On Wed, 2013-01-30 at 13:41 +0100, Martin Wilck wrote:
> In some environments, hosts will require credentials for a share
> listing.
>
> This patch introduces 2 methods to obtain credentials:
> 1) if a credentials file is present
> under /etc/creds/$key, use it.
> 2) Otherwise, try to find a usable kerberos credentials cache
> for the calling user (using the UID the script is running as)
> and use that.
> If both methods fail, the script will try to obtain the list
> of shares anonymously, falling back to the previous behavior.
Yeah, I guess, since auto.smb is essentially an example for people to
work from it's a useful addition to demonstrate usage.
> ---
> samples/auto.smb | 52 +++++++++++++++++++++++++++++++++++++++++++++++++++-
> 1 file changed, 51 insertions(+), 1 deletion(-)
>
> diff --git a/samples/auto.smb b/samples/auto.smb
> index 2dfb8f8..977b29b 100755
> --- a/samples/auto.smb
> +++ b/samples/auto.smb
> @@ -2,6 +2,40 @@
>
> # This file must be executable to work! chmod 755!
>
> +# Automagically mount CIFS shares in the network, similar to
> +# what autofs -hosts does for NFS.
> +
> +# Put a line like the following in /etc/auto.master:
> +# /cifs /etc/auto.smb --timeout=300
> +# You'll be able to access Windows and Samba shares in your network
> +# under /cifs/host.domain/share
> +
> +# "smbclient -L" is used to obtain a list of shares from the given host.
> +# In some environments, this requires valid credentials.
> +
> +# This script knows 2 methods to obtain credentials:
> +# 1) if a credentials file (see mount.cifs(8)) is present
> +# under /etc/creds/$key, use it.
> +# 2) Otherwise, try to find a usable kerberos credentials cache
> +# for the calling user and use that.
> +# If both methods fail, the script will try to obtain the list
> +# of shares anonymously.
> +
> +get_krb5_cache() {
> + cache=
> + uid=$(id -u)
> + for x in $(ls -d /run/user/$uid/krb5cc_* 2>/dev/null); do
> + if [ -d "$x" ] && klist -s DIR:"$x"; then
> + cache=DIR:$x
> + return
> + fi
> + done
> + if [ -f /tmp/krb5cc_$uid ] && klist -s /tmp/krb5cc_$uid; then
> + cache=/tmp/krb5cc_$uid
> + return
> + fi
> +}
> +
> key="$1"
> opts="-fstype=cifs"
>
> @@ -16,7 +50,23 @@ done
>
> [ -x $SMBCLIENT ] || exit 1
>
> -$SMBCLIENT -gNL $key 2>/dev/null| awk -v key="$key" -v opts="$opts" -F'|' -- '
> +creds=/etc/creds/$key
> +if [ -f "$creds" ]; then
> + opts="$opts"',uid=$UID,gid=$GID,credentials='"$creds"
So we expect that $UID and $GID will be translated during the map entry
parse, right?
> + smbopts="-A $creds"
> +else
> + get_krb5_cache
> + if [ -n "$cache" ]; then
> + opts="$opts"',multiuser,cruid=$UID,sec=krb5i'
> + smbopts="-k"
> + export KRB5CCNAME=$cache
Mmm ... does setting KRB5CCNAME actually do anything?
The program map is forked as a child process of the automount thread and
is expected to return a mount location string to be passed on to the
parsing module.
> + else
> + opts="$opts"',guest'
> + smbopts="-N"
> + fi
> +fi
> +
> +$SMBCLIENT $smbopts -gL "$key" 2>/dev/null| awk -v "key=$key" -v "opts=$opts" -F '|' -- '
> BEGIN { ORS=""; first=1 }
> /Disk/ {
> if (first)
--
To unsubscribe from this list: send the line "unsubscribe autofs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
