Web lists-archives.com

Re: [Samba] cifs-utils: regression in (mulituser?) mounting 'CIFS VFS: Send error in SessSetup = -126'




On Fri, 2017-02-10 at 11:15 -0600, Chad William Seys wrote:
> Hi Jeff,
> 
> > So we have a default credcache for the user for whom we are operating
> > as, but we can't get the default principal name from it. My guess is
> > that it's not finding the
> 
> This mount is run by root UID=0 and seems to be find that credential 
> cache without problem (earlier in the logs).  The problem seems to come 
> in when it tries to find the cache for user with UID=1494 .
> 
> I'm wondering if the scan of /tmp was helpful for finding caches of 
> non-same users.
> 
> (I'm a little surprised that there is any attempt to find credentials of 
> the non-root user at mount time - what happens if the non-root user 
> hasn't kinit-ed yet?  And yet that case worked in the past...)
> 

I'm more interested in what the trailing info in your credcache name is.
In your log output for the working case, there are:

/tmp/krb5cc_0
/tmp/krb5cc_1494_sM11PG

So first one doesn't have that _XXXXXX trailing bit. Maybe cifs.upcall
is not guessing that piece of the filename correctly?

In any case, this patch should tell us more about what it thinks the
credcache location is when it's doing this. Do you have the ability to
apply this and test with the debugging turned up?


----------------------------------8<-------------------------------

cifs.upcall: extra debugging -- show the credcache location

Have the debugging show the full name of the default credcache that
was found.

Signed-off-by: Jeff Layton <jlayton@xxxxxxxxx>
---
 cifs.upcall.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/cifs.upcall.c b/cifs.upcall.c
index 8f146c92b4a5..dd0843e358b1 100644
--- a/cifs.upcall.c
+++ b/cifs.upcall.c
@@ -159,6 +159,7 @@ get_default_cc(void)
 {
 	krb5_error_code ret;
 	krb5_ccache cc;
+	char *cachename;
 
 	ret = krb5_cc_default(context, &cc);
 	if (ret) {
@@ -166,6 +167,14 @@ get_default_cc(void)
 		return NULL;
 	}
 
+	ret = krb5_cc_get_full_name(context, cc, &cachename);
+	if (ret) {
+		syslog(LOG_DEBUG, "%s: krb5_cc_get_full_name failed: %d\n", __func__, ret);
+	} else {
+		syslog(LOG_DEBUG, "%s: default ccache is %s\n", __func__, cachename);
+		krb5_free_string(context, cachename);
+	}
+
 	if (!get_tgt_time(cc)) {
 		krb5_cc_close(context, cc);
 		cc = NULL;
-- 
2.9.3


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba