From ae8cf5afcfb99246743062193a683d04c586cbc6 Mon Sep 17 00:00:00 2001 From: Tomas Bzatek Date: Tue, 16 Sep 2008 15:49:01 +0000 Subject: [PATCH] - SMB: Fix kerberos authentication --- gvfs-0.99.8-smb-kerberos-auth.patch | 63 +++++++++++++++++++++++++++++ gvfs.spec | 8 +++- 2 files changed, 70 insertions(+), 1 deletion(-) create mode 100644 gvfs-0.99.8-smb-kerberos-auth.patch diff --git a/gvfs-0.99.8-smb-kerberos-auth.patch b/gvfs-0.99.8-smb-kerberos-auth.patch new file mode 100644 index 0000000..3a72144 --- /dev/null +++ b/gvfs-0.99.8-smb-kerberos-auth.patch @@ -0,0 +1,63 @@ +Index: daemon/gvfsbackendsmb.c +=================================================================== +--- daemon/gvfsbackendsmb.c (revision 1992) ++++ daemon/gvfsbackendsmb.c (revision 1993) +@@ -175,10 +175,7 @@ + backend->user == NULL && + backend->domain == NULL) + { +- /* Try anon login */ +- strncpy (username_out, "", unmaxlen); +- strncpy (password_out, "", pwmaxlen); +- /* Try again if anon login fails */ ++ /* Try again if kerberos login + anonymous fallback fails */ + backend->mount_try_again = TRUE; + } + else +@@ -495,9 +492,15 @@ + smb_context->flags = 0; + #endif + ++ /* Initial settings: ++ * - use Kerberos (always) ++ * - in case of no username specified, try anonymous login ++ */ + smbc_setOptionUseKerberos (smb_context, 1); +- smbc_setOptionFallbackAfterKerberos (smb_context, 1); +- smbc_setOptionNoAutoAnonymousLogin (smb_context, 1); ++ smbc_setOptionFallbackAfterKerberos (smb_context, ++ op_backend->user != NULL); ++ smbc_setOptionNoAutoAnonymousLogin (smb_context, ++ op_backend->user != NULL); + + + #if 0 +@@ -540,6 +543,8 @@ + + uri = create_smb_uri (op_backend->server, op_backend->share, NULL); + ++ ++ /* Samba mount loop */ + op_backend->mount_source = mount_source; + op_backend->mount_try = 0; + op_backend->password_save = G_PASSWORD_SAVE_NEVER; +@@ -554,8 +559,17 @@ + if (res == 0 || + (errno != EACCES && errno != EPERM)) + break; +- +- op_backend->mount_try ++; ++ ++ /* The first round is Kerberos-only. Only if this fails do we enable ++ * NTLMSSP fallback (turning off anonymous fallback, which we've ++ * already tried and failed with). ++ */ ++ if (op_backend->mount_try == 0) ++ { ++ smbc_setOptionFallbackAfterKerberos (op_backend->smb_context, 1); ++ smbc_setOptionNoAutoAnonymousLogin (op_backend->smb_context, 1); ++ } ++ op_backend->mount_try ++; + } + while (op_backend->mount_try_again); + diff --git a/gvfs.spec b/gvfs.spec index 9f4f9fd..5b4579f 100644 --- a/gvfs.spec +++ b/gvfs.spec @@ -1,7 +1,7 @@ Summary: Backends for the gio framework in GLib Name: gvfs Version: 0.99.8 -Release: 2%{?dist} +Release: 3%{?dist} License: LGPLv2+ Group: System Environment/Libraries URL: http://www.gtk.org @@ -32,6 +32,9 @@ Patch1: gvfs-0.99.2-archive-integration.patch Patch2: gvfs-obexftp-updated-apis.patch +# http://bugzilla.gnome.org/show_bug.cgi?id=524498 +Patch3: gvfs-0.99.8-smb-kerberos-auth.patch + %description The gvfs package provides backend implementations for the gio framework in GLib. It includes ftp, sftp, cifs. @@ -251,6 +254,9 @@ update-desktop-database &> /dev/null ||: %changelog +* Tue Sep 16 2008 Tomas Bzatek - 0.99.8-3 +- SMB: Fix kerberos authentication + * Mon Sep 15 2008 Matthias Clasen - 0.99.8-2 - Update to 0.99.8