tkt, sess_key, 0, NULL, NULL);
+	retval = cli_krb5_get_ticket(principal, 0, &tkt, sess_key, 0,
+				     ccname, NULL);
 
 	if (retval)
 		return retval;
@@ -88,21 +88,21 @@ handle_krb5_mech(const char *oid, const char *principal,
 #define DKD_HAVE_IPV4		8
 #define DKD_HAVE_IPV6		16
 #define DKD_HAVE_UID		32
+#define DKD_HAVE_CCNAME		64
 #define DKD_MUSTHAVE_SET (DKD_HAVE_HOSTNAME|DKD_HAVE_VERSION|DKD_HAVE_SEC)
 
 static int
-decode_key_description(const char *desc, int *ver, secType_t * sec,
-			   char **hostname, uid_t * uid)
+decode_key_description(const char *desc, int *ver, secType_t *sec,
+		       char **hostname, uid_t *uid, char **credinfo)
 {
 	int retval = 0;
+	int len;
 	char *pos;
 	const char *tkn = desc;
 
 	do {
 		pos = index(tkn, ';');
 		if (strncmp(tkn, "host=", 5) == 0) {
-			int len;
-
 			if (pos == NULL) {
 				len = strlen(tkn);
 			} else {
@@ -146,6 +146,17 @@ decode_key_description(const char *desc, int *ver, secType_t * sec,
 			} else {
 				retval |= DKD_HAVE_VERSION;
 			}
+		} else if (strncmp(tkn, "credinfo=", 9) == 0) {
+			if (pos == NULL)
+				len = strlen(tkn);
+			else
+				len = pos - tkn;
+
+			len -= 8;
+			SAFE_FREE(*credinfo);
+			*credinfo = SMB_XMALLOC_ARRAY(char, len);
+			strlcpy(*credinfo, tkn + 9, len);
+			retval |= DKD_HAVE_CCNAME;
 		}
 		if (pos == NULL)
 			break;
@@ -226,7 +237,7 @@ int main(const int argc, char *const argv[])
 	uid_t uid = 0;
 	int kernel_upcall_version = 0;
 	int c, use_cifs_service_prefix = 0;
-	char *buf, *hostname = NULL;
+	char *buf, *hostname = NULL, *credinfo = NULL;
 	const char *oid;
 
 	openlog(prog, 0, LOG_DAEMON);
@@ -278,7 +289,7 @@ int main(const int argc, char *const argv[])
 	}
 
 	rc = decode_key_description(buf, &kernel_upcall_version, &sectype,
-				    &hostname, &uid);
+				    &hostname, &uid, &credinfo);
 	if ((rc & DKD_MUSTHAVE_SET) != DKD_MUSTHAVE_SET) {
 		syslog(LOG_WARNING,
 		       "unable to get from description necessary params");
@@ -333,7 +344,8 @@ int main(const int argc, char *const argv[])
 			else
 				oid = OID_KERBEROS5;
 
-			rc = handle_krb5_mech(oid, princ, &secblob, &sess_key);
+			rc = handle_krb5_mech(oid, princ, &secblob, &sess_key,
+					      credinfo);
 			SAFE_FREE(princ);
 			break;
 		}
-- 
1.6.2.2