[PATCH 2/2] samples/auto.smb: add logic to obtain credentials
In some environments, hosts will require credentials for a share
listing.
This patch introduces 2 methods to obtain credentials:
1) if a credentials file is present
under /etc/creds/$key, use it.
2) Otherwise, try to find a usable kerberos credentials cache
for the calling user and use that.
If both methods fail, the script will try to obtain the list
of shares anonymously, falling back to the previous behavior.
Combined with the previous patch, this auto.smb script will achieve
a painless "-hosts"-like user experience.
---
samples/auto.smb | 51 ++++++++++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 50 insertions(+), 1 deletion(-)
diff --git a/samples/auto.smb b/samples/auto.smb
index 2dfb8f8..5790c8a 100755
--- a/samples/auto.smb
+++ b/samples/auto.smb
@@ -2,6 +2,40 @@
# This file must be executable to work! chmod 755!
+# Automagically mount CIFS shares in the network, similar to
+# what autofs -hosts does for NFS.
+
+# Put a line like the following in /etc/auto.master:
+# /cifs /etc/auto.smb --timeout=300
+# You'll be able to access Windows and Samba shares in your network
+# under /cifs/host.domain/share
+
+# "smbclient -L" is used to obtain a list of shares from the given host.
+# In some environments, this requires valid credentials.
+
+# This script knows 2 methods to obtain credentials:
+# 1) if a credentials file (see mount.cifs(8)) is present
+# under /etc/creds/$key, use it.
+# 2) Otherwise, try to find a usable kerberos credentials cache
+# for the calling user and use that.
+# If both methods fail, the script will try to obtain the list
+# of shares anonymously.
+
+get_krb5_cache() {
+ cache=
+ [ -n "$CALLER_UID" ] || return
+ for x in $(ls -d /run/user/"$CALLER_UID"/krb5cc_* 2>/dev/null); do
+ if [ -d "$x" ] && klist -s DIR:"$x"; then
+ cache=DIR:$x
+ return
+ fi
+ done
+ if [ -f "/tmp/krb5cc_$CALLER_UID" ] && klist -s "/tmp/krb5cc_$CALLER_UID"; then
+ cache="/tmp/krb5cc_$CALLER_UID"
+ return
+ fi
+}
+
key="$1"
opts="-fstype=cifs"
@@ -16,7 +50,22 @@ done
[ -x $SMBCLIENT ] || exit 1
-$SMBCLIENT -gNL $key 2>/dev/null| awk -v key="$key" -v opts="$opts" -F'|' -- '
+creds=/etc/creds/$key
+if [ -f "$creds" ]; then
+ opts="$opts"',uid=$UID,gid=$GID,credentials=$creds'
+ smbopts="-A $creds"
+else
+ get_krb5_cache
+ if [ -n "$cache" ]; then
+ opts="$opts"',multiuser,cruid=$UID,sec=krb5i'
+ smbopts="-k"
+ export KRB5CCNAME=$cache
+ else
+ smbopts="-N"
+ fi
+fi
+
+$SMBCLIENT $smbopts -gL "$key" 2>/dev/null| awk -v "key=$key" -v "opts=$opts" -F '|' -- '
BEGIN { ORS=""; first=1 }
/Disk/ {
if (first)
--
1.8.1
--
To unsubscribe from this list: send the line "unsubscribe autofs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
