Ignore EINVAL for kerberos/ccache login to fix SMB mounting

Resolves: #2093861
This commit is contained in:
Ondrej Holy 2022-04-13 10:47:49 +02:00
parent 197d69d2f2
commit 4eadbbcada
3 changed files with 140 additions and 1 deletions

View File

@ -22,13 +22,17 @@
Name: gvfs Name: gvfs
Version: 1.48.1 Version: 1.48.1
Release: 3%{?dist} Release: 4%{?dist}
Summary: Backends for the gio framework in GLib Summary: Backends for the gio framework in GLib
License: GPLv3 and LGPLv2+ and BSD and MPLv2.0 License: GPLv3 and LGPLv2+ and BSD and MPLv2.0
URL: https://wiki.gnome.org/Projects/gvfs URL: https://wiki.gnome.org/Projects/gvfs
Source0: https://download.gnome.org/sources/gvfs/1.48/gvfs-%{version}.tar.xz Source0: https://download.gnome.org/sources/gvfs/1.48/gvfs-%{version}.tar.xz
# https://bugzilla.redhat.com/show_bug.cgi?id=2093861
Patch0: smb-Ignore-EINVAL-for-kerberos-ccache-login.patch
Patch1: smb-Rework-anonymous-handling-to-avoid-EINVAL.patch
BuildRequires: meson BuildRequires: meson
BuildRequires: gcc BuildRequires: gcc
BuildRequires: pkgconfig BuildRequires: pkgconfig
@ -425,6 +429,9 @@ killall -USR1 gvfsd >&/dev/null || :
%{_datadir}/installed-tests %{_datadir}/installed-tests
%changelog %changelog
* Tue Jun 14 2022 Ondrej Holy <oholy@redhat.com> - 1.48.1-4
- Ignore EINVAL for kerberos/ccache login to fix SMB mounting (#2093861)
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.48.1-3 * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.48.1-3
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688 Related: rhbz#1991688

View File

@ -0,0 +1,58 @@
From 747c7f6ea6c8b6a7ccd008bb47996ba7eb169bcc Mon Sep 17 00:00:00 2001
From: Ondrej Holy <oholy@redhat.com>
Date: Mon, 11 Apr 2022 10:54:04 +0200
Subject: [PATCH] smb: Ignore EINVAL for kerberos/ccache login
With samba 4.16.0, mount operation fails with the "Invalid Argument" error
when kerberos/ccache is misconfigured. Ignore this error, so user get a chance
to login using the password...
Fixes: https://gitlab.gnome.org/GNOME/gvfs/-/issues/611
---
daemon/gvfsbackendsmb.c | 8 +++++++-
daemon/gvfsbackendsmbbrowse.c | 10 ++++++++--
2 files changed, 15 insertions(+), 3 deletions(-)
diff --git a/daemon/gvfsbackendsmb.c b/daemon/gvfsbackendsmb.c
index 33d1a209..776b67bc 100644
--- a/daemon/gvfsbackendsmb.c
+++ b/daemon/gvfsbackendsmb.c
@@ -513,7 +513,13 @@ do_mount (GVfsBackend *backend,
if (res == 0)
break;
- if (op_backend->mount_cancelled || (errsv != EACCES && errsv != EPERM))
+ if (errsv == EINVAL && op_backend->mount_try <= 1 && op_backend->user == NULL)
+ {
+ /* EINVAL is "expected" when kerberos/ccache is misconfigured, see:
+ * https://gitlab.gnome.org/GNOME/gvfs/-/issues/611
+ */
+ }
+ else if (op_backend->mount_cancelled || (errsv != EACCES && errsv != EPERM))
{
g_debug ("do_mount - (errno != EPERM && errno != EACCES), cancelled = %d, breaking\n", op_backend->mount_cancelled);
break;
diff --git a/daemon/gvfsbackendsmbbrowse.c b/daemon/gvfsbackendsmbbrowse.c
index 57bae9db..7e8facfb 100644
--- a/daemon/gvfsbackendsmbbrowse.c
+++ b/daemon/gvfsbackendsmbbrowse.c
@@ -967,8 +967,14 @@ do_mount (GVfsBackend *backend,
uri, op_backend->mount_try, dir, op_backend->mount_cancelled,
errsv, g_strerror (errsv));
- if (dir == NULL &&
- (op_backend->mount_cancelled || (errsv != EPERM && errsv != EACCES)))
+ if (errsv == EINVAL && op_backend->mount_try == 0 && op_backend->user == NULL)
+ {
+ /* EINVAL is "expected" when kerberos is misconfigured, see:
+ * https://gitlab.gnome.org/GNOME/gvfs/-/issues/611
+ */
+ }
+ else if (dir == NULL &&
+ (op_backend->mount_cancelled || (errsv != EPERM && errsv != EACCES)))
{
g_debug ("do_mount - (errno != EPERM && errno != EACCES), cancelled = %d, breaking\n", op_backend->mount_cancelled);
break;
--
2.35.1

View File

@ -0,0 +1,74 @@
From 8c7e79042d819304ea38408d0d90313eef7a3869 Mon Sep 17 00:00:00 2001
From: Ondrej Holy <oholy@redhat.com>
Date: Wed, 4 May 2022 13:20:46 +0200
Subject: [PATCH] smb: Rework anonymous handling to avoid EINVAL
After the recent samba change, the "Invalid Argument" error can be still
returned when anonymous login is requested even after the commit 747c7f6.
This is because `smbc_setOptionNoAutoAnonymousLogin` is called after returning
from the `auth_callback` function (i.e. there is one redundant iteration).
Let's rework the handling a bit and call that immediately, which bypasses
the issue.
Fixes: https://gitlab.gnome.org/GNOME/gvfs/-/issues/619
---
daemon/gvfsbackendsmb.c | 19 ++++---------------
1 file changed, 4 insertions(+), 15 deletions(-)
diff --git a/daemon/gvfsbackendsmb.c b/daemon/gvfsbackendsmb.c
index 776b67bc..a1e3eacd 100644
--- a/daemon/gvfsbackendsmb.c
+++ b/daemon/gvfsbackendsmb.c
@@ -80,7 +80,6 @@ struct _GVfsBackendSmb
int mount_try;
gboolean mount_try_again;
gboolean mount_cancelled;
- gboolean use_anonymous;
gboolean password_in_keyring;
GPasswordSave password_save;
@@ -215,13 +214,6 @@ auth_callback (SMBCCTX *context,
backend->mount_try_again = TRUE;
g_debug ("auth_callback - ccache pass\n");
}
- else if (backend->use_anonymous)
- {
- /* Try again if anonymous login fails */
- backend->use_anonymous = FALSE;
- backend->mount_try_again = TRUE;
- g_debug ("auth_callback - anonymous login pass\n");
- }
else
{
gboolean in_keyring = FALSE;
@@ -304,10 +296,13 @@ auth_callback (SMBCCTX *context,
/* Try again if this fails */
backend->mount_try_again = TRUE;
+ smbc_setOptionNoAutoAnonymousLogin (backend->smb_context,
+ !anonymous);
+
if (anonymous)
{
- backend->use_anonymous = TRUE;
backend->password_save = FALSE;
+ g_debug ("auth_callback - anonymous enabled\n");
}
else
{
@@ -535,12 +530,6 @@ do_mount (GVfsBackend *backend,
smbc_setOptionFallbackAfterKerberos (op_backend->smb_context, 1);
}
- /* If the AskPassword reply requested anonymous login, enable the
- * anonymous fallback and try again.
- */
- smbc_setOptionNoAutoAnonymousLogin (op_backend->smb_context,
- !op_backend->use_anonymous);
-
op_backend->mount_try ++;
}
while (op_backend->mount_try_again);
--
2.36.0