In some environments, hosts will require credentials for a share listing. This patch introduces 2 methods to obtain credentials: 1) if a credentials file is present under /etc/creds/$key, use it. 2) Otherwise, try to find a usable kerberos credentials cache for the calling user (using the UID the script is running as) and use that. If both methods fail, the script will try to obtain the list of shares anonymously, falling back to the previous behavior. --- samples/auto.smb | 52 +++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 51 insertions(+), 1 deletion(-) diff --git a/samples/auto.smb b/samples/auto.smb index 2dfb8f8..977b29b 100755 --- a/samples/auto.smb +++ b/samples/auto.smb @@ -2,6 +2,40 @@ # This file must be executable to work! chmod 755! +# Automagically mount CIFS shares in the network, similar to +# what autofs -hosts does for NFS. + +# Put a line like the following in /etc/auto.master: +# /cifs /etc/auto.smb --timeout=300 +# You'll be able to access Windows and Samba shares in your network +# under /cifs/host.domain/share + +# "smbclient -L" is used to obtain a list of shares from the given host. +# In some environments, this requires valid credentials. + +# This script knows 2 methods to obtain credentials: +# 1) if a credentials file (see mount.cifs(8)) is present +# under /etc/creds/$key, use it. +# 2) Otherwise, try to find a usable kerberos credentials cache +# for the calling user and use that. +# If both methods fail, the script will try to obtain the list +# of shares anonymously. + +get_krb5_cache() { + cache= + uid=$(id -u) + for x in $(ls -d /run/user/$uid/krb5cc_* 2>/dev/null); do + if [ -d "$x" ] && klist -s DIR:"$x"; then + cache=DIR:$x + return + fi + done + if [ -f /tmp/krb5cc_$uid ] && klist -s /tmp/krb5cc_$uid; then + cache=/tmp/krb5cc_$uid + return + fi +} + key="$1" opts="-fstype=cifs" @@ -16,7 +50,23 @@ done [ -x $SMBCLIENT ] || exit 1 -$SMBCLIENT -gNL $key 2>/dev/null| awk -v key="$key" -v opts="$opts" -F'|' -- ' +creds=/etc/creds/$key +if [ -f "$creds" ]; then + opts="$opts"',uid=$UID,gid=$GID,credentials='"$creds" + smbopts="-A $creds" +else + get_krb5_cache + if [ -n "$cache" ]; then + opts="$opts"',multiuser,cruid=$UID,sec=krb5i' + smbopts="-k" + export KRB5CCNAME=$cache + else + opts="$opts"',guest' + smbopts="-N" + fi +fi + +$SMBCLIENT $smbopts -gL "$key" 2>/dev/null| awk -v "key=$key" -v "opts=$opts" -F '|' -- ' BEGIN { ORS=""; first=1 } /Disk/ { if (first) -- 1.8.1 -- To unsubscribe from this list: send the line "unsubscribe autofs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html