- SMB: Fix kerberos authentication

2008-09-16 15:49:01 +00:00 · 2008-09-16 15:49:01 +00:00 · ae8cf5afcf
commit ae8cf5afcf
parent 654d84e59b
2 changed files with 70 additions and 1 deletions
--- a/gvfs-0.99.8-smb-kerberos-auth.patch
+++ b/gvfs-0.99.8-smb-kerberos-auth.patch
@ -0,0 +1,63 @@
+Index: daemon/gvfsbackendsmb.c
+===================================================================
+--- daemon/gvfsbackendsmb.c	(revision 1992)
+++ daemon/gvfsbackendsmb.c	(revision 1993)
+@@ -175,10 +175,7 @@
+       backend->user == NULL &&
+       backend->domain == NULL)
+     {
+-      /* Try anon login */
+-      strncpy (username_out, "", unmaxlen);
+-      strncpy (password_out, "", pwmaxlen);
+-      /* Try again if anon login fails */
+      /* Try again if kerberos login + anonymous fallback fails */
+       backend->mount_try_again = TRUE;
+     }
+   else
+@@ -495,9 +492,15 @@
+   smb_context->flags = 0;
+ #endif
+   
+  /* Initial settings:
+   *   - use Kerberos (always)
+   *   - in case of no username specified, try anonymous login
+   */
+   smbc_setOptionUseKerberos (smb_context, 1);
+-  smbc_setOptionFallbackAfterKerberos (smb_context, 1);  
+-  smbc_setOptionNoAutoAnonymousLogin (smb_context, 1);
+  smbc_setOptionFallbackAfterKerberos (smb_context,
+                                       op_backend->user != NULL);
+  smbc_setOptionNoAutoAnonymousLogin (smb_context,
+                                      op_backend->user != NULL);
+ 
+   
+ #if 0
+@@ -540,6 +543,8 @@
+ 
+   uri = create_smb_uri (op_backend->server, op_backend->share, NULL);
+ 
+
+  /*  Samba mount loop  */
+   op_backend->mount_source = mount_source;
+   op_backend->mount_try = 0;
+   op_backend->password_save = G_PASSWORD_SAVE_NEVER;
+@@ -554,8 +559,17 @@
+       if (res == 0 ||
+ 	  (errno != EACCES && errno != EPERM))
+ 	break;
+-      
+-      op_backend->mount_try ++;      
+
+      /* The first round is Kerberos-only.  Only if this fails do we enable
+       * NTLMSSP fallback (turning off anonymous fallback, which we've
+       * already tried and failed with).
+       */
+      if (op_backend->mount_try == 0)
+        {
+          smbc_setOptionFallbackAfterKerberos (op_backend->smb_context, 1);
+          smbc_setOptionNoAutoAnonymousLogin (op_backend->smb_context, 1);
+        }
+      op_backend->mount_try ++;
+     }
+   while (op_backend->mount_try_again);
+   
--- a/gvfs.spec
+++ b/gvfs.spec
@ -1,7 +1,7 @@
 Summary: Backends for the gio framework in GLib
 Name: gvfs
 Version: 0.99.8
-Release: 2%{?dist}
+Release: 3%{?dist}
 License: LGPLv2+
 Group: System Environment/Libraries
 URL: http://www.gtk.org
@ -32,6 +32,9 @@ Patch1: gvfs-0.99.2-archive-integration.patch

 Patch2: gvfs-obexftp-updated-apis.patch

+# http://bugzilla.gnome.org/show_bug.cgi?id=524498
+Patch3: gvfs-0.99.8-smb-kerberos-auth.patch
+
 %description
 The gvfs package provides backend implementations for the gio 
 framework in GLib. It includes ftp, sftp, cifs. 
@ -251,6 +254,9 @@ update-desktop-database &> /dev/null ||:


 %changelog
+* Tue Sep 16 2008 Tomas Bzatek <tbzatek@redhat.com>  - 0.99.8-3
+- SMB: Fix kerberos authentication
+
 * Mon Sep 15 2008 Matthias Clasen <mclasen@redhat.com>  - 0.99.8-2
 - Update to 0.99.8