Initializing the credentials cache from the provided keytab relies on
the username/principal to be known.
The kernel doesn't pass down a username for the individual user sessions
of a multiuser mount, though, we only get a uid.
This patch adds derival of a missing username based on the uid just as is
already done for the gid.
This way the keytab can also be used for initialization of user
sessions.
Signed-off-by: Florian Schwalm <Florian.Schwalm@xxxxxxxxx>
---
cifs.upcall.c | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/cifs.upcall.c b/cifs.upcall.c
index 52c0328..492fcb6 100644
--- a/cifs.upcall.c
+++ b/cifs.upcall.c
@@ -1515,6 +1515,21 @@ int main(const int argc, char *const argv[])
goto out;
}
+ /*
+ * The kernel doesn't pass down the username for individual sessions
+ * of a multiuser mount, so we resort here to scraping one
+ * out of the passwd nss db.
+ */
+ if(arg->username[0] == '\0') {
+ if (strlen(pw->pw_name) > sizeof(arg->username)-1) {
+ syslog(LOG_ERR, "pw_name value too long for buffer");
+ } else {
+ memset(arg->username, 0, sizeof(arg->username));
+ strncpy(arg->username, pw->pw_name, strlen(pw->pw_name));
+ syslog(LOG_DEBUG, "Added username derived from uid:%s", arg->username);
+ }
+ }
+
ccache = get_existing_cc(env_cachename);
/* Couldn't find credcache? Try to use keytab */
if (ccache == NULL && arg->username[0] != '\0')
--
2.39.3
