[Bug 2099917] Re: cifs.upcall program in the cifs-utils package fails to use a valid service ticket from the credential cache if the TGT is expired or not exist

Matthew Ruffell 2099917 at bugs.launchpad.net
Wed Apr 2 04:05:07 UTC 2025 

** Changed in: cifs-utils (Ubuntu Focal)
       Status: New => In Progress

** Changed in: cifs-utils (Ubuntu Jammy)
       Status: New => In Progress

** Changed in: cifs-utils (Ubuntu Noble)
       Status: New => In Progress

** Changed in: cifs-utils (Ubuntu Oracular)
       Status: New => In Progress

** Changed in: cifs-utils (Ubuntu Focal)
   Importance: Undecided => Medium

** Changed in: cifs-utils (Ubuntu Jammy)
   Importance: Undecided => Medium

** Changed in: cifs-utils (Ubuntu Noble)
   Importance: Undecided => Medium

** Changed in: cifs-utils (Ubuntu Oracular)
   Importance: Undecided => Medium

** Changed in: cifs-utils (Ubuntu Plucky)
   Importance: Undecided => Medium

** Changed in: cifs-utils (Ubuntu Focal)
     Assignee: (unassigned) => Matthew Ruffell (mruffell)

** Changed in: cifs-utils (Ubuntu Jammy)
     Assignee: (unassigned) => Matthew Ruffell (mruffell)

** Changed in: cifs-utils (Ubuntu Noble)
     Assignee: (unassigned) => Matthew Ruffell (mruffell)

** Changed in: cifs-utils (Ubuntu Oracular)
     Assignee: (unassigned) => Matthew Ruffell (mruffell)

** Changed in: cifs-utils (Ubuntu Plucky)
     Assignee: (unassigned) => Matthew Ruffell (mruffell)

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to cifs-utils in Ubuntu.
https://bugs.launchpad.net/bugs/2099917

Title:
  cifs.upcall program in the cifs-utils package fails to use a valid
  service ticket from the credential cache if the TGT is expired or not
  exist

Status in cifs-utils package in Ubuntu:
  Fix Released
Status in cifs-utils source package in Focal:
  In Progress
Status in cifs-utils source package in Jammy:
  In Progress
Status in cifs-utils source package in Noble:
  In Progress
Status in cifs-utils source package in Oracular:
  In Progress
Status in cifs-utils source package in Plucky:
  Fix Released

Bug description:
  cifs.upcall program in the cifs-utils package fails to use a valid
  service ticket from the credential cache if the TGT is expired or not
  exist

  
  When mounting an SMB file share on Linux using the kernel client with Kerberos authentication, the Linux kernel's cifs.ko module makes an upcall to user space during the session setup phase to retrieve the Kerberos service ticket from the credential cache. However, the current cifs.upcall fails to retrieve the service ticket even if it is valid, but instead it makes check to TGT to see if its valid and then retrieve the service ticket, but if we already have valid service ticket we shouldn't need to check for TGT.

  i.e in cases where the kernel handles upcalls for SMB session setup
  requests with Kerberos authentication, if the credential cache already
  contains a valid service ticket, it should be used directly without
  needing to check the TGT again.

  
  Fixed commit: https://git.samba.org/?p=cifs-utils.git;a=commit;h=af76bf2a11a060afdfd97104617a701d19d5890d

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cifs-utils/+bug/2099917/+subscriptions

More information about the foundations-bugs mailing list