Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/1.1/patches/2220925/?format=api
{ "id": 2220925, "url": "http://patchwork.ozlabs.org/api/1.1/patches/2220925/?format=api", "web_url": "http://patchwork.ozlabs.org/project/linux-cifs-client/patch/4d96fd377f12876438f33a09d4342edc6151ec28.camel@suse.com/", "project": { "id": 12, "url": "http://patchwork.ozlabs.org/api/1.1/projects/12/?format=api", "name": "Linux CIFS Client", "link_name": "linux-cifs-client", "list_id": "linux-cifs.vger.kernel.org", "list_email": "linux-cifs@vger.kernel.org", "web_url": "", "scm_url": "", "webscm_url": "" }, "msgid": "<4d96fd377f12876438f33a09d4342edc6151ec28.camel@suse.com>", "date": "2026-04-08T12:03:27", "name": "PATCH: cifs.upcall: Retry krb5 TGS request with uppercase service name", "commit_ref": null, "pull_url": null, "state": "new", "archived": false, "hash": "c1d028013f3a06ac269ddf84b0ae8db96c985a27", "submitter": { "id": 93083, "url": "http://patchwork.ozlabs.org/api/1.1/people/93083/?format=api", "name": "Samuel Cabrero", "email": "scabrero@suse.com" }, "delegate": null, "mbox": "http://patchwork.ozlabs.org/project/linux-cifs-client/patch/4d96fd377f12876438f33a09d4342edc6151ec28.camel@suse.com/mbox/", "series": [ { "id": 499130, "url": "http://patchwork.ozlabs.org/api/1.1/series/499130/?format=api", "web_url": "http://patchwork.ozlabs.org/project/linux-cifs-client/list/?series=499130", "date": "2026-04-08T12:03:27", "name": "PATCH: cifs.upcall: Retry krb5 TGS request with uppercase service name", "version": 1, "mbox": "http://patchwork.ozlabs.org/series/499130/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/2220925/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/2220925/checks/", "tags": {}, "headers": { "Return-Path": "\n <linux-cifs+bounces-10719-incoming=patchwork.ozlabs.org@vger.kernel.org>", "X-Original-To": [ "incoming@patchwork.ozlabs.org", "linux-cifs@vger.kernel.org" ], "Delivered-To": "patchwork-incoming@legolas.ozlabs.org", "Authentication-Results": [ "legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=suse.com header.i=@suse.com header.a=rsa-sha256\n header.s=google header.b=dKXxD7Om;\n\tdkim-atps=neutral", "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org\n (client-ip=2600:3c15:e001:75::12fc:5321; helo=sin.lore.kernel.org;\n envelope-from=linux-cifs+bounces-10719-incoming=patchwork.ozlabs.org@vger.kernel.org;\n receiver=patchwork.ozlabs.org)", "smtp.subspace.kernel.org;\n\tdkim=pass (2048-bit key) header.d=suse.com header.i=@suse.com\n header.b=\"dKXxD7Om\"", "smtp.subspace.kernel.org;\n arc=none smtp.client-ip=209.85.128.51", "smtp.subspace.kernel.org;\n dmarc=pass (p=quarantine dis=none) header.from=suse.com", "smtp.subspace.kernel.org;\n spf=pass smtp.mailfrom=suse.com" ], "Received": [ "from sin.lore.kernel.org (sin.lore.kernel.org\n [IPv6:2600:3c15:e001:75::12fc:5321])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4frMHD2spdz1xy1\n\tfor <incoming@patchwork.ozlabs.org>; Wed, 08 Apr 2026 22:06:32 +1000 (AEST)", "from smtp.subspace.kernel.org (conduit.subspace.kernel.org\n [100.90.174.1])\n\tby sin.lore.kernel.org (Postfix) with ESMTP id B66B0302756A\n\tfor <incoming@patchwork.ozlabs.org>; Wed, 8 Apr 2026 12:03:34 +0000 (UTC)", "from localhost.localdomain (localhost.localdomain [127.0.0.1])\n\tby smtp.subspace.kernel.org (Postfix) with ESMTP id 3253837756B;\n\tWed, 8 Apr 2026 12:03:32 +0000 (UTC)", "from mail-wm1-f51.google.com (mail-wm1-f51.google.com\n [209.85.128.51])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))\n\t(No client certificate requested)\n\tby smtp.subspace.kernel.org (Postfix) with ESMTPS id 78EEE3BC66B\n\tfor <linux-cifs@vger.kernel.org>; Wed, 8 Apr 2026 12:03:30 +0000 (UTC)", "by mail-wm1-f51.google.com with SMTP id\n 5b1f17b1804b1-4887ca8e529so6984885e9.0\n for <linux-cifs@vger.kernel.org>;\n Wed, 08 Apr 2026 05:03:30 -0700 (PDT)", "from [192.168.1.101] ([193.125.66.200])\n by smtp.gmail.com with ESMTPSA id\n 5b1f17b1804b1-488c524f3a7sm28212675e9.0.2026.04.08.05.03.27\n for <linux-cifs@vger.kernel.org>\n (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);\n Wed, 08 Apr 2026 05:03:27 -0700 (PDT)" ], "ARC-Seal": "i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;\n\tt=1775649812; cv=none;\n b=C8wIz8t40HAz2zp4ylYZxK5PMuYBcqMItFcUCDZBG3nuL3D1omIiq4E+HGK8xOHVe7KlAfa1UVGONEddXe3oqQ46+MEhD8RqAqDeCj2xHcIfy0saGjKgfeZgAl9evNlsP4xW0Nh02RpqeXq8LsIwXixyEacVRe5omsRAhkwJY80=", "ARC-Message-Signature": "i=1; a=rsa-sha256; d=subspace.kernel.org;\n\ts=arc-20240116; t=1775649812; c=relaxed/simple;\n\tbh=y9RwxmBOMd3npB3/5hdXTJ5GglA58NutFKXpuspU+0M=;\n\th=Message-ID:Subject:From:To:Date:Content-Type:MIME-Version;\n b=i5msvLvYGVAzzCzzjxoEzfnzK2cNQhsGuPRrSIX6OUyT4cyeEYX+mwRP088UAMcXidT0WATR1/b1wuQ1rBxRbbfqY6Xcc9FjZvZl76f3ez2GyFCCPeca3wS6xd5VyglD3ISuny7/ItN1bZnmkdWDES5qJmt3/N68YNBK5MtGuwo=", "ARC-Authentication-Results": "i=1; smtp.subspace.kernel.org;\n dmarc=pass (p=quarantine dis=none) header.from=suse.com;\n spf=pass smtp.mailfrom=suse.com;\n dkim=pass (2048-bit key) header.d=suse.com header.i=@suse.com\n header.b=dKXxD7Om; arc=none smtp.client-ip=209.85.128.51", "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=suse.com; s=google; t=1775649809; x=1776254609;\n darn=vger.kernel.org;\n h=mime-version:user-agent:date:to:reply-to:from:subject:message-id\n :from:to:cc:subject:date:message-id:reply-to;\n bh=ZlG5zP5RKqqr4prsIAup3I7vOSW+npAoYDt6MYANBYI=;\n b=dKXxD7Om1TZYO+DzCbcC337ofuDDXvWgOfzygL36jQ7LX7KWB84xcWGeDn1Tau1JDh\n qREkc7LTEA9yp92xxHCz3ciLWvqOKPl2l9EpDIQr58P3uJd6TcNUhfgMMsVFlkARgKoW\n fVTiI3FP/40ewy0JXDlVszMY244dNzj5sQhw/7QOh/3bGesUBsbB8I0c09MlhLlMAMmp\n JI2cva+NogDYUBRMKdGg2aSIXgPlqQ9wAAHcUNn34kB9+FrnuhSvhd6t6VamGznuO2D6\n kczRoYV+MyxGul9iGHFeB9NP1CAxmQ4auKA13aOSNqAT+n6Eoh9MBiQ/pavrLfVjoted\n SLHg==", "X-Google-DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20251104; t=1775649809; x=1776254609;\n h=mime-version:user-agent:date:to:reply-to:from:subject:message-id\n :x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id\n :reply-to;\n bh=ZlG5zP5RKqqr4prsIAup3I7vOSW+npAoYDt6MYANBYI=;\n b=kG15q5NAbCHkK7Am5jRAv44QAAS1WSxz7WrmFrh/27gh1QtVEilwZ/EVJgxnf41HzC\n 8Met4vvAwKYBx+J6NW6ATPorHpmyliyaJB95Svna3+YErLzdLiE+3dhUZeBSMsi5XJWE\n 9W0Kfo47pHmU5/AgcdTCLaN9KkLIBTI9SWRTWmsCY9b7qz9PEqgARC1BorSlex7y+aYa\n bZfdg/V3YssrKqil+XPN1oU7I5KPNBtnBwJ3IzE5nsw2DvJRNaQpCemTZvnx8mjTCRP0\n xepb3xH4tDjZPYuM1VFIDiC1kroOl8/ZvnLaDzR5gw9OHjmIbkLPkuhUdhTLT25GgAzS\n FigQ==", "X-Gm-Message-State": "AOJu0YwWakDThrfWlqULVWHPrpehFPQR7rz2ISuYIeVzWVfvYNgLeeok\n\t1QUgHS9QZl3j19rokgG2Iwj+4tQAP9AYP0nfBnH0kqe7mDGOHubOxr1mbBU8Fl+vmHWV1Ge9C4k\n\tqj/9l0DI=", "X-Gm-Gg": "AeBDiet5phX90qQm/1qB2cP3uMsLMHuoxKIIT5nzu7WYYsK/ee8zK7VguW0j/b94qId\n\tyW3QeMz4H59QRChFnmSwOlBTW/+HrLVmVMND+hLpQA0/GKKJbOOFOEl5FLuXbCflBzyNAHUEjSR\n\tAp1IGYUZFmDyfP61mikOmNa45N96w/+lSBLlD6FY3jaVCtWi07Rh4or7C7tdJ8rwMcPkztW3kFE\n\tYT5IgPB+VXR/lC4jAElJ2PE5wfsGQ4YyMPuxkjTsONXd7AAOXEBHMZST0nnQWip/GQFrPnmK4dS\n\tiRizWsw4WnM8Z5brS7S/NS5RMAHdtdnSzZpqtZHyi5eXxbgxVrSDYuYkJXWDwxLdgrWZyIdpA2e\n\twXQVKKx+gqjrh+wxW/1fuDqZF6JMQ84D5rnkIxaL0okSkma205wg05UWkSTD9J5lGLdd0nRzRQZ\n\t0kqzD8m4y/gNPrg4qLf4Y1znPEGw==", "X-Received": "by 2002:a05:600c:3f14:b0:488:c6e9:1e0c with SMTP id\n 5b1f17b1804b1-488c6e91fe0mr27543515e9.5.1775649808396;\n Wed, 08 Apr 2026 05:03:28 -0700 (PDT)", "Message-ID": "<4d96fd377f12876438f33a09d4342edc6151ec28.camel@suse.com>", "Subject": "PATCH: cifs.upcall: Retry krb5 TGS request with uppercase service\n name", "From": "Samuel Cabrero <scabrero@suse.com>", "Reply-To": "scabrero@suse.com", "To": "linux-cifs@vger.kernel.org", "Date": "Wed, 08 Apr 2026 14:03:27 +0200", "Content-Type": "multipart/mixed; boundary=\"=-IIa7DT3vIcDc/4Imjgt4\"", "User-Agent": "Evolution 3.58.3 ", "Precedence": "bulk", "X-Mailing-List": "linux-cifs@vger.kernel.org", "List-Id": "<linux-cifs.vger.kernel.org>", "List-Subscribe": "<mailto:linux-cifs+subscribe@vger.kernel.org>", "List-Unsubscribe": "<mailto:linux-cifs+unsubscribe@vger.kernel.org>", "MIME-Version": "1.0" }, "content": "This patch allows to mount Azure Files shares using KRB5 authentication\nprovided by Entra KDC for native Entra accounts, like:\n\n auser@tw:~> sudo mount -v -t cifs \\\n //astorageaccount.file.core.windows.net/share1 /mnt/azfiles/ \\\n -osec=krb5,cruid=auser,username=auser\n\n\nAfter logging in with Himmelblau there will be a TGT in the user's\ncredential cache:\n\n auser@tw:~> klist\n Ticket cache: KEYRING:persistent:1333365971:1333365971\n Default principal:\n auser\\@adomain.onmicrosoft.com@KERBEROS.MICROSOFTONLINE.COM\n \n Valid starting Expires Service principal\n 08/04/26 13:29:52 08/04/26 23:29:52 \n krbtgt/KERBEROS.MICROSOFTONLINE.COM@KERBEROS.MICROSOFTONLINE.COM\n \trenew until 15/04/26 13:29:52\n\n\nBut when trying to mount the Azure Files share it will fail because the\nEntra KDC always issues CIFS service tickets with uppercase 'CIFS'\nservice name even when the request is for lowercase 'cifs', causing the\nTGS response validation to fail.\n\nThis patch retries the TGS exchange with uppercase CIFS service name so\nthe service ticket is accepted and then used to mount the share.\n\n auser@tw:~> klist\n Ticket cache: KEYRING:persistent:1333365971:1333365971\n Default principal:\n auser\\@adomain.onmicrosoft.com@KERBEROS.MICROSOFTONLINE.COM\n \n Valid starting Expires Service principal\n 08/04/26 13:30:06 08/04/26 14:30:06 \n CIFS/astorageaccount.file.core.windows.net@KERBEROS.MICROSOFTONLINE.COM\n 08/04/26 13:29:52 08/04/26 23:29:52 \n krbtgt/KERBEROS.MICROSOFTONLINE.COM@KERBEROS.MICROSOFTONLINE.COM\n \trenew until 15/04/26 13:29:52", "diff": "From a60ac5532ccf90ff8422b30c668ed14d7f1791fd Mon Sep 17 00:00:00 2001\nFrom: Samuel Cabrero <scabrero@suse.com>\nDate: Mon, 30 Mar 2026 12:35:47 +0200\nSubject: [PATCH] cifs.upcall: Retry krb5 TGS request with uppercase service\n name\n\nThe Entra KDC for Azure files always requires KRB5_NT_SRV_HST name\ntype in the TGS request and it issues service tickets with uppercase\n'CIFS' service name even when the request is for lowercase 'cifs'\nservice name. This causes a TGS response validation error.\n\nSigned-off-by: Samuel Cabrero <scabrero@suse.com>\n---\n cifs.upcall.c | 166 ++++++++++++++++++++++++++++++--------------------\n 1 file changed, 99 insertions(+), 67 deletions(-)\n\ndiff --git a/cifs.upcall.c b/cifs.upcall.c\nindex 69e27a3..93e75c8 100644\n--- a/cifs.upcall.c\n+++ b/cifs.upcall.c\n@@ -631,7 +631,13 @@ icfk_cleanup:\n \tgoto out;\n }\n \n-#define CIFS_SERVICE_NAME \"cifs\"\n+static struct cifs_service_name {\n+\tconst char *name;\n+\tint type;\n+} cifs_service_names[] = {\n+\t{ \"cifs\", KRB5_NT_UNKNOWN },\n+\t{ \"CIFS\", KRB5_NT_SRV_HST },\n+};\n \n static krb5_error_code check_service_ticket_exists(krb5_ccache ccache,\n \t\t\t\t\t\t const char *hostname)\n@@ -639,6 +645,8 @@ static krb5_error_code check_service_ticket_exists(krb5_ccache ccache,\n \tkrb5_creds mcreds, out_creds;\n \tconst char *errmsg;\n \tkrb5_error_code rc;\n+\tsize_t count = sizeof(cifs_service_names) / sizeof(struct cifs_service_name);\n+\tsize_t i = 0;\n \n \tmemset(&mcreds, 0, sizeof(mcreds));\n \n@@ -651,32 +659,40 @@ static krb5_error_code check_service_ticket_exists(krb5_ccache ccache,\n \t\treturn rc;\n \t}\n \n-\trc = krb5_sname_to_principal(context, hostname, CIFS_SERVICE_NAME,\n-\t\t\tKRB5_NT_UNKNOWN, &mcreds.server);\n-\tif (rc) {\n-\t\terrmsg = krb5_get_error_message(context, rc);\n-\t\tsyslog(LOG_DEBUG, \"%s: unable to convert service name (%s) to principal: %s\",\n-\t\t __func__, hostname, errmsg);\n-\t\tkrb5_free_error_message(context, errmsg);\n-\t\tkrb5_free_principal(context, mcreds.client);\n-\t\treturn rc;\n-\t}\n-\n-\trc = krb5_timeofday(context, &mcreds.times.endtime);\n-\tif (rc) {\n-\t\terrmsg = krb5_get_error_message(context, rc);\n-\t\tsyslog(LOG_DEBUG, \"%s: unable to get time: %s\", __func__, errmsg);\n-\t\tkrb5_free_error_message(context, errmsg);\n-\t\tgoto out_free_principal;\n-\t}\n+\tfor (i = 0; i < count; i++) {\n+\t\trc = krb5_sname_to_principal(context, hostname,\n+\t\t\t\tcifs_service_names[i].name,\n+\t\t\t\tcifs_service_names[i].type, &mcreds.server);\n+\t\tif (rc) {\n+\t\t\terrmsg = krb5_get_error_message(context, rc);\n+\t\t\tsyslog(LOG_DEBUG,\n+\t\t\t\t\"%s: unable to convert service name (%s) to \"\n+\t\t\t\t\"principal: %s\",\n+\t\t\t\t__func__, hostname, errmsg);\n+\t\t\tkrb5_free_error_message(context, errmsg);\n+\t\t\tgoto out_free_principal;\n+\t\t}\n \n-\trc = krb5_cc_retrieve_cred(context, ccache, KRB5_TC_MATCH_TIMES, &mcreds, &out_creds);\n+\t\trc = krb5_timeofday(context, &mcreds.times.endtime);\n+\t\tif (rc) {\n+\t\t\terrmsg = krb5_get_error_message(context, rc);\n+\t\t\tsyslog(LOG_DEBUG, \"%s: unable to get time: %s\",\n+\t\t\t\t__func__, errmsg);\n+\t\t\tkrb5_free_error_message(context, errmsg);\n+\t\t\tkrb5_free_principal(context, mcreds.server);\n+\t\t\tgoto out_free_principal;\n+\t\t}\n \n-\tif (!rc)\n-\t\tkrb5_free_cred_contents(context, &out_creds);\n+\t\trc = krb5_cc_retrieve_cred(context, ccache, KRB5_TC_MATCH_TIMES,\n+\t\t\t\t\t &mcreds, &out_creds);\n+\t\tkrb5_free_principal(context, mcreds.server);\n+\t\tif (!rc) {\n+\t\t\tkrb5_free_cred_contents(context, &out_creds);\n+\t\t\tbreak;\n+\t\t}\n+\t}\n \n out_free_principal:\n-\tkrb5_free_principal(context, mcreds.server);\n \tkrb5_free_principal(context, mcreds.client);\n \n \treturn rc;\n@@ -694,6 +710,9 @@ cifs_krb5_get_req(const char *host, krb5_ccache ccache,\n #if defined(HAVE_KRB5_AUTH_CON_SETADDRS) && defined(HAVE_KRB5_AUTH_CON_SET_REQ_CKSUMTYPE)\n \tstatic char gss_cksum[24] = { 0x10, 0x00, /* ... */};\n #endif\n+\tsize_t count = sizeof(cifs_service_names) / sizeof(struct cifs_service_name);\n+\tsize_t i = 0;\n+\n \tmemset(&in_creds, 0, sizeof(in_creds));\n \n \tret = krb5_cc_get_principal(context, ccache, &in_creds.client);\n@@ -703,16 +722,21 @@ cifs_krb5_get_req(const char *host, krb5_ccache ccache,\n \t\treturn ret;\n \t}\n \n-\tret = krb5_sname_to_principal(context, host, CIFS_SERVICE_NAME,\n-\t\t\t\t\tKRB5_NT_UNKNOWN, &in_creds.server);\n-\tif (ret) {\n-\t\tsyslog(LOG_DEBUG, \"%s: unable to convert sname to princ (%s).\",\n-\t\t __func__, host);\n-\t\tgoto out_free_principal;\n-\t}\n+\tfor (i = 0; i < count; i++) {\n+\t\tret = krb5_sname_to_principal(context, host, cifs_service_names[i].name,\n+\t\t\t\tcifs_service_names[i].type, &in_creds.server);\n+\t\tif (ret) {\n+\t\t\tsyslog(LOG_DEBUG, \"%s: unable to convert sname to princ (%s).\",\n+\t\t\t __func__, host);\n+\t\t\tgoto out_free_principal;\n+\t\t}\n \n-\tret = krb5_get_credentials(context, 0, ccache, &in_creds, &out_creds);\n-\tkrb5_free_principal(context, in_creds.server);\n+\t\tret = krb5_get_credentials(context, 0, ccache, &in_creds, &out_creds);\n+\t\tkrb5_free_principal(context, in_creds.server);\n+\t\tif (!ret) {\n+\t\t\tbreak;\n+\t\t}\n+\t}\n \tif (ret) {\n \t\tsyslog(LOG_DEBUG, \"%s: unable to get credentials for %s\",\n \t\t __func__, host);\n@@ -834,44 +858,52 @@ cifs_gss_get_req(const char *host, DATA_BLOB *mechtoken, DATA_BLOB *sess_key)\n \tgss_buffer_desc output_token;\n \tgss_krb5_lucid_context_v1_t *lucid_ctx = NULL;\n \tgss_krb5_lucid_key_t *key = NULL;\n+\tsize_t count = sizeof(cifs_service_names) / sizeof(struct cifs_service_name);\n+\tsize_t i;\n+\n+\tfor (i = 0; i < count; i++) {\n+\t\tsize_t service_name_len = strlen(cifs_service_names[i].name) +\n+\t\t\t1 /* @ */ + strlen(host) + 1;\n+\t\tchar *service_name = malloc(service_name_len);\n+\t\tif (!service_name) {\n+\t\t\tsyslog(LOG_DEBUG, \"out of memory allocating service name\");\n+\t\t\tmaj_stat = GSS_S_FAILURE;\n+\t\t\tgoto out;\n+\t\t}\n \n-\tsize_t service_name_len = sizeof(CIFS_SERVICE_NAME) + 1 /* @ */ +\n-\t\tstrlen(host) + 1;\n-\tchar *service_name = malloc(service_name_len);\n-\tif (!service_name) {\n-\t\tsyslog(LOG_DEBUG, \"out of memory allocating service name\");\n-\t\tmaj_stat = GSS_S_FAILURE;\n-\t\tgoto out;\n-\t}\n-\n-\tsnprintf(service_name, service_name_len, \"%s@%s\", CIFS_SERVICE_NAME,\n-\t\t host);\n-\tgss_buffer_desc target_name_buf;\n-\ttarget_name_buf.value = service_name;\n-\ttarget_name_buf.length = service_name_len;\n+\t\tsnprintf(service_name, service_name_len, \"%s@%s\",\n+\t\t\t cifs_service_names[i].name, host);\n+\t\tgss_buffer_desc target_name_buf;\n+\t\ttarget_name_buf.value = service_name;\n+\t\ttarget_name_buf.length = service_name_len;\n+\n+\t\tmaj_stat = gss_import_name(&min_stat, &target_name_buf,\n+\t\t\t\tGSS_C_NT_HOSTBASED_SERVICE, &target_name);\n+\t\tfree(service_name);\n+\t\tif (GSS_ERROR(maj_stat)) {\n+\t\t\tcifs_gss_display_status(\"gss_import_name\", maj_stat, min_stat);\n+\t\t\tgoto out;\n+\t\t}\n \n-\tmaj_stat = gss_import_name(&min_stat, &target_name_buf,\n-\t\t\tGSS_C_NT_HOSTBASED_SERVICE, &target_name);\n-\tfree(service_name);\n-\tif (GSS_ERROR(maj_stat)) {\n-\t\tcifs_gss_display_status(\"gss_import_name\", maj_stat, min_stat);\n-\t\tgoto out;\n+\t\tmaj_stat = gss_init_sec_context(&min_stat,\n+\t\t\t\tGSS_C_NO_CREDENTIAL, /* claimant_cred_handle */\n+\t\t\t\t&ctx,\n+\t\t\t\ttarget_name,\n+\t\t\t\tdiscard_const(gss_mech_krb5), /* force krb5 */\n+\t\t\t\t0, /* flags */\n+\t\t\t\t0, /* time_req */\n+\t\t\t\tGSS_C_NO_CHANNEL_BINDINGS, /* input_chan_bindings */\n+\t\t\t\tGSS_C_NO_BUFFER,\n+\t\t\t\tNULL, /* actual mech type */\n+\t\t\t\t&output_token,\n+\t\t\t\tNULL, /* ret_flags */\n+\t\t\t\tNULL); /* time_rec */\n+\n+\t\tif (maj_stat == GSS_S_COMPLETE || maj_stat == GSS_S_CONTINUE_NEEDED) {\n+\t\t\tbreak;\n+\t\t}\n+\t\t(void) gss_release_name(&min_stat, &target_name);\n \t}\n-\n-\tmaj_stat = gss_init_sec_context(&min_stat,\n-\t\t\tGSS_C_NO_CREDENTIAL, /* claimant_cred_handle */\n-\t\t\t&ctx,\n-\t\t\ttarget_name,\n-\t\t\tdiscard_const(gss_mech_krb5), /* force krb5 */\n-\t\t\t0, /* flags */\n-\t\t\t0, /* time_req */\n-\t\t\tGSS_C_NO_CHANNEL_BINDINGS, /* input_chan_bindings */\n-\t\t\tGSS_C_NO_BUFFER,\n-\t\t\tNULL, /* actual mech type */\n-\t\t\t&output_token,\n-\t\t\tNULL, /* ret_flags */\n-\t\t\tNULL); /* time_rec */\n-\n \tif (maj_stat != GSS_S_COMPLETE &&\n \t\tmaj_stat != GSS_S_CONTINUE_NEEDED) {\n \t\tcifs_gss_display_status(\"init_sec_context\", maj_stat, min_stat);\n-- \n2.53.0\n\n", "prefixes": [] }