[PATCH][SMB3] warn on confusing error scenario with sec=krb5

Steve French smfrench at gmail.com
Thu Jul 16 05:40:31 UTC 2020

    When mounting with Kerberos, users have been confused about the
    default error returned in scenarios in which either keyutils is
    not installed or the user did not properly acquire a krb5 ticket.
    Log a warning message in the case that "ENOKEY" is returned
    from the get_spnego_key upcall so that users can better understand
    why mount failed in those two cases.

    CC: Stable <stable at vger.kernel.org>
    Signed-off-by: Steve French <stfrench at microsoft.com>

diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c
index 2f4cdd290c46..492688764004 100644
--- a/fs/cifs/smb2pdu.c
+++ b/fs/cifs/smb2pdu.c
@@ -1387,6 +1387,8 @@ SMB2_auth_kerberos(struct SMB2_sess_data *sess_data)
        spnego_key = cifs_get_spnego_key(ses);
        if (IS_ERR(spnego_key)) {
                rc = PTR_ERR(spnego_key);
+               if (rc == -ENOKEY)
+                       cifs_dbg(VFS, "Verify user has a krb5 ticket
and keyutils is installed\n");
                spnego_key = NULL;
                goto out;



More information about the samba-technical mailing list