rpms/gvfs
7
0
Fork 0
Code Issues Pull Requests Releases Activity

- SMB: Fix kerberos authentication

Browse Source
This commit is contained in:
Tomas Bzatek 2008-09-16 15:49:01 +00:00
parent 654d84e59b
commit ae8cf5afcf
2 changed files with 70 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
gvfs-0.99.8-smb-kerberos-auth.patch Normal file
View File

@ -0,0 +1,63 @@
Index: daemon/gvfsbackendsmb.c
===================================================================
--- daemon/gvfsbackendsmb.c (revision 1992)
+++ daemon/gvfsbackendsmb.c (revision 1993)
@@ -175,10 +175,7 @@
backend->user == NULL &&
backend->domain == NULL)
{
- /* Try anon login */
- strncpy (username_out, "", unmaxlen);
- strncpy (password_out, "", pwmaxlen);
- /* Try again if anon login fails */
+ /* Try again if kerberos login + anonymous fallback fails */
backend->mount_try_again = TRUE;
}
else
@@ -495,9 +492,15 @@
smb_context->flags = 0;
#endif
+ /* Initial settings:
+ * - use Kerberos (always)
+ * - in case of no username specified, try anonymous login
+ */
smbc_setOptionUseKerberos (smb_context, 1);
- smbc_setOptionFallbackAfterKerberos (smb_context, 1);
- smbc_setOptionNoAutoAnonymousLogin (smb_context, 1);
+ smbc_setOptionFallbackAfterKerberos (smb_context,
+ op_backend->user != NULL);
+ smbc_setOptionNoAutoAnonymousLogin (smb_context,
+ op_backend->user != NULL);
#if 0
@@ -540,6 +543,8 @@
uri = create_smb_uri (op_backend->server, op_backend->share, NULL);
+
+ /* Samba mount loop */
op_backend->mount_source = mount_source;
op_backend->mount_try = 0;
op_backend->password_save = G_PASSWORD_SAVE_NEVER;
@@ -554,8 +559,17 @@
if (res == 0 ||
(errno != EACCES && errno != EPERM))
break;
-
- op_backend->mount_try ++;
+
+ /* The first round is Kerberos-only. Only if this fails do we enable
+ * NTLMSSP fallback (turning off anonymous fallback, which we've
+ * already tried and failed with).
+ */
+ if (op_backend->mount_try == 0)
+ {
+ smbc_setOptionFallbackAfterKerberos (op_backend->smb_context, 1);
+ smbc_setOptionNoAutoAnonymousLogin (op_backend->smb_context, 1);
+ }
+ op_backend->mount_try ++;
}
while (op_backend->mount_try_again);

8
gvfs.spec
View File

@ -1,7 +1,7 @@
Summary: Backends for the gio framework in GLib Summary: Backends for the gio framework in GLib
Name: gvfs Name: gvfs
Version: 0.99.8 Version: 0.99.8
Release: 2%{?dist} Release: 3%{?dist}
License: LGPLv2+ License: LGPLv2+
Group: System Environment/Libraries Group: System Environment/Libraries
URL: http://www.gtk.org URL: http://www.gtk.org
@ -32,6 +32,9 @@ Patch1: gvfs-0.99.2-archive-integration.patch
Patch2: gvfs-obexftp-updated-apis.patch Patch2: gvfs-obexftp-updated-apis.patch
# http://bugzilla.gnome.org/show_bug.cgi?id=524498
Patch3: gvfs-0.99.8-smb-kerberos-auth.patch
%description %description
The gvfs package provides backend implementations for the gio The gvfs package provides backend implementations for the gio
framework in GLib. It includes ftp, sftp, cifs. framework in GLib. It includes ftp, sftp, cifs.
@ -251,6 +254,9 @@ update-desktop-database &> /dev/null ||:
%changelog %changelog
* Tue Sep 16 2008 Tomas Bzatek <tbzatek@redhat.com> - 0.99.8-3
- SMB: Fix kerberos authentication
* Mon Sep 15 2008 Matthias Clasen <mclasen@redhat.com> - 0.99.8-2 * Mon Sep 15 2008 Matthias Clasen <mclasen@redhat.com> - 0.99.8-2
- Update to 0.99.8 - Update to 0.99.8