From: Paulo Alcantara Date: Thu, 4 Dec 2025 21:39:14 +0000 (-0300) Subject: smb: client: Add tracepoint for krb5 auth X-Git-Tag: v6.19-rc1~47^2~6 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=7ad785927d9eb348adb381d168ed73d0dd3c7670;p=thirdparty%2Fkernel%2Flinux.git smb: client: Add tracepoint for krb5 auth Add tracepoint to help debugging krb5 auth failures. Example: $ trace-cmd record -e smb3_kerberos_auth $ mount.cifs ... $ trace-cmd report mount.cifs-1667 [003] ..... 5810.668549: smb3_kerberos_auth: vers=2 host=w22-dc1.zelda.test ip=192.168.124.30:445 sec=krb5 uid=0 cruid=0 user=root pid=1667 upcall_target=app err=-126 Signed-off-by: Paulo Alcantara (Red Hat) Reviewed-by: David Howells Cc: Pierguido Lambri Cc: linux-cifs@vger.kernel.org Signed-off-by: Steve French --- diff --git a/fs/smb/client/cifs_spnego.c b/fs/smb/client/cifs_spnego.c index da935bd1ce878..3a41bbada04c7 100644 --- a/fs/smb/client/cifs_spnego.c +++ b/fs/smb/client/cifs_spnego.c @@ -159,6 +159,7 @@ cifs_get_spnego_key(struct cifs_ses *sesInfo, cifs_dbg(FYI, "key description = %s\n", description); scoped_with_creds(spnego_cred) spnego_key = request_key(&cifs_spnego_key_type, description, ""); + trace_smb3_kerberos_auth(server, sesInfo, PTR_ERR_OR_ZERO(spnego_key)); #ifdef CONFIG_CIFS_DEBUG2 if (cifsFYI && !IS_ERR(spnego_key)) { diff --git a/fs/smb/client/smb2pdu.c b/fs/smb/client/smb2pdu.c index c9f437cd29a21..5d57c895ca37a 100644 --- a/fs/smb/client/smb2pdu.c +++ b/fs/smb/client/smb2pdu.c @@ -1695,8 +1695,6 @@ SMB2_auth_kerberos(struct SMB2_sess_data *sess_data) spnego_key = cifs_get_spnego_key(ses, server); if (IS_ERR(spnego_key)) { rc = PTR_ERR(spnego_key); - if (rc == -ENOKEY) - cifs_dbg(VFS, "Verify user has a krb5 ticket and keyutils is installed\n"); spnego_key = NULL; goto out; } diff --git a/fs/smb/client/trace.c b/fs/smb/client/trace.c index 16b0e719731fd..8a99b68d0c71e 100644 --- a/fs/smb/client/trace.c +++ b/fs/smb/client/trace.c @@ -5,5 +5,6 @@ * Author(s): Steve French */ #include "cifsglob.h" +#include "cifs_spnego.h" #define CREATE_TRACE_POINTS #include "trace.h" diff --git a/fs/smb/client/trace.h b/fs/smb/client/trace.h index 252073352e797..b0fbc2df642e9 100644 --- a/fs/smb/client/trace.h +++ b/fs/smb/client/trace.h @@ -1692,6 +1692,49 @@ DEFINE_SMB3_CREDIT_EVENT(waitff_credits); DEFINE_SMB3_CREDIT_EVENT(overflow_credits); DEFINE_SMB3_CREDIT_EVENT(set_credits); +TRACE_EVENT(smb3_kerberos_auth, + TP_PROTO(struct TCP_Server_Info *server, + struct cifs_ses *ses, + int rc), + TP_ARGS(server, ses, rc), + TP_STRUCT__entry( + __field(pid_t, pid) + __field(uid_t, uid) + __field(uid_t, cruid) + __string(host, server->hostname) + __string(user, ses->user_name) + __array(__u8, addr, sizeof(struct sockaddr_storage)) + __array(char, sec, sizeof("ntlmsspi")) + __array(char, upcall_target, sizeof("mount")) + __field(int, rc) + ), + TP_fast_assign( + __entry->pid = current->pid; + __entry->uid = from_kuid_munged(&init_user_ns, ses->linux_uid); + __entry->cruid = from_kuid_munged(&init_user_ns, ses->cred_uid); + __assign_str(host); + __assign_str(user); + memcpy(__entry->addr, &server->dstaddr, sizeof(__entry->addr)); + + if (server->sec_kerberos) + memcpy(__entry->sec, "krb5", sizeof("krb5")); + else if (server->sec_mskerberos) + memcpy(__entry->sec, "mskrb5", sizeof("mskrb5")); + else if (server->sec_iakerb) + memcpy(__entry->sec, "iakerb", sizeof("iakerb")); + else + memcpy(__entry->sec, "krb5", sizeof("krb5")); + + if (ses->upcall_target == UPTARGET_MOUNT) + memcpy(__entry->upcall_target, "mount", sizeof("mount")); + else + memcpy(__entry->upcall_target, "app", sizeof("app")); + __entry->rc = rc; + ), + TP_printk("vers=%d host=%s ip=%pISpsfc sec=%s uid=%d cruid=%d user=%s pid=%d upcall_target=%s err=%d", + CIFS_SPNEGO_UPCALL_VERSION, __get_str(host), __entry->addr, + __entry->sec, __entry->uid, __entry->cruid, __get_str(user), + __entry->pid, __entry->upcall_target, __entry->rc)) TRACE_EVENT(smb3_tcon_ref, TP_PROTO(unsigned int tcon_debug_id, int ref,