From patchwork Thu Jan 29 13:34:16 2009 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Suresh Jayaraman X-Patchwork-Id: 4594 Received: from lists.samba.org (mail.samba.org [66.70.73.150]) by demeter.kernel.org (8.14.2/8.14.2) with ESMTP id n0TDYmeU000370 for ; Thu, 29 Jan 2009 13:34:48 GMT Received: from dp.samba.org (localhost [127.0.0.1]) by lists.samba.org (Postfix) with ESMTP id 21DE6163C0C for ; Thu, 29 Jan 2009 13:34:36 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on dp.samba.org X-Spam-Level: X-Spam-Status: No, score=-2.5 required=3.8 tests=AWL, BAYES_00 autolearn=ham version=3.1.7 X-Original-To: linux-cifs-client@lists.samba.org Delivered-To: linux-cifs-client@lists.samba.org Received: from victor.provo.novell.com (victor.provo.novell.com [137.65.250.26]) by lists.samba.org (Postfix) with ESMTP id 3D7D6163BED for ; Thu, 29 Jan 2009 13:34:16 +0000 (GMT) Received: from [164.99.138.68] (prv-ext-foundry1.gns.novell.com [137.65.251.240]) by victor.provo.novell.com with ESMTP; Thu, 29 Jan 2009 06:34:13 -0700 Message-ID: <4981B058.6000805@suse.de> Date: Thu, 29 Jan 2009 19:04:16 +0530 From: Suresh Jayaraman User-Agent: Thunderbird 2.0.0.19 (X11/20081227) MIME-Version: 1.0 To: Jeff Layton Subject: Re: [linux-cifs-client] Unable to mount CIFS with kerberos security References: <497F0514.7050808@suse.de> <20090127115726.1d7fd05a@tleilax.poochiereds.net> In-Reply-To: <20090127115726.1d7fd05a@tleilax.poochiereds.net> X-Enigmail-Version: 0.95.7 Cc: "linux-cifs-client@lists.samba.org" X-BeenThere: linux-cifs-client@lists.samba.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: The Linux CIFS VFS client List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-cifs-client-bounces+patchwork-cifs-client=patchwork.kernel.org@lists.samba.org Errors-To: linux-cifs-client-bounces+patchwork-cifs-client=patchwork.kernel.org@lists.samba.org Jeff Layton wrote: > On Tue, 27 Jan 2009 18:29:00 +0530 >> (using IP) >> #kinit Administrator >> #mount -t cifs -o //164.99.99.182/Winshare /mnt/cifs -o >> user=Administrator,sec=krb5i >> >> fails. >> >> I enabled CifsFYI o/p and the only difference I see is: >> >> (with hostname) >> fs/cifs/cifs_spnego.c: key description = >> ver=0x2;host=myserver;ip4=164.99.99.182;sec=mskrb5;uid=0x0;user=Administrator >> (with IP) >> fs/cifs/cifs_spnego.c: key description = >> ver=0x2;host=164.99.99.182;ip4=164.99.99.182;sec=mskrb5;uid=0x0;user=Administrator >> >> * note "host=" parameter ^^^ it contains value of IP, when we use IP to >> mount. May be this is the problem, passing down ip as "host=" down to >> request_key() ? >> >> In CIFS_SessSetup >> spnego_key = cifs_get_spnego_key(ses); >> >> fails and returns error -126 > > The upcall program needs some way to know what cifs or host principal to look > for. When it just has an IP address to go on, then it often doesn't have a > way to know. To fix this, we'll need to fix cifs.upcall to be able to make > better guesses as to the hostname when we try to get the SPNEGO key. > > Patches welcome. > Something like this.. (quick hack just to ensure I get your hint correct - untested as my setup is goofed up) Index: source/client/cifs.upcall.c =================================================================== --- source/client/cifs.upcall.c.orig +++ source/client/cifs.upcall.c @@ -27,6 +27,7 @@ create dns_resolver * * /usr/local/sbin/ #include "includes.h" #include + #include "cifs_spnego.h" const char *CIFSSPNEGO_VERSION = "1.2"; @@ -113,6 +114,59 @@ decode_key_description(const char *desc, *hostname = SMB_XMALLOC_ARRAY(char, len); strlcpy(*hostname, tkn + 5, len); retval |= DKD_HAVE_HOSTNAME; + /* May be it's an IP address? + * request_key() might fail if we pass it down, + * so attempt to lookup the hostname. + */ + if (is_ipaddress(*hostname)) { + struct sockaddr_storage ss; + struct sockaddr *addr; + socklen_t length; + char *hp = *hostname; + char host[MAX_DNS_NAME_LENGTH]; + + addr = (struct sockaddr *)&ss; + + /* IPv4 */ + if (is_ipaddress_v4(*hostname)) { + struct sockaddr_in addr4; + length = sizeof(addr4); + + if (inet_pton(AF_INET, hp, &addr4.sin_addr) <= 0) { + syslog(LOG_WARNING, "cifs.upcall: error converting hostname to IP address"); + return -1; + } + addr4.sin_family = AF_INET; + addr4.sin_port = 0; + if (!getnameinfo((struct sockaddr *)&addr4, + length, host, + sizeof(host), NULL, 0, 0)) + syslog(LOG_WARNING, "hostname is %s", host); + else + syslog(LOG_WARNING, "getnameinfo() failed"); + } else { /* IPv6 */ + struct sockaddr_in6 addr6; + length = sizeof(addr6); + + if (inet_pton(AF_INET6, hp, &addr6.sin6_addr) <= 0) { + syslog(LOG_WARNING, "cifs.upcall: error converting hostname to IP address"); + return -1; + } + addr6.sin6_family = AF_INET6; + addr6.sin6_port = 0; + if (!getnameinfo((struct sockaddr *)&addr6, + length, host, + sizeof(host), NULL, 0, 0)) + syslog(LOG_WARNING, "hostname is %s", host); + else + syslog(LOG_WARNING, "getnameinfo() failed"); + } + + } else + syslog(LOG_WARNING, "cifs.upcall: is_ipaddress() block skipped"); + + /* BB: do we need to err if we don't get hostname if IP + * address and krb5 if used? */ } else if (strncmp(tkn, "ipv4=", 5) == 0) { /* BB: do we need it if we have hostname already? */ } else if (strncmp(tkn, "ipv6=", 5) == 0) {