On Wed, 11 Jul 2012 21:05:31 +0200
Milan Knížek <knizek.confy@xxxxxxxxx> wrote:
> sorry, sent from a wrong email address and probably silently rejected by
> Majordomo...
> -------- Přeposlaná zpráva --------
> Předmět: Re: mount.cifs multiuser w/o krb5? How?
> Datum: Tue, 10 Jul 2012 23:01:32 +0200
>
> Jeff Layton writes:
>
> >> cifscreds add is more or less equivalent to a command like this:
> >
> > $ keyctl add logon cifs:a:ip_address 'username:password' @s
> >
>
> There seems to be a general problem with adding keys (@s) to the default
> "session" keyring. Adding user type keys (@u) works.
>
> $ keyctl add logon description data @s
> does not add anything to the _uid_ses:UID keyring, which is automatically
> created after login.
>
> Interestingly, when a new session keyring is added, then it works:
>
> [root@client ~]# su - zmrzlinka
> [zmrzlinka@client ~]$ keyctl show
> Session Keyring
> 1037083570 --alswrv 1001 -1 keyring: _uid_ses.1001
> 578017679 --alswrv 1001 -1 \_ keyring: _uid.1001
> [zmrzlinka@client ~]$ cifscreds add toillet
> Password:
> [zmrzlinka@client ~]$ keyctl show
> Session Keyring
> 1037083570 --alswrv 1001 -1 keyring: _uid_ses.1001
> 578017679 --alswrv 1001 -1 \_ keyring: _uid.1001
> [zmrzlinka@client ~]$ keyctl session new-session
> Joined session keyring: 871855811
> [zmrzlinka@client ~]$ keyctl show
> Session Keyring
> 871855811 --alswrv 1001 100 keyring: new-session
> [zmrzlinka@client ~]$ cifscreds add toillet
> Password:
> [zmrzlinka@client ~]$ keyctl show
> Session Keyring
> 871855811 --alswrv 1001 100 keyring: new-session
> 244698182 ----sw-v 1001 100 \_ logon: cifs:a:192.168.1.3
>
[...]
> [root@client ~]# su - zmrzlinka
> [zmrzlinka@client ~]$ strace cifscreds add toillet
> execve("/usr/bin/cifscreds", ["cifscreds", "add", "toillet"], [/* 27 vars
> */]) = 0
> brk(0) = 0x64e000
> mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
> 0x7f4eaed93000
> access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or
> directory)
> open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
> fstat(3, {st_mode=S_IFREG|0644, st_size=256357, ...}) = 0
> mmap(NULL, 256357, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f4eaed54000
> close(3) = 0
> open("/usr/lib/libkeyutils.so.1", O_RDONLY|O_CLOEXEC) = 3
> read(3,
> "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\260\21\0\0\0\0\0\0"..., 832)
> = 832
> fstat(3, {st_mode=S_IFREG|0755, st_size=14480, ...}) = 0
> mmap(NULL, 2109608, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
> 0x7f4eae96f000
> mprotect(0x7f4eae972000, 2093056, PROT_NONE) = 0
> mmap(0x7f4eaeb71000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|
> MAP_DENYWRITE, 3, 0x2000) = 0x7f4eaeb71000
> close(3) = 0
> open("/lib/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
> read(3,
> "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0000\30\2\0\0\0\0\0"..., 832)
> = 832
> fstat(3, {st_mode=S_IFREG|0755, st_size=1997041, ...}) = 0
> mmap(NULL, 3816528, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
> 0x7f4eae5cb000
> mprotect(0x7f4eae766000, 2093056, PROT_NONE) = 0
> mmap(0x7f4eae965000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|
> MAP_DENYWRITE, 3, 0x19a000) = 0x7f4eae965000
> mmap(0x7f4eae96b000, 15440, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|
> MAP_ANONYMOUS, -1, 0) = 0x7f4eae96b000
> close(3) = 0
> mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
> 0x7f4eaed53000
> mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
> 0x7f4eaed52000
> mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
> 0x7f4eaed51000
> arch_prctl(ARCH_SET_FS, 0x7f4eaed52700) = 0
> mprotect(0x7f4eae965000, 16384, PROT_READ) = 0
> mprotect(0x7f4eaeb71000, 4096, PROT_READ) = 0
> mprotect(0x602000, 4096, PROT_READ) = 0
> mprotect(0x7f4eaed94000, 4096, PROT_READ) = 0
> munmap(0x7f4eaed54000, 256357) = 0
> getuid() = 1001
> brk(0) = 0x64e000
> brk(0x66f000) = 0x66f000
> socket(PF_FILE, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3
> connect(3, {sa_family=AF_FILE, sun_path="/var/run/nscd/socket"}, 110) = -1
> ENOENT (No such file or directory)
> close(3) = 0
> socket(PF_FILE, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3
> connect(3, {sa_family=AF_FILE, sun_path="/var/run/nscd/socket"}, 110) = -1
> ENOENT (No such file or directory)
> close(3) = 0
> open("/etc/nsswitch.conf", O_RDONLY|O_CLOEXEC) = 3
> fstat(3, {st_mode=S_IFREG|0644, st_size=274, ...}) = 0
> mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
> 0x7f4eaed92000
> read(3, "# Begin /etc/nsswitch.conf\n\npass"..., 4096) = 274
> read(3, "", 4096) = 0
> close(3) = 0
> munmap(0x7f4eaed92000, 4096) = 0
> open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
> fstat(3, {st_mode=S_IFREG|0644, st_size=256357, ...}) = 0
> mmap(NULL, 256357, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f4eaed54000
> close(3) = 0
> open("/lib/libnss_files.so.2", O_RDONLY|O_CLOEXEC) = 3
> read(3,
> "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0000\"\0\0\0\0\0\0"..., 832) =
> 832
> fstat(3, {st_mode=S_IFREG|0755, st_size=52112, ...}) = 0
> mmap(NULL, 2148136, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
> 0x7f4eae3be000
> mprotect(0x7f4eae3ca000, 2093056, PROT_NONE) = 0
> mmap(0x7f4eae5c9000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|
> MAP_DENYWRITE, 3, 0xb000) = 0x7f4eae5c9000
> close(3) = 0
> mprotect(0x7f4eae5c9000, 4096, PROT_READ) = 0
> munmap(0x7f4eaed54000, 256357) = 0
> open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 3
> fstat(3, {st_mode=S_IFREG|0644, st_size=1439, ...}) = 0
> mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
> 0x7f4eaed92000
> read(3, "root:x:0:0:root client:/root:/bi"..., 4096) = 1439
> close(3) = 0
> munmap(0x7f4eaed92000, 4096) = 0
> socket(PF_NETLINK, SOCK_RAW, 0) = 3
> bind(3, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 0
> getsockname(3, {sa_family=AF_NETLINK, pid=18164, groups=00000000}, [12]) = 0
> sendto(3, "\24\0\0\0\26\0\1\3^\227\374O\0\0\0\0\0\0\0\0", 20, 0,
> {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 20
> recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000},
> msg_iov(1)=[{"0\0\0\0\24\0\2\0^\227\374O\364F\0\0\2\10\200\376\1\0\0\0\10\0\1\0\177\0\0\1"...,
> 4096}], msg_controllen=0, msg_flags=0}, 0) = 224
> recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000},
> msg_iov(1)=[{"@\0\0\0\24\0\2\0^\227\374O\364F\0\0\n\200\200\376\1\0\0\0\24\0\1\0\0\0\0\0"...,
> 4096}], msg_controllen=0, msg_flags=0}, 0) = 192
> recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000},
> msg_iov(1)=[{"\24\0\0\0\3\0\2\0^\227\374O\364F\0\0\0\0\0\0", 4096}],
> msg_controllen=0, msg_flags=0}, 0) = 20
> socket(PF_FILE, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 4
> connect(4, {sa_family=AF_FILE, sun_path="/var/run/nscd/socket"}, 110) = -1
> ENOENT (No such file or directory)
> close(4) = 0
> close(3) = 0
> socket(PF_FILE, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3
> connect(3, {sa_family=AF_FILE, sun_path="/var/run/nscd/socket"}, 110) = -1
> ENOENT (No such file or directory)
> close(3) = 0
> open("/etc/host.conf", O_RDONLY|O_CLOEXEC) = 3
> fstat(3, {st_mode=S_IFREG|0644, st_size=63, ...}) = 0
> mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
> 0x7f4eaed92000
> read(3, "#\n# /etc/host.conf\n#\n\norder host"..., 4096) = 63
> read(3, "", 4096) = 0
> close(3) = 0
> munmap(0x7f4eaed92000, 4096) = 0
> getpid() = 18164
> open("/etc/resolv.conf", O_RDONLY|O_CLOEXEC) = 3
> fstat(3, {st_mode=S_IFREG|0644, st_size=63, ...}) = 0
> mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
> 0x7f4eaed92000
> read(3, "nameserver 127.0.0.1\nnameserver "..., 4096) = 63
> read(3, "", 4096) = 0
> close(3) = 0
> munmap(0x7f4eaed92000, 4096) = 0
> uname({sys="Linux", node="client", ...}) = 0
> open("/etc/hosts", O_RDONLY|O_CLOEXEC) = 3
> fstat(3, {st_mode=S_IFREG|0644, st_size=622, ...}) = 0
> mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
> 0x7f4eaed92000
> read(3, "#\n# /etc/hosts: static lookup ta"..., 4096) = 622
> read(3, "", 4096) = 0
> close(3) = 0
> munmap(0x7f4eaed92000, 4096) = 0
> keyctl(0xa, 0xfffffffd, 0x4021c2, 0x7fff300084d0, 0) = -1 ENOKEY (Required
> key not available)
> open("/dev/tty", O_RDWR|O_CREAT|O_TRUNC|O_CLOEXEC, 0666) = 3
> ioctl(3, SNDCTL_TMR_TIMEBASE or SNDRV_TIMER_IOCTL_NEXT_DEVICE or TCGETS,
> {B38400 opost isig icanon echo ...}) = 0
> ioctl(3, SNDCTL_TMR_CONTINUE or SNDRV_TIMER_IOCTL_GPARAMS or TCSETSF,
> {B38400 opost -isig icanon -echo ...}) = 0
> fstat(3, {st_mode=S_IFCHR|0666, st_rdev=makedev(5, 0), ...}) = 0
> ioctl(3, SNDCTL_TMR_TIMEBASE or SNDRV_TIMER_IOCTL_NEXT_DEVICE or TCGETS,
> {B38400 opost -isig icanon -echo ...}) = 0
> mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
> 0x7f4eaed92000
> write(3, "Password: ", 10Password: ) = 10
> read(3, "\33[B\33[C\33[B\33[D\n", 4096) = 13
> write(3, "\n", 1
> ) = 1
> ioctl(3, SNDCTL_TMR_CONTINUE or SNDRV_TIMER_IOCTL_GPARAMS or TCSETSF,
> {B38400 opost isig icanon echo ...}) = 0
> close(3) = 0
> munmap(0x7f4eaed92000, 4096) = 0
> add_key(0x4021c2, 0x7fff30008410, 0x7fff30008450, 0x17, 0xfffffffd) =
> 588748510
> keyctl(0x5, 0x231796de, 0xd0d0000, 0xffffffffffffffff, 0xfffffffd) = 0
> exit_group(0) = ?
> +++ exited with 0 +++
(cc'ing the keyrings mailing list in the hopes that someone there has
an idea)
Well, that is odd...it looks like the add_key() succeeded, as well as
the keyctl(KEYCTL_SETPERM, ...) call that followed it to set
permissions on the new key.
If it's gone after that, then I can only figure that the cifscreds
process is somehow ending up with a different session keyring than its
parent?
--
Jeff Layton <jlayton@xxxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe linux-cifs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
