From ba90bd4db70e1cb40a5fcb8a5c3349bd3d43f71e Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Thu, 16 Jun 2022 04:43:21 +0000
Subject: [PATCH] Auto sync2gitlab import of gvfs-1.36.2-12.el8.src.rpm

---
 gvfs.spec                                     | 21 ++++++-
 smb-Ignore-EINVAL-for-kerberos-login.patch    | 43 ++++++++++++++
 ...k-anonymous-handling-to-avoid-EINVAL.patch | 57 +++++++++++++++++++
 3 files changed, 120 insertions(+), 1 deletion(-)
 create mode 100644 smb-Ignore-EINVAL-for-kerberos-login.patch
 create mode 100644 smb-Rework-anonymous-handling-to-avoid-EINVAL.patch

diff --git a/gvfs.spec b/gvfs.spec
index d80d0ce..01e3049 100644
--- a/gvfs.spec
+++ b/gvfs.spec
@@ -25,7 +25,7 @@
 
 Name: gvfs
 Version: 1.36.2
-Release: 11%{?dist}
+Release: 12%{?dist}
 Summary: Backends for the gio framework in GLib
 
 License: GPLv3 and LGPLv2+ and BSD and MPLv2.0
@@ -66,6 +66,10 @@ Patch10: smb-Improve-enumeration-performance.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1889411
 Patch11: goa-Add-support-for-certificate-prompts.patch
 
+# https://bugzilla.redhat.com/show_bug.cgi?id=2095712
+Patch12: smb-Ignore-EINVAL-for-kerberos-login.patch
+Patch13: smb-Rework-anonymous-handling-to-avoid-EINVAL.patch
+
 BuildRequires: pkgconfig
 BuildRequires: pkgconfig(glib-2.0) >= %{glib2_version}
 BuildRequires: pkgconfig(dbus-glib-1)
@@ -352,9 +356,11 @@ killall -USR1 gvfsd >&/dev/null || :
 %{_libexecdir}/gvfsd-recent
 %{_mandir}/man1/gvfsd.1*
 %{_mandir}/man1/gvfsd-metadata.1*
+%if ! 0%{?flatpak}
 %{_userunitdir}/gvfs-daemon.service
 %{_userunitdir}/gvfs-metadata.service
 %{_userunitdir}/gvfs-udisks2-volume-monitor.service
+%endif
 
 %files client -f gvfs.lang
 %{!?_licensedir:%global license %%doc}
@@ -376,7 +382,9 @@ killall -USR1 gvfsd >&/dev/null || :
 %files fuse
 %{_libexecdir}/gvfsd-fuse
 %{_mandir}/man1/gvfsd-fuse.1*
+%if ! 0%{?flatpak}
 %{_tmpfilesdir}/gvfsd-fuse-tmpfiles.conf
+%endif
 
 %files smb
 %{_libexecdir}/gvfsd-smb
@@ -396,7 +404,9 @@ killall -USR1 gvfsd >&/dev/null || :
 %{_libexecdir}/gvfs-gphoto2-volume-monitor
 %{_datadir}/dbus-1/services/org.gtk.vfs.GPhoto2VolumeMonitor.service
 %{_datadir}/gvfs/remote-volume-monitors/gphoto2.monitor
+%if ! 0%{?flatpak}
 %{_userunitdir}/gvfs-gphoto2-volume-monitor.service
+%endif
 
 %ifnarch s390 s390x
 %files afc
@@ -405,8 +415,10 @@ killall -USR1 gvfsd >&/dev/null || :
 %{_libexecdir}/gvfs-afc-volume-monitor
 %{_datadir}/dbus-1/services/org.gtk.vfs.AfcVolumeMonitor.service
 %{_datadir}/gvfs/remote-volume-monitors/afc.monitor
+%if ! 0%{?flatpak}
 %{_userunitdir}/gvfs-afc-volume-monitor.service
 %endif
+%endif
 
 %files afp
 %{_libexecdir}/gvfsd-afp
@@ -420,7 +432,9 @@ killall -USR1 gvfsd >&/dev/null || :
 %{_libexecdir}/gvfs-mtp-volume-monitor
 %{_datadir}/dbus-1/services/org.gtk.vfs.MTPVolumeMonitor.service
 %{_datadir}/gvfs/remote-volume-monitors/mtp.monitor
+%if ! 0%{?flatpak}
 %{_userunitdir}/gvfs-mtp-volume-monitor.service
+%endif
 
 %if ! 0%{?rhel}
 %files nfs
@@ -436,7 +450,9 @@ killall -USR1 gvfsd >&/dev/null || :
 %{_datadir}/gvfs/remote-volume-monitors/goa.monitor
 %{_datadir}/gvfs/mounts/google.mount
 %{_libexecdir}/gvfsd-google
+%if ! 0%{?flatpak}
 %{_userunitdir}/gvfs-goa-volume-monitor.service
+%endif
 
 %files tests
 %dir %{_libexecdir}/installed-tests
@@ -444,6 +460,9 @@ killall -USR1 gvfsd >&/dev/null || :
 %{_datadir}/installed-tests
 
 %changelog
+* Tue Jun 14 2022 Ondrej Holy <oholy@redhat.com> - 1.48.1-4
+- Ignore EINVAL for kerberos login to fix SMB mounting (#2095712)
+
 * Tue Nov 03 2020 Ondrej Holy <oholy@redhat.com> - 1.36.2-11
 - Add support for certificates prompts for GOA mounts (rhbz#1889411)
 
diff --git a/smb-Ignore-EINVAL-for-kerberos-login.patch b/smb-Ignore-EINVAL-for-kerberos-login.patch
new file mode 100644
index 0000000..aa42bd9
--- /dev/null
+++ b/smb-Ignore-EINVAL-for-kerberos-login.patch
@@ -0,0 +1,43 @@
+diff --git a/daemon/gvfsbackendsmb.c b/daemon/gvfsbackendsmb.c
+index 33d1a209..776b67bc 100644
+--- a/daemon/gvfsbackendsmb.c
++++ b/daemon/gvfsbackendsmb.c
+@@ -513,7 +513,13 @@ do_mount (GVfsBackend *backend,
+       if (res == 0)
+         break;
+ 
+-      if (op_backend->mount_cancelled || (errsv != EACCES && errsv != EPERM))
++      if (errsv == EINVAL && op_backend->mount_try == 0 && op_backend->user == NULL)
++        {
++          /* EINVAL is "expected" when kerberos/ccache is misconfigured, see:
++           * https://gitlab.gnome.org/GNOME/gvfs/-/issues/611
++           */
++        }
++      else if (op_backend->mount_cancelled || (errsv != EACCES && errsv != EPERM))
+         {
+           g_debug ("do_mount - (errno != EPERM && errno != EACCES), cancelled = %d, breaking\n", op_backend->mount_cancelled);
+           break;
+diff --git a/daemon/gvfsbackendsmbbrowse.c b/daemon/gvfsbackendsmbbrowse.c
+index 57bae9db..7e8facfb 100644
+--- a/daemon/gvfsbackendsmbbrowse.c
++++ b/daemon/gvfsbackendsmbbrowse.c
+@@ -967,8 +967,14 @@ do_mount (GVfsBackend *backend,
+              uri, op_backend->mount_try, dir, op_backend->mount_cancelled,
+              errsv, g_strerror (errsv));
+ 
+-      if (dir == NULL && 
+-          (op_backend->mount_cancelled || (errsv != EPERM && errsv != EACCES)))
++      if (errsv == EINVAL && op_backend->mount_try == 0 && op_backend->user == NULL)
++        {
++          /* EINVAL is "expected" when kerberos is misconfigured, see:
++           * https://gitlab.gnome.org/GNOME/gvfs/-/issues/611
++           */
++        }
++      else if (dir == NULL &&
++               (op_backend->mount_cancelled || (errsv != EPERM && errsv != EACCES)))
+         {
+           g_debug ("do_mount - (errno != EPERM && errno != EACCES), cancelled = %d, breaking\n", op_backend->mount_cancelled);
+ 	  break;
+-- 
+2.35.1
+
diff --git a/smb-Rework-anonymous-handling-to-avoid-EINVAL.patch b/smb-Rework-anonymous-handling-to-avoid-EINVAL.patch
new file mode 100644
index 0000000..3486aa7
--- /dev/null
+++ b/smb-Rework-anonymous-handling-to-avoid-EINVAL.patch
@@ -0,0 +1,57 @@
+diff --git a/daemon/gvfsbackendsmb.c b/daemon/gvfsbackendsmb.c
+index 776b67bc..a1e3eacd 100644
+--- a/daemon/gvfsbackendsmb.c
++++ b/daemon/gvfsbackendsmb.c
+@@ -80,7 +80,6 @@ struct _GVfsBackendSmb
+   int mount_try;
+   gboolean mount_try_again;
+   gboolean mount_cancelled;
+-  gboolean use_anonymous;
+ 	
+   gboolean password_in_keyring;
+   GPasswordSave password_save;
+@@ -215,13 +214,6 @@ auth_callback (SMBCCTX *context,
+       backend->mount_try_again = TRUE;
+       g_debug ("auth_callback - kerberos pass\n");
+     }
+-  else if (backend->use_anonymous)
+-    {
+-      /* Try again if anonymous login fails */
+-      backend->use_anonymous = FALSE;
+-      backend->mount_try_again = TRUE;
+-      g_debug ("auth_callback - anonymous login pass\n");
+-    }
+   else
+     {
+       gboolean in_keyring = FALSE;
+@@ -304,10 +296,13 @@ auth_callback (SMBCCTX *context,
+       /* Try again if this fails */
+       backend->mount_try_again = TRUE;
+ 
++      smbc_setOptionNoAutoAnonymousLogin (backend->smb_context,
++                                          !anonymous);
++
+       if (anonymous)
+         {
+-          backend->use_anonymous = TRUE;
+           backend->password_save = FALSE;
++          g_debug ("auth_callback - anonymous enabled\n");
+         }
+       else
+         {
+@@ -535,12 +530,6 @@ do_mount (GVfsBackend *backend,
+           smbc_setOptionFallbackAfterKerberos (op_backend->smb_context, 1);
+         }
+ 
+-      /* If the AskPassword reply requested anonymous login, enable the
+-       * anonymous fallback and try again.
+-       */
+-      smbc_setOptionNoAutoAnonymousLogin (op_backend->smb_context,
+-                                          !op_backend->use_anonymous);
+-
+       op_backend->mount_try ++;
+     }
+   while (op_backend->mount_try_again);
+-- 
+2.36.0
+