Problem with libsmbclient - Samba

This is a discussion on Problem with libsmbclient - Samba ; Hi Derrell, sorry I've selected the wrong mail in CC. I need your help, I have a problem with libsmbclient. I've extended the testbrowse.c example to do kerberos authentication. libsmbclient calls the auth function directly without trying to do kerberos ...

+ Reply to Thread
Results 1 to 7 of 7

Thread: Problem with libsmbclient

  1. Problem with libsmbclient

    Hi Derrell,

    sorry I've selected the wrong mail in CC. I need your help, I have a problem
    with libsmbclient. I've extended the testbrowse.c example to do kerberos
    authentication.

    libsmbclient calls the auth function directly without trying to do kerberos
    (checked with wireshark). Entering the credentials to the auth fn works just fine.

    I wonder if I'm doing something wrong or if there is a problem in libsmbclient.

    Could you please take a look at the attached file. I've just added:

    smbc_setOptionUseKerberos(context, 1);
    smbc_setOptionFallbackAfterKerberos(context, 1);

    Do I miss something?

    The strange thing is that it works just fine with konqueror.


    -- andreas


    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v2.0.9 (GNU/Linux)
    Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

    iEYEARECAAYFAkhaeQgACgkQYZ3sMXvCEKvA8ACdEJav4AVYS1 3uHCSwl0U32HZW
    OgoAn2NPaMmqAbHU9lPQRkhVy1JLV5fD
    =iitI
    -----END PGP SIGNATURE-----


  2. Re: Problem with libsmbclient

    On Thu, Jun 19, 2008 at 11:19 AM, Andreas Schneider
    wrote:

    > Hi Derrell,
    >
    > sorry I've selected the wrong mail in CC. I need your help, I have a
    > problem with libsmbclient. I've extended the testbrowse.c example to do
    > kerberos authentication.
    > libsmbclient calls the auth function directly without trying to do kerberos
    > (checked with wireshark). Entering the credentials to the auth fn works
    > just fine.
    >
    > I wonder if I'm doing something wrong or if there is a problem in
    > libsmbclient.
    >
    > Could you please take a look at the attached file. I've just added:
    > smbc_setOptionUseKerberos(context, 1);
    > smbc_setOptionFallbackAfterKerberos(context, 1);
    >
    > Do I miss something?
    >
    >
    > The strange thing is that it works just fine with konqueror.
    >


    Hi Andreas,

    The changes you made look fine. Please confirm that the *same* library is
    used by konqueror and your test application. konqueror is using the system
    library. Are you linking your test app dynamically or statically?
    Providing a non-standard library path if you're configuring/building your
    own libsmbclient? Note that running 'configure' with no arguments typically
    puts the output in /usr/local/samba which is not where the system libraries
    would typically reside. Are you connecting to the same server in your test
    with konqueror and your test app?

    Try turning on debug (level 3 or higher) and look for messages mentioning
    spnego. (Take a look at cli_session_setup_spnego in cliconnect.c for the
    messages you'd expect to see and hope to not see.)

    Cheers,

    Derrell


  3. Re: Problem with libsmbclient

    Derrell Lipman wrote:
    > Hi Andreas,
    >


    Hi Derell,

    > The changes you made look fine. Please confirm that the *same* library
    > is used by konqueror and your test application. konqueror is using the
    > system library. Are you linking your test app dynamically or
    > statically? Providing a non-standard library path if you're
    > configuring/building your own libsmbclient? Note that running
    > 'configure' with no arguments typically puts the output in
    > /usr/local/samba which is not where the system libraries would typically
    > reside. Are you connecting to the same server in your test with
    > konqueror and your test app?


    I've found the problem. libsmbclient calls always the auth_fn callback. So
    what you have to do is just try to connect with the current creds.

    Take a look at the attached patch.


    Cheers,


    -- andreas




    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v2.0.9 (GNU/Linux)
    Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

    iEYEARECAAYFAkhfaacACgkQYZ3sMXvCEKtTEwCaAvaNl2tFP8 buYbk/npMKDoWI
    ekoAoJA6ck1VIpfLEP+90hnVEZlQj6n3
    =dv7Q
    -----END PGP SIGNATURE-----


  4. Re: Problem with libsmbclient

    On Mon, Jun 23, 2008 at 5:15 AM, Andreas Schneider
    wrote:

    >
    > I've found the problem. libsmbclient calls always the auth_fn callback. So
    > what you have to do is just try to connect with the current creds.
    >
    > Take a look at the attached patch.
    >


    The example programs don't attempt to handle kerberos, but if one wanted
    them to do so, your patch makes sense in that it's the client's
    responsibility to request kerberos. Looks fine. I'm not going to change
    the examples as I want to keep them simple.

    If there's additional documentation to place in libsmbclient.h that you feel
    would prevent others from having the same problem you did, I'd certainly
    appreciate any verbiage you send my way.

    Cheers,

    Derrell


  5. Re: Problem with libsmbclient

    Derrell Lipman wrote:
    > The example programs don't attempt to handle kerberos, but if one wanted
    > them to do so, your patch makes sense in that it's the client's
    > responsibility to request kerberos. Looks fine. I'm not going to
    > change the examples as I want to keep them simple.


    I think there should be at least one example which shows how to use kerberos
    support.

    >
    > If there's additional documentation to place in libsmbclient.h that you
    > feel would prevent others from having the same problem you did, I'd
    > certainly appreciate any verbiage you send my way.
    >


    A note in libsmbclient.h would be good as it isn't documented at all.

    I've attached a patch for this.

    > Cheers,
    >
    > Derrell
    >


    -- andreas


    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v2.0.9 (GNU/Linux)
    Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

    iEYEARECAAYFAkhfs/sACgkQYZ3sMXvCEKuePwCeLVML/HjIF20BX0JPO0g8p04Z
    gX0AnRwz8si7IuErNokU+7s0PAbghZy0
    =n1A/
    -----END PGP SIGNATURE-----


  6. Re: Problem with libsmbclient

    Andreas Schneider wrote:
    > Derrell Lipman wrote:
    > >The example programs don't attempt to handle kerberos, but if one wanted
    > >them to do so, your patch makes sense in that it's the client's
    > >responsibility to request kerberos. Looks fine. I'm not going to
    > >change the examples as I want to keep them simple.

    >
    > I think there should be at least one example which shows how to use
    > kerberos support.


    I agree.

    Andreas, you could of cours create a new example program
    for demonstrating use of kerberos authentication.

    On the other hand, the two extra lines, do not make
    testbrowse.c much more complicated...

    > >If there's additional documentation to place in libsmbclient.h that you
    > >feel would prevent others from having the same problem you did, I'd
    > >certainly appreciate any verbiage you send my way.

    >
    > A note in libsmbclient.h would be good as it isn't documented at all.
    >
    > I've attached a patch for this.


    I like the patches.

    Cheers - Michael

    > From 6a5b3ae50e54c6ca67ca8eab817a08ab81d8409a Mon Sep 17 00:00:00 2001
    > From: Andreas Schneider
    > Date: Mon, 23 Jun 2008 11:00:20 +0200
    > Subject: [PATCH] Add krb5 support for the testbrowse example.
    >
    >
    > Signed-off-by: Andreas Schneider
    > ---
    > examples/libsmbclient/get_auth_data_fn.h | 13 ++++++++++++-
    > examples/libsmbclient/testbrowse.c | 3 +++
    > 2 files changed, 15 insertions(+), 1 deletions(-)
    >
    > diff --git a/examples/libsmbclient/get_auth_data_fn.h b/examples/libsmbclient/get_auth_data_fn.h
    > index b1d36c8..6b91c97 100644
    > --- a/examples/libsmbclient/get_auth_data_fn.h
    > +++ b/examples/libsmbclient/get_auth_data_fn.h
    > @@ -1,3 +1,5 @@
    > +#include
    > +
    > static void
    > get_auth_data_fn(const char * pServer,
    > const char * pShare,
    > @@ -15,6 +17,8 @@ get_auth_data_fn(const char * pServer,
    > char username[256] = { '\0' };
    > char password[256] = { '\0' };
    >
    > + static int krb5_set = 1;
    > +
    > if (strcmp(server, pServer) == 0 &&
    > strcmp(share, pShare) == 0 &&
    > *workgroup != '\0' &&
    > @@ -25,7 +29,12 @@ get_auth_data_fn(const char * pServer,
    > strncpy(pPassword, password, maxLenPassword - 1);
    > return;
    > }
    > -
    > +
    > + if (krb5_set && getenv("KRB5CCNAME")) {
    > + krb5_set = 0;
    > + return;
    > + }
    > +
    > fprintf(stdout, "Workgroup: [%s] ", pWorkgroup);
    > fgets(temp, sizeof(temp), stdin);
    >
    > @@ -68,4 +77,6 @@ get_auth_data_fn(const char * pServer,
    > strncpy(workgroup, pWorkgroup, sizeof(workgroup) - 1);
    > strncpy(username, pUsername, sizeof(username) - 1);
    > strncpy(password, pPassword, sizeof(password) - 1);
    > +
    > + krb5_set = 1;
    > }
    > diff --git a/examples/libsmbclient/testbrowse.c b/examples/libsmbclient/testbrowse.c
    > index a7eda36..a6e6395 100644
    > --- a/examples/libsmbclient/testbrowse.c
    > +++ b/examples/libsmbclient/testbrowse.c
    > @@ -117,6 +117,9 @@ main(int argc, char * argv[])
    > smbc_setFunctionAuthData(context, get_auth_data_fn);
    > }
    >
    > + smbc_setOptionUseKerberos(context, 1);
    > + smbc_setOptionFallbackAfterKerberos(context, 1);
    > +
    > /* If we've been asked to log to stderr instead of stdout, ... */
    > if (debug_stderr) {
    > /* ... then set the option to do so */
    > --
    > 1.5.4.5
    >


    > From fbd51c279901b030a1ecddd6775f2cfec626d881 Mon Sep 17 00:00:00 2001
    > From: Andreas Schneider
    > Date: Mon, 23 Jun 2008 16:29:40 +0200
    > Subject: [PATCH] Add documentation for kerberos support in libsmbclient.
    >
    >
    > Signed-off-by: Andreas Schneider
    > ---
    > source/include/libsmbclient.h | 10 ++++++++++
    > 1 files changed, 10 insertions(+), 0 deletions(-)
    >
    > diff --git a/source/include/libsmbclient.h b/source/include/libsmbclient.h
    > index 9600264..74d0d5c 100644
    > --- a/source/include/libsmbclient.h
    > +++ b/source/include/libsmbclient.h
    > @@ -259,6 +259,11 @@ typedef struct _SMBCCTX SMBCCTX;
    > * Type for the the authentication function called by the library to
    > * obtain authentication credentals
    > *
    > + * For kerberos support the function should just be called without
    > + * prompting the user for credentials. Which means a simple 'return'
    > + * should work. Take a look at examples/libsmbclient/get_auth_data_fn.h
    > + * and examples/libsmbclient/testbrowse.c.
    > + *
    > * @param srv Server being authenticated to
    > *
    > * @param shr Share being authenticated to
    > @@ -293,6 +298,11 @@ typedef void (*smbc_get_auth_data_fn)(const char *srv,
    > * Type for the the authentication function called by the library to
    > * obtain authentication credentals
    > *
    > + * For kerberos support the function should just be called without
    > + * prompting the user for credentials. Which means a simple 'return'
    > + * should work. Take a look at examples/libsmbclient/get_auth_data_fn.h
    > + * and examples/libsmbclient/testbrowse.c.
    > + *
    > * @param c Pointer to the smb context
    > *
    > * @param srv Server being authenticated to
    > --
    > 1.5.4.5
    >





    --

    i.A. Michael Adam

    --
    Michael Adam
    SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
    phone: +49-551-370000-0, fax: +49-551-370000-9
    AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
    http://www.SerNet.DE, mailto: Info @ SerNet.DE

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.2 (GNU/Linux)
    Comment: comment

    iD8DBQFIX7j4yU9JOBhPkDQRAs8HAJ4kf+mAayLLOvn2puJyCh 8jYA8bkQCeNePm
    WEXHj2+fqctBiTB3ddnTckM=
    =Ruji
    -----END PGP SIGNATURE-----


  7. Re: Problem with libsmbclient

    On Mon, Jun 23, 2008 at 10:32 AM, Andreas Schneider
    wrote:

    > Derrell Lipman wrote:
    >
    >> The example programs don't attempt to handle kerberos, but if one wanted
    >> them to do so, your patch makes sense in that it's the client's
    >> responsibility to request kerberos. Looks fine. I'm not going to change
    >> the examples as I want to keep them simple.
    >>

    >
    > I think there should be at least one example which shows how to use
    > kerberos support.
    >
    >>
    >> If there's additional documentation to place in libsmbclient.h that you
    >> feel would prevent others from having the same problem you did, I'd
    >> certainly appreciate any verbiage you send my way.
    >>
    >>

    > A note in libsmbclient.h would be good as it isn't documented at all.
    >
    > I've attached a patch for this.



    Andreas, after reconsideration, I agree there should be an example and the
    way you did it is as good as any for the example directory. I've applied
    both of your patches. Thanks!

    Cheers,

    Derrell


+ Reply to Thread