Ignore EINVAL for kerberos/ccache login to fix SMB mounting

Resolves: #2093861

gvfs.spec

@@ -22,13 +22,17 @@
 
 Name: gvfs
 Version: 1.48.1
-Release: 3%{?dist}
+Release: 4%{?dist}
 Summary: Backends for the gio framework in GLib
 
 License: GPLv3 and LGPLv2+ and BSD and MPLv2.0
 URL: https://wiki.gnome.org/Projects/gvfs
 Source0: https://download.gnome.org/sources/gvfs/1.48/gvfs-%{version}.tar.xz
 
+# https://bugzilla.redhat.com/show_bug.cgi?id=2093861
+Patch0: smb-Ignore-EINVAL-for-kerberos-ccache-login.patch
+Patch1: smb-Rework-anonymous-handling-to-avoid-EINVAL.patch
+
 BuildRequires: meson
 BuildRequires: gcc
 BuildRequires: pkgconfig
@@ -425,6 +429,9 @@ killall -USR1 gvfsd >&/dev/null || :
 %{_datadir}/installed-tests
 
 %changelog
+* Tue Jun 14 2022 Ondrej Holy <oholy@redhat.com> - 1.48.1-4
+- Ignore EINVAL for kerberos/ccache login to fix SMB mounting (#2093861)
+
 * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.48.1-3
 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
   Related: rhbz#1991688

smb-Ignore-EINVAL-for-kerberos-ccache-login.patch

@@ -0,0 +1,58 @@
+From 747c7f6ea6c8b6a7ccd008bb47996ba7eb169bcc Mon Sep 17 00:00:00 2001
+From: Ondrej Holy <oholy@redhat.com>
+Date: Mon, 11 Apr 2022 10:54:04 +0200
+Subject: [PATCH] smb: Ignore EINVAL for kerberos/ccache login
+
+With samba 4.16.0, mount operation fails with the "Invalid Argument" error
+when kerberos/ccache is misconfigured. Ignore this error, so user get a chance
+to login using the password...
+
+Fixes: https://gitlab.gnome.org/GNOME/gvfs/-/issues/611
+---
+ daemon/gvfsbackendsmb.c       |  8 +++++++-
+ daemon/gvfsbackendsmbbrowse.c | 10 ++++++++--
+ 2 files changed, 15 insertions(+), 3 deletions(-)
+
+diff --git a/daemon/gvfsbackendsmb.c b/daemon/gvfsbackendsmb.c
+index 33d1a209..776b67bc 100644
+--- a/daemon/gvfsbackendsmb.c
++++ b/daemon/gvfsbackendsmb.c
+@@ -513,7 +513,13 @@ do_mount (GVfsBackend *backend,
+       if (res == 0)
+         break;
+ 
+-      if (op_backend->mount_cancelled || (errsv != EACCES && errsv != EPERM))
++      if (errsv == EINVAL && op_backend->mount_try <= 1 && op_backend->user == NULL)
++        {
++          /* EINVAL is "expected" when kerberos/ccache is misconfigured, see:
++           * https://gitlab.gnome.org/GNOME/gvfs/-/issues/611
++           */
++        }
++      else if (op_backend->mount_cancelled || (errsv != EACCES && errsv != EPERM))
+         {
+           g_debug ("do_mount - (errno != EPERM && errno != EACCES), cancelled = %d, breaking\n", op_backend->mount_cancelled);
+           break;
+diff --git a/daemon/gvfsbackendsmbbrowse.c b/daemon/gvfsbackendsmbbrowse.c
+index 57bae9db..7e8facfb 100644
+--- a/daemon/gvfsbackendsmbbrowse.c
++++ b/daemon/gvfsbackendsmbbrowse.c
+@@ -967,8 +967,14 @@ do_mount (GVfsBackend *backend,
+              uri, op_backend->mount_try, dir, op_backend->mount_cancelled,
+              errsv, g_strerror (errsv));
+ 
+-      if (dir == NULL && 
+-          (op_backend->mount_cancelled || (errsv != EPERM && errsv != EACCES)))
++      if (errsv == EINVAL && op_backend->mount_try == 0 && op_backend->user == NULL)
++        {
++          /* EINVAL is "expected" when kerberos is misconfigured, see:
++           * https://gitlab.gnome.org/GNOME/gvfs/-/issues/611
++           */
++        }
++      else if (dir == NULL &&
++               (op_backend->mount_cancelled || (errsv != EPERM && errsv != EACCES)))
+         {
+           g_debug ("do_mount - (errno != EPERM && errno != EACCES), cancelled = %d, breaking\n", op_backend->mount_cancelled);
+ 	  break;
+-- 
+2.35.1
+

smb-Rework-anonymous-handling-to-avoid-EINVAL.patch

@@ -0,0 +1,74 @@
+From 8c7e79042d819304ea38408d0d90313eef7a3869 Mon Sep 17 00:00:00 2001
+From: Ondrej Holy <oholy@redhat.com>
+Date: Wed, 4 May 2022 13:20:46 +0200
+Subject: [PATCH] smb: Rework anonymous handling to avoid EINVAL
+
+After the recent samba change, the "Invalid Argument" error can be still
+returned when anonymous login is requested even after the commit 747c7f6.
+This is because `smbc_setOptionNoAutoAnonymousLogin` is called after returning
+from the `auth_callback` function (i.e. there is one redundant iteration).
+Let's rework the handling a bit and call that immediately, which bypasses
+the issue.
+
+Fixes: https://gitlab.gnome.org/GNOME/gvfs/-/issues/619
+---
+ daemon/gvfsbackendsmb.c | 19 ++++---------------
+ 1 file changed, 4 insertions(+), 15 deletions(-)
+
+diff --git a/daemon/gvfsbackendsmb.c b/daemon/gvfsbackendsmb.c
+index 776b67bc..a1e3eacd 100644
+--- a/daemon/gvfsbackendsmb.c
++++ b/daemon/gvfsbackendsmb.c
+@@ -80,7 +80,6 @@ struct _GVfsBackendSmb
+   int mount_try;
+   gboolean mount_try_again;
+   gboolean mount_cancelled;
+-  gboolean use_anonymous;
+ 	
+   gboolean password_in_keyring;
+   GPasswordSave password_save;
+@@ -215,13 +214,6 @@ auth_callback (SMBCCTX *context,
+       backend->mount_try_again = TRUE;
+       g_debug ("auth_callback - ccache pass\n");
+     }
+-  else if (backend->use_anonymous)
+-    {
+-      /* Try again if anonymous login fails */
+-      backend->use_anonymous = FALSE;
+-      backend->mount_try_again = TRUE;
+-      g_debug ("auth_callback - anonymous login pass\n");
+-    }
+   else
+     {
+       gboolean in_keyring = FALSE;
+@@ -304,10 +296,13 @@ auth_callback (SMBCCTX *context,
+       /* Try again if this fails */
+       backend->mount_try_again = TRUE;
+ 
++      smbc_setOptionNoAutoAnonymousLogin (backend->smb_context,
++                                          !anonymous);
++
+       if (anonymous)
+         {
+-          backend->use_anonymous = TRUE;
+           backend->password_save = FALSE;
++          g_debug ("auth_callback - anonymous enabled\n");
+         }
+       else
+         {
+@@ -535,12 +530,6 @@ do_mount (GVfsBackend *backend,
+           smbc_setOptionFallbackAfterKerberos (op_backend->smb_context, 1);
+         }
+ 
+-      /* If the AskPassword reply requested anonymous login, enable the
+-       * anonymous fallback and try again.
+-       */
+-      smbc_setOptionNoAutoAnonymousLogin (op_backend->smb_context,
+-                                          !op_backend->use_anonymous);
+-
+       op_backend->mount_try ++;
+     }
+   while (op_backend->mount_try_again);
+-- 
+2.36.0
+