* [PATCH 2/2] cifscreds: allow user to set the key's timeout
@ 2025-01-14 20:35 tbecker
2025-01-20 16:07 ` Paulo Alcantara
2025-01-24 17:52 ` [PATCH vvv] " tbecker
0 siblings, 2 replies; 3+ messages in thread
From: tbecker @ 2025-01-14 20:35 UTC (permalink / raw)
To: linux-cifs; +Cc: Thiago Becker
From: Thiago Becker <tbecker@redhat.com>
Allow the user to set the key's timeout when adding a new credential.
Signed-off-by: Thiago Becker <tbecker@redhat.com>
---
cifscreds.c | 17 +++++++++++------
cifskey.c | 12 ++++++++++--
cifskey.h | 7 ++++++-
pam_cifscreds.c | 4 ++--
4 files changed, 29 insertions(+), 11 deletions(-)
diff --git a/cifscreds.c b/cifscreds.c
index c52f495..f552bc8 100644
--- a/cifscreds.c
+++ b/cifscreds.c
@@ -43,6 +43,7 @@ struct cmdarg {
char *host;
char *user;
char keytype;
+ unsigned int timeout;
};
struct command {
@@ -59,7 +60,7 @@ static int cifscreds_update(struct cmdarg *arg);
static const char *thisprogram;
static struct command commands[] = {
- { cifscreds_add, "add", "[-u username] [-d] <host|domain>" },
+ { cifscreds_add, "add", "[-u username] [-d] <host|domain> [-t timeout]" },
{ cifscreds_clear, "clear", "[-u username] [-d] <host|domain>" },
{ cifscreds_clearall, "clearall", "" },
{ cifscreds_update, "update", "[-u username] [-d] <host|domain>" },
@@ -69,6 +70,7 @@ static struct command commands[] = {
static struct option longopts[] = {
{"username", 1, NULL, 'u'},
{"domain", 0, NULL, 'd' },
+ {"timeout", 0, NULL, 't' },
{NULL, 0, NULL, 0}
};
@@ -218,7 +220,7 @@ static int cifscreds_add(struct cmdarg *arg)
*nextaddress++ = '\0';
while (currentaddress) {
- key_serial_t key = key_add(currentaddress, arg->user, pass, arg->keytype);
+ key_serial_t key = key_add(currentaddress, arg->user, pass, arg->keytype, arg->timeout);
if (key <= 0) {
fprintf(stderr, "error: Add credential key for %s: %s\n",
currentaddress, strerror(errno));
@@ -253,7 +255,7 @@ static int cifscreds_clear(struct cmdarg *arg)
char *currentaddress, *nextaddress;
int ret = 0, count = 0, errors = 0;
- if (arg->host == NULL || arg->user == NULL)
+ if (arg->host == NULL || arg->user == NULL || arg->timeout)
return usage();
if (arg->keytype == 'd')
@@ -362,7 +364,7 @@ static int cifscreds_update(struct cmdarg *arg)
char *addrs[16];
int ret = 0, id, count = 0;
- if (arg->host == NULL || arg->user == NULL)
+ if (arg->host == NULL || arg->user == NULL || arg->timeout)
return usage();
if (arg->keytype == 'd')
@@ -419,7 +421,7 @@ static int cifscreds_update(struct cmdarg *arg)
pass = getpass("Password: ");
for (id = 0; id < count; id++) {
- key_serial_t key = key_add(addrs[id], arg->user, pass, arg->keytype);
+ key_serial_t key = key_add(addrs[id], arg->user, pass, arg->keytype, 0);
if (key <= 0)
fprintf(stderr, "error: Update credential key "
"for %s: %s\n", addrs[id], strerror(errno));
@@ -474,7 +476,7 @@ int main(int argc, char **argv)
if (argc == 1)
return usage();
- while((n = getopt_long(argc, argv, "du:", longopts, NULL)) != -1) {
+ while((n = getopt_long(argc, argv, "dut:", longopts, NULL)) != -1) {
switch (n) {
case 'd':
arg.keytype = (char) n;
@@ -482,6 +484,9 @@ int main(int argc, char **argv)
case 'u':
arg.user = optarg;
break;
+ case 't':
+ arg.timeout = atoi(optarg);
+ break;
default:
return usage();
}
diff --git a/cifskey.c b/cifskey.c
index 919540f..4fef02f 100644
--- a/cifskey.c
+++ b/cifskey.c
@@ -40,11 +40,12 @@ key_search(const char *addr, char keytype)
/* add or update a specific key to keyring */
key_serial_t
-key_add(const char *addr, const char *user, const char *pass, char keytype)
+key_add(const char *addr, const char *user, const char *pass, char keytype, unsigned timeout)
{
int len;
char desc[INET6_ADDRSTRLEN + sizeof(KEY_PREFIX) + 4];
char val[MOUNT_PASSWD_SIZE + MAX_USERNAME_SIZE + 2];
+ key_serial_t key;
/* set key description */
if (snprintf(desc, sizeof(desc), "%s:%c:%s", KEY_PREFIX, keytype, addr) >= (int)sizeof(desc)) {
@@ -59,5 +60,12 @@ key_add(const char *addr, const char *user, const char *pass, char keytype)
return -1;
}
- return add_key(CIFS_KEY_TYPE, desc, val, len + 1, DEST_KEYRING);
+ if ((key = add_key(CIFS_KEY_TYPE, desc, val, len + 1, DEST_KEYRING)) < 0) {
+ return -1;
+ }
+
+ if (timeout > 0)
+ keyctl_set_timeout(key, timeout);
+
+ return key;
}
diff --git a/cifskey.h b/cifskey.h
index ed0c469..0069445 100644
--- a/cifskey.h
+++ b/cifskey.h
@@ -41,7 +41,12 @@
#define CIFS_KEY_PERMS (KEY_POS_VIEW|KEY_POS_WRITE|KEY_POS_SEARCH| \
KEY_USR_VIEW|KEY_USR_WRITE|KEY_USR_SEARCH)
+/**
+ * Default key timeout is 24 hours
+ */
+#define DEFAULT_KEY_TIMEOUT (24 * 60 * 60)
+
key_serial_t key_search(const char *addr, char keytype);
-key_serial_t key_add(const char *addr, const char *user, const char *pass, char keytype);
+key_serial_t key_add(const char *addr, const char *user, const char *pass, char keytype, unsigned timeout);
#endif /* _CIFSKEY_H */
diff --git a/pam_cifscreds.c b/pam_cifscreds.c
index eb9851d..2b8c0b6 100644
--- a/pam_cifscreds.c
+++ b/pam_cifscreds.c
@@ -232,7 +232,7 @@ static int cifscreds_pam_add(pam_handle_t *ph, const char *user, const char *pas
*nextaddress++ = '\0';
while (currentaddress) {
- key_serial_t key = key_add(currentaddress, user, password, keytype);
+ key_serial_t key = key_add(currentaddress, user, password, keytype, DEFAULT_KEY_TIMEOUT);
if (key <= 0) {
pam_syslog(ph, LOG_ERR, "error: Add credential key for %s: %s",
currentaddress, strerror(errno));
@@ -335,7 +335,7 @@ static int cifscreds_pam_update(pam_handle_t *ph, const char *user, const char *
}
for (id = 0; id < count; id++) {
- key_serial_t key = key_add(currentaddress, user, password, keytype);
+ key_serial_t key = key_add(currentaddress, user, password, keytype, DEFAULT_KEY_TIMEOUT);
if (key <= 0) {
pam_syslog(ph, LOG_ERR, "error: Update credential key for %s: %s",
(currentaddress ?: "(null)"), strerror(errno));
--
2.47.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH 2/2] cifscreds: allow user to set the key's timeout
2025-01-14 20:35 [PATCH 2/2] cifscreds: allow user to set the key's timeout tbecker
@ 2025-01-20 16:07 ` Paulo Alcantara
2025-01-24 17:52 ` [PATCH vvv] " tbecker
1 sibling, 0 replies; 3+ messages in thread
From: Paulo Alcantara @ 2025-01-20 16:07 UTC (permalink / raw)
To: tbecker, linux-cifs; +Cc: Thiago Becker
tbecker@redhat.com writes:
> From: Thiago Becker <tbecker@redhat.com>
>
> Allow the user to set the key's timeout when adding a new credential.
>
> Signed-off-by: Thiago Becker <tbecker@redhat.com>
> ---
> cifscreds.c | 17 +++++++++++------
> cifskey.c | 12 ++++++++++--
> cifskey.h | 7 ++++++-
> pam_cifscreds.c | 4 ++--
> 4 files changed, 29 insertions(+), 11 deletions(-)
LGTM. Do you mind to send a patch to update cifscreds.rst with the new
parameter so the user will know it should be in seconds?
Reviewed-by: Paulo Alcantara (Red Hat) <pc@manguebit.com>
Thanks.
^ permalink raw reply [flat|nested] 3+ messages in thread
* [PATCH vvv] cifscreds: allow user to set the key's timeout
2025-01-14 20:35 [PATCH 2/2] cifscreds: allow user to set the key's timeout tbecker
2025-01-20 16:07 ` Paulo Alcantara
@ 2025-01-24 17:52 ` tbecker
1 sibling, 0 replies; 3+ messages in thread
From: tbecker @ 2025-01-24 17:52 UTC (permalink / raw)
To: linux-cifs, pc; +Cc: Thiago Becker
From: Thiago Becker <tbecker@redhat.com>
Allow the user to set the key's timeout when adding a new credential.
Signed-off-by: Thiago Becker <tbecker@redhat.com>
---
cifscreds.c | 17 +++++++++++------
cifscreds.rst | 4 ++++
cifskey.c | 12 ++++++++++--
cifskey.h | 7 ++++++-
pam_cifscreds.c | 4 ++--
5 files changed, 33 insertions(+), 11 deletions(-)
diff --git a/cifscreds.c b/cifscreds.c
index c52f495..f552bc8 100644
--- a/cifscreds.c
+++ b/cifscreds.c
@@ -43,6 +43,7 @@ struct cmdarg {
char *host;
char *user;
char keytype;
+ unsigned int timeout;
};
struct command {
@@ -59,7 +60,7 @@ static int cifscreds_update(struct cmdarg *arg);
static const char *thisprogram;
static struct command commands[] = {
- { cifscreds_add, "add", "[-u username] [-d] <host|domain>" },
+ { cifscreds_add, "add", "[-u username] [-d] <host|domain> [-t timeout]" },
{ cifscreds_clear, "clear", "[-u username] [-d] <host|domain>" },
{ cifscreds_clearall, "clearall", "" },
{ cifscreds_update, "update", "[-u username] [-d] <host|domain>" },
@@ -69,6 +70,7 @@ static struct command commands[] = {
static struct option longopts[] = {
{"username", 1, NULL, 'u'},
{"domain", 0, NULL, 'd' },
+ {"timeout", 0, NULL, 't' },
{NULL, 0, NULL, 0}
};
@@ -218,7 +220,7 @@ static int cifscreds_add(struct cmdarg *arg)
*nextaddress++ = '\0';
while (currentaddress) {
- key_serial_t key = key_add(currentaddress, arg->user, pass, arg->keytype);
+ key_serial_t key = key_add(currentaddress, arg->user, pass, arg->keytype, arg->timeout);
if (key <= 0) {
fprintf(stderr, "error: Add credential key for %s: %s\n",
currentaddress, strerror(errno));
@@ -253,7 +255,7 @@ static int cifscreds_clear(struct cmdarg *arg)
char *currentaddress, *nextaddress;
int ret = 0, count = 0, errors = 0;
- if (arg->host == NULL || arg->user == NULL)
+ if (arg->host == NULL || arg->user == NULL || arg->timeout)
return usage();
if (arg->keytype == 'd')
@@ -362,7 +364,7 @@ static int cifscreds_update(struct cmdarg *arg)
char *addrs[16];
int ret = 0, id, count = 0;
- if (arg->host == NULL || arg->user == NULL)
+ if (arg->host == NULL || arg->user == NULL || arg->timeout)
return usage();
if (arg->keytype == 'd')
@@ -419,7 +421,7 @@ static int cifscreds_update(struct cmdarg *arg)
pass = getpass("Password: ");
for (id = 0; id < count; id++) {
- key_serial_t key = key_add(addrs[id], arg->user, pass, arg->keytype);
+ key_serial_t key = key_add(addrs[id], arg->user, pass, arg->keytype, 0);
if (key <= 0)
fprintf(stderr, "error: Update credential key "
"for %s: %s\n", addrs[id], strerror(errno));
@@ -474,7 +476,7 @@ int main(int argc, char **argv)
if (argc == 1)
return usage();
- while((n = getopt_long(argc, argv, "du:", longopts, NULL)) != -1) {
+ while((n = getopt_long(argc, argv, "dut:", longopts, NULL)) != -1) {
switch (n) {
case 'd':
arg.keytype = (char) n;
@@ -482,6 +484,9 @@ int main(int argc, char **argv)
case 'u':
arg.user = optarg;
break;
+ case 't':
+ arg.timeout = atoi(optarg);
+ break;
default:
return usage();
}
diff --git a/cifscreds.rst b/cifscreds.rst
index a6676cb..14f5bda 100644
--- a/cifscreds.rst
+++ b/cifscreds.rst
@@ -68,6 +68,10 @@ OPTIONS
adding the credentials. This option allows the user to substitute a
different username.
+-t, --timeout
+ Sets the key timeout in seconds. If not set, will use the system default
+ timeout for logon keys.
+
*****
NOTES
*****
diff --git a/cifskey.c b/cifskey.c
index 919540f..4fef02f 100644
--- a/cifskey.c
+++ b/cifskey.c
@@ -40,11 +40,12 @@ key_search(const char *addr, char keytype)
/* add or update a specific key to keyring */
key_serial_t
-key_add(const char *addr, const char *user, const char *pass, char keytype)
+key_add(const char *addr, const char *user, const char *pass, char keytype, unsigned timeout)
{
int len;
char desc[INET6_ADDRSTRLEN + sizeof(KEY_PREFIX) + 4];
char val[MOUNT_PASSWD_SIZE + MAX_USERNAME_SIZE + 2];
+ key_serial_t key;
/* set key description */
if (snprintf(desc, sizeof(desc), "%s:%c:%s", KEY_PREFIX, keytype, addr) >= (int)sizeof(desc)) {
@@ -59,5 +60,12 @@ key_add(const char *addr, const char *user, const char *pass, char keytype)
return -1;
}
- return add_key(CIFS_KEY_TYPE, desc, val, len + 1, DEST_KEYRING);
+ if ((key = add_key(CIFS_KEY_TYPE, desc, val, len + 1, DEST_KEYRING)) < 0) {
+ return -1;
+ }
+
+ if (timeout > 0)
+ keyctl_set_timeout(key, timeout);
+
+ return key;
}
diff --git a/cifskey.h b/cifskey.h
index ed0c469..0069445 100644
--- a/cifskey.h
+++ b/cifskey.h
@@ -41,7 +41,12 @@
#define CIFS_KEY_PERMS (KEY_POS_VIEW|KEY_POS_WRITE|KEY_POS_SEARCH| \
KEY_USR_VIEW|KEY_USR_WRITE|KEY_USR_SEARCH)
+/**
+ * Default key timeout is 24 hours
+ */
+#define DEFAULT_KEY_TIMEOUT (24 * 60 * 60)
+
key_serial_t key_search(const char *addr, char keytype);
-key_serial_t key_add(const char *addr, const char *user, const char *pass, char keytype);
+key_serial_t key_add(const char *addr, const char *user, const char *pass, char keytype, unsigned timeout);
#endif /* _CIFSKEY_H */
diff --git a/pam_cifscreds.c b/pam_cifscreds.c
index eb9851d..2b8c0b6 100644
--- a/pam_cifscreds.c
+++ b/pam_cifscreds.c
@@ -232,7 +232,7 @@ static int cifscreds_pam_add(pam_handle_t *ph, const char *user, const char *pas
*nextaddress++ = '\0';
while (currentaddress) {
- key_serial_t key = key_add(currentaddress, user, password, keytype);
+ key_serial_t key = key_add(currentaddress, user, password, keytype, DEFAULT_KEY_TIMEOUT);
if (key <= 0) {
pam_syslog(ph, LOG_ERR, "error: Add credential key for %s: %s",
currentaddress, strerror(errno));
@@ -335,7 +335,7 @@ static int cifscreds_pam_update(pam_handle_t *ph, const char *user, const char *
}
for (id = 0; id < count; id++) {
- key_serial_t key = key_add(currentaddress, user, password, keytype);
+ key_serial_t key = key_add(currentaddress, user, password, keytype, DEFAULT_KEY_TIMEOUT);
if (key <= 0) {
pam_syslog(ph, LOG_ERR, "error: Update credential key for %s: %s",
(currentaddress ?: "(null)"), strerror(errno));
--
2.47.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2025-01-24 17:53 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-01-14 20:35 [PATCH 2/2] cifscreds: allow user to set the key's timeout tbecker
2025-01-20 16:07 ` Paulo Alcantara
2025-01-24 17:52 ` [PATCH vvv] " tbecker
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox