[Bug 2112614] Re: Regression: After CVE-2025-2312 cifs.upcall can't find credential caches from user env

Matthew Ruffell Sun, 15 Jun 2025 21:46:10 -0700

Performing verification for noble:

We are going to perform a series of mounts and check if they work with a 
patched vs unpatched kernel, and make sure all mounts work.


We will start with an unpatched kernel:

ubuntu@noble-dc:~$ uname -rv
6.8.0-60-generic #63-Ubuntu SMP PREEMPT_DYNAMIC Tue Apr 15 19:04:15 UTC 2025

I installed cifs-utils 2:7.0-2.1ubuntu0.1 from -updates.

Let's try and standard uid 1000 user:

ubuntu@noble-dc:~$ kinit administra...@samba-dc.example.com
Password for administra...@samba-dc.example.com: 
Warning: Your password will expire in 25 days on Sat Jul 12 01:54:39 2025
ubuntu@noble-dc:~$ klist
Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: administra...@samba-dc.example.com

Valid starting     Expires            Service principal
06/16/25 04:22:19  06/16/25 14:22:19  
krbtgt/samba-dc.example....@samba-dc.example.com
        renew until 06/17/25 04:22:17
ubuntu@noble-dc:~$ sudo mount -t cifs -o 
cruid=ubuntu,user=ubuntu,sec=krb5i,uid=1000,gid=1000,cred=/tmp/krb5cc_1000 
//samba-dc.example.com/demo /mnt/testshare1
ubuntu@noble-dc:~$ mount -l | grep cifs
//samba-dc.example.com/demo on /mnt/testshare1 type cifs 
(rw,relatime,vers=3.1.1,sec=krb5i,cruid=1000,cache=strict,username=ubuntu,uid=1000,forceuid,gid=1000,forcegid,addr=192.168.122.248,file_mode=0755,dir_mode=0755,soft,nounix,serverino,mapposix,rsize=4194304,wsize=4194304,bsize=1048576,retrans=1,echo_interval=60,actimeo=1,closetimeo=1)
$ journalctl -b0
kernel: CIFS: enabling forceuid mount option implicitly because uid= option is 
specified
kernel: CIFS: enabling forcegid mount option implicitly because gid= option is 
specified
kernel: CIFS: Attempting to mount //samba-dc.example.com/demo
cifs.upcall[1294]: key description: 
cifs.spnego;0;0;39010000;ver=0x2;host=samba-dc.example.com;ip4=192.168.122.248;sec=krb5;u>
cifs.upcall[1295]: ver=2
cifs.upcall[1295]: host=samba-dc.example.com
cifs.upcall[1295]: ip=192.168.122.248
cifs.upcall[1295]: sec=1
cifs.upcall[1295]: uid=1000
cifs.upcall[1295]: creduid=1000
cifs.upcall[1295]: user=ubuntu
cifs.upcall[1295]: pid=1263
cifs.upcall[1294]: upcall_target=app, switching namespaces to application thread
cifs.upcall[1294]: get_cachename_from_process_env: pid == 0
cifs.upcall[1294]: get_existing_cc: default ccache is FILE:/tmp/krb5cc_1000
cifs.upcall[1294]: handle_krb5_mech: getting service ticket for 
samba-dc.example.com
cifs.upcall[1294]: handle_krb5_mech: using native krb5
cifs.upcall[1294]: handle_krb5_mech: obtained service ticket
cifs.upcall[1294]: Exit status 0
ubuntu@noble-dc:~$ sudo umount /mnt/testshare1 

Let's try as a different uid user, e.g. like AD user:

ubuntu@noble-dc:~$ mv /tmp/krb5cc_1000 /tmp/krb5cc_11200
ubuntu@noble-dc:~$ export KRB5CCNAME=/tmp/krb5cc_11200
ubuntu@noble-dc:~$ klist /tmp/krb5cc_11200
Ticket cache: FILE:/tmp/krb5cc_11200
Default principal: administra...@samba-dc.example.com

Valid starting     Expires            Service principal
06/16/25 04:22:19  06/16/25 14:22:19  
krbtgt/samba-dc.example....@samba-dc.example.com
        renew until 06/17/25 04:22:17
06/16/25 04:22:27  06/16/25 14:22:19  cifs/samba-dc.example.com@
        renew until 06/17/25 04:22:17
        Ticket server: cifs/samba-dc.example....@samba-dc.example.com
ubuntu@noble-dc:~$ sudo mount -t cifs -o sec=krb5i //samba-dc.example.com/demo 
/mnt/testshare1
mount error(126): Required key not available
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) and kernel log 
messages (dmesg)
ubuntu@noble-dc:~$ mount -l | grep cifs
$ journalctl -b0
kernel: CIFS: Attempting to mount //samba-dc.example.com/demo
cifs.upcall[1392]: key description: 
cifs.spnego;0;0;39010000;ver=0x2;host=samba-dc.example.com;ip4=192.168.122.248;sec=krb5;uid=0x0;creduid=0x3e8;user=root;pid=0x563
cifs.upcall[1393]: ver=2
cifs.upcall[1393]: host=samba-dc.example.com
cifs.upcall[1393]: ip=192.168.122.248
cifs.upcall[1393]: sec=1
cifs.upcall[1393]: uid=0
cifs.upcall[1393]: creduid=1000
cifs.upcall[1393]: user=root
cifs.upcall[1393]: pid=1379
cifs.upcall[1392]: upcall_target=app, switching namespaces to application thread
cifs.upcall[1392]: get_cachename_from_process_env: pid == 0
cifs.upcall[1392]: get_existing_cc: default ccache is FILE:/tmp/krb5cc_1000
cifs.upcall[1392]: check_service_ticket_exists: unable to get client principal 
from cache: No credentials cache found (filename: /tmp/krb5cc_1000)
cifs.upcall[1392]: get_tgt_time: unable to get principal
cifs.upcall[1392]: main: valid TGT is not present in credential cache
cifs.upcall[1392]: krb5_get_init_creds_keytab: -1765328378
cifs.upcall[1392]: handle_krb5_mech: getting service ticket for 
samba-dc.example.com
cifs.upcall[1392]: handle_krb5_mech: using GSS-API
cifs.upcall[1392]: GSS-API error init_sec_context: No credentials were 
supplied, or the credentials were unavailable or inaccessible
cifs.upcall[1392]: GSS-API error init_sec_context: No Kerberos credentials 
available (default cache: FILE:/tmp/krb5cc_1000)
cifs.upcall[1392]: handle_krb5_mech: failed to obtain service ticket via GSS 
(458752)
cifs.upcall[1392]: Unable to obtain service ticket
cifs.upcall[1392]: Exit status 458752
kernel: CIFS: VFS: Verify user has a krb5 ticket and keyutils is installed
kernel: CIFS: VFS: \\samba-dc.example.com Send error in Se

We fail, due to only searching root's env, reproducing the issue.

Let's try as root user:

ubuntu@noble-dc:~$ kdestroy
ubuntu@noble-dc:~$ unset KRB5CCNAME 
ubuntu@noble-dc:~$ sudo -s
root@noble-dc:/home/ubuntu# kinit administra...@samba-dc.example.com
Password for administra...@samba-dc.example.com: 
Warning: Your password will expire in 25 days on Sat Jul 12 01:54:39 2025
root@noble-dc:/home/ubuntu# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administra...@samba-dc.example.com

Valid starting     Expires            Service principal
06/16/25 04:24:51  06/16/25 14:24:51  
krbtgt/samba-dc.example....@samba-dc.example.com
        renew until 06/17/25 04:24:49
root@noble-dc:/home/ubuntu# mount -t cifs -o 
cruid=root,user=root,sec=krb5i,uid=0,gid=0,cred=/tmp/krb5cc_0 
//samba-dc.example.com/demo /mnt/testshare1
root@noble-dc:/home/ubuntu# mount -l | grep cifs
//samba-dc.example.com/demo on /mnt/testshare1 type cifs 
(rw,relatime,vers=3.1.1,sec=krb5i,cruid=0,cache=strict,username=root,uid=0,forceuid,gid=0,forcegid,addr=192.168.122.248,file_mode=0755,dir_mode=0755,soft,nounix,serverino,mapposix,rsize=4194304,wsize=4194304,bsize=1048576,retrans=1,echo_interval=60,actimeo=1,closetimeo=1)
$ journalctl -b0
kernel: CIFS: enabling forceuid mount option implicitly because uid= option is 
specified
kernel: CIFS: enabling forcegid mount option implicitly because gid= option is 
specified
kernel: CIFS: Attempting to mount //samba-dc.example.com/demo
cifs.upcall[1418]: key description: 
cifs.spnego;0;0;39010000;ver=0x2;host=samba-dc.example.com;ip4=192.168.122.248;sec=krb5;uid=0x0;creduid=0x0;user=root;pid=0x584
cifs.upcall[1419]: ver=2
cifs.upcall[1419]: host=samba-dc.example.com
cifs.upcall[1419]: ip=192.168.122.248
cifs.upcall[1419]: sec=1
cifs.upcall[1419]: uid=0
cifs.upcall[1419]: creduid=0
cifs.upcall[1419]: user=root
cifs.upcall[1419]: pid=1412
cifs.upcall[1418]: upcall_target=app, switching namespaces to application thread
cifs.upcall[1418]: get_cachename_from_process_env: pid == 0
cifs.upcall[1418]: get_existing_cc: default ccache is FILE:/tmp/krb5cc_0
cifs.upcall[1418]: handle_krb5_mech: getting service ticket for 
samba-dc.example.com
cifs.upcall[1418]: handle_krb5_mech: using native krb5
cifs.upcall[1418]: handle_krb5_mech: obtained service ticket
cifs.upcall[1418]: Exit status 0

I then enabled -security-proposed from the following ppa:

https://launchpad.net/~ubuntu-security-
proposed/+archive/ubuntu/ppa/+packages?field.name_filter=cifs-
utils&field.status_filter=published&field.series_filter=

I then installed cifs-utils 2:7.0-2ubuntu0.2

Let's try and standard uid 1000 user:

ubuntu@noble-dc:~$ kinit administra...@samba-dc.example.com
Password for administra...@samba-dc.example.com: 
Warning: Your password will expire in 25 days on Sat Jul 12 01:54:39 2025
ubuntu@noble-dc:~$ klist
Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: administra...@samba-dc.example.com

Valid starting     Expires            Service principal
06/16/25 04:26:59  06/16/25 14:26:59  
krbtgt/samba-dc.example....@samba-dc.example.com
        renew until 06/17/25 04:26:56
ubuntu@noble-dc:~$ sudo mount -t cifs -o 
cruid=ubuntu,user=ubuntu,sec=krb5i,uid=1000,gid=1000,cred=/tmp/krb5cc_1000 
//samba-dc.example.com/demo /mnt/testshare1
ubuntu@noble-dc:~$ mount -l | grep cifs
//samba-dc.example.com/demo on /mnt/testshare1 type cifs 
(rw,relatime,vers=3.1.1,sec=krb5i,cruid=1000,cache=strict,username=ubuntu,uid=1000,forceuid,gid=1000,forcegid,addr=192.168.122.248,file_mode=0755,dir_mode=0755,soft,nounix,serverino,mapposix,rsize=4194304,wsize=4194304,bsize=1048576,retrans=1,echo_interval=60,actimeo=1,closetimeo=1)
$ journalctl -b0
kernel: CIFS: enabling forceuid mount option implicitly because uid= option is 
specified
kernel: CIFS: enabling forcegid mount option implicitly because gid= option is 
specified
kernel: CIFS: Attempting to mount //samba-dc.example.com/demo
cifs.upcall[2006]: key description: 
cifs.spnego;0;0;39010000;ver=0x2;host=samba-dc.example.com;ip4=192.168.122.248;sec=krb5;uid=0x3e8;creduid=0x3e8;user=ubuntu;pid=0x7d0
cifs.upcall[2007]: ver=2
cifs.upcall[2007]: host=samba-dc.example.com
cifs.upcall[2007]: ip=192.168.122.248
cifs.upcall[2007]: sec=1
cifs.upcall[2007]: uid=1000
cifs.upcall[2007]: creduid=1000
cifs.upcall[2007]: user=ubuntu
cifs.upcall[2007]: pid=2000
cifs.upcall[2006]: upcall_target=app, switching namespaces to application thread
cifs.upcall[2006]: get_cachename_from_process_env: pathname=/proc/2000/environ
cifs.upcall[2006]: get_existing_cc: default ccache is FILE:/tmp/krb5cc_1000
cifs.upcall[2006]: main: valid service ticket exists in credential cache
cifs.upcall[2006]: handle_krb5_mech: getting service ticket for 
samba-dc.example.com
cifs.upcall[2006]: handle_krb5_mech: using native krb5
cifs.upcall[2006]: handle_krb5_mech: obtained service ticket
cifs.upcall[2006]: Exit status 0
ubuntu@noble-dc:~$ sudo umount /mnt/testshare1 

Let's try as a different uid user, e.g. like AD user:

ubuntu@noble-dc:~$ export KRB5CCNAME=/tmp/krb5cc_11200
ubuntu@noble-dc:~$ mv /tmp/krb5cc_1000 /tmp/krb5cc_11200
ubuntu@noble-dc:~$ klist /tmp/krb5cc_11200
Ticket cache: FILE:/tmp/krb5cc_11200
Default principal: administra...@samba-dc.example.com

Valid starting     Expires            Service principal
06/16/25 04:26:59  06/16/25 14:26:59  
krbtgt/samba-dc.example....@samba-dc.example.com
        renew until 06/17/25 04:26:56
06/16/25 04:27:09  06/16/25 14:26:59  cifs/samba-dc.example.com@
        renew until 06/17/25 04:26:56
        Ticket server: cifs/samba-dc.example....@samba-dc.example.com
ubuntu@noble-dc:~$ sudo mount -t cifs -o sec=krb5i //samba-dc.example.com/demo 
/mnt/testshare1
ubuntu@noble-dc:~$ mount -l | grep cifs
//samba-dc.example.com/demo on /mnt/testshare1 type cifs 
(rw,relatime,vers=3.1.1,sec=krb5i,cruid=0,cache=strict,username=root,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.122.248,file_mode=0755,dir_mode=0755,soft,nounix,serverino,mapposix,rsize=4194304,wsize=4194304,bsize=1048576,retrans=1,echo_interval=60,actimeo=1,closetimeo=1)
$ journalctl -b0
kernel: CIFS: Attempting to mount //samba-dc.example.com/demo
cifs.upcall[2028]: key description: 
cifs.spnego;0;0;39010000;ver=0x2;host=samba-dc.example.com;ip4=192.168.122.248;sec=krb5;uid=0x0;creduid=0x0;user=root;pid=0x7e6
cifs.upcall[2029]: ver=2
cifs.upcall[2029]: host=samba-dc.example.com
cifs.upcall[2029]: ip=192.168.122.248
cifs.upcall[2029]: sec=1
cifs.upcall[2029]: uid=0
cifs.upcall[2029]: creduid=0
cifs.upcall[2029]: user=root
cifs.upcall[2029]: pid=2022
cifs.upcall[2028]: upcall_target=app, switching namespaces to application thread
cifs.upcall[2028]: get_cachename_from_process_env: pid == 0
cifs.upcall[2028]: get_existing_cc: default ccache is FILE:/tmp/krb5cc_0
cifs.upcall[2028]: main: valid service ticket exists in credential cache
cifs.upcall[2028]: handle_krb5_mech: getting service ticket for 
samba-dc.example.com
cifs.upcall[2028]: handle_krb5_mech: using native krb5
cifs.upcall[2028]: handle_krb5_mech: obtained service ticket
cifs.upcall[2028]: Exit status 0

The mount now works correctly, and the regression is fixed.

Let's try as root user:

root@noble-dc:/home/ubuntu# klist
Ticket cache: FILE:/tmp/krb5cc_11200
Default principal: administra...@samba-dc.example.com

Valid starting     Expires            Service principal
06/16/25 04:26:59  06/16/25 14:26:59  
krbtgt/samba-dc.example....@samba-dc.example.com
        renew until 06/17/25 04:26:56
06/16/25 04:27:09  06/16/25 14:26:59  cifs/samba-dc.example.com@
        renew until 06/17/25 04:26:56
        Ticket server: cifs/samba-dc.example....@samba-dc.example.com
root@noble-dc:/home/ubuntu# umount /mnt/testshare1
root@noble-dc:/home/ubuntu# mount -t cifs -o 
cruid=root,user=root,sec=krb5i,uid=0,gid=0,cred=/tmp/krb5cc_0 
//samba-dc.example.com/demo /mnt/testshare1
root@noble-dc:/home/ubuntu# mount -l | grep cifs
//samba-dc.example.com/demo on /mnt/testshare1 type cifs 
(rw,relatime,vers=3.1.1,sec=krb5i,cruid=0,cache=strict,username=root,uid=0,forceuid,gid=0,forcegid,addr=192.168.122.248,file_mode=0755,dir_mode=0755,soft,nounix,serverino,mapposix,rsize=4194304,wsize=4194304,bsize=1048576,retrans=1,echo_interval=60,actimeo=1,closetimeo=1)
$ journalctl -b0
kernel: CIFS: enabling forceuid mount option implicitly because uid= option is 
specified
kernel: CIFS: enabling forcegid mount option implicitly because gid= option is 
specified
kernel: CIFS: Attempting to mount //samba-dc.example.com/demo
cifs.upcall[2052]: key description: 
cifs.spnego;0;0;39010000;ver=0x2;host=samba-dc.example.com;ip4=192.168.122.248;sec=krb5;uid=0x0;creduid=0x0;user=root;pid=0x7fe
cifs.upcall[2053]: ver=2
cifs.upcall[2053]: host=samba-dc.example.com
cifs.upcall[2053]: ip=192.168.122.248
cifs.upcall[2053]: sec=1
cifs.upcall[2053]: uid=0
cifs.upcall[2053]: creduid=0
cifs.upcall[2053]: user=root
cifs.upcall[2053]: pid=2046
cifs.upcall[2052]: upcall_target=app, switching namespaces to application thread
cifs.upcall[2052]: get_cachename_from_process_env: pid == 0
cifs.upcall[2052]: get_existing_cc: default ccache is FILE:/tmp/krb5cc_0
cifs.upcall[2052]: main: valid service ticket exists in credential cache
cifs.upcall[2052]: handle_krb5_mech: getting service ticket for 
samba-dc.example.com
cifs.upcall[2052]: handle_krb5_mech: using native krb5
cifs.upcall[2052]: handle_krb5_mech: obtained service ticket
cifs.upcall[2052]: Exit status 0

Next, we will just do a run with a patched kernel. I enabled -proposed and
installed:

ubuntu@noble-dc:~$ uname -rv
6.8.0-62-generic #65-Ubuntu SMP PREEMPT_DYNAMIC Mon May 19 17:15:03 UTC 2025

We will keep cifs-utils from -security-proposed installed.

Let's try and standard uid 1000 user:

ubuntu@noble-dc:~$ kinit administra...@samba-dc.example.com
Password for administra...@samba-dc.example.com: 
Warning: Your password will expire in 25 days on Sat Jul 12 01:54:39 2025
ubuntu@noble-dc:~$ klist
Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: administra...@samba-dc.example.com

Valid starting     Expires            Service principal
06/16/25 04:32:50  06/16/25 14:32:50  
krbtgt/samba-dc.example....@samba-dc.example.com
        renew until 06/17/25 04:32:47
ubuntu@noble-dc:~$ sudo mount -t cifs -o 
cruid=ubuntu,user=ubuntu,sec=krb5i,uid=1000,gid=1000,cred=/tmp/krb5cc_1000 
//samba-dc.example.com/demo /mnt/testshare1
ubuntu@noble-dc:~$ mount -l | grep cifs
//samba-dc.example.com/demo on /mnt/testshare1 type cifs 
(rw,relatime,vers=3.1.1,sec=krb5i,cruid=1000,cache=strict,upcall_target=app,username=ubuntu,uid=1000,forceuid,gid=1000,forcegid,addr=192.168.122.248,file_mode=0755,dir_mode=0755,soft,nounix,serverino,mapposix,rsize=4194304,wsize=4194304,bsize=1048576,retrans=1,echo_interval=60,actimeo=1,closetimeo=1)
$ journalctl -b0
kernel: CIFS: enabling forceuid mount option implicitly because uid= option is 
specified
kernel: CIFS: enabling forcegid mount option implicitly because gid= option is 
specified
kernel: CIFS: Attempting to mount //samba-dc.example.com/demo
cifs.upcall[1247]: key description: 
cifs.spnego;0;0;39010000;ver=0x2;host=samba-dc.example.com;ip4=192.168.122.248;sec=krb5;uid=0x3e8;creduid=0x3e8;user=ubuntu;pid=0x4db;upcall_target=app
cifs.upcall[1248]: ver=2
cifs.upcall[1248]: host=samba-dc.example.com
cifs.upcall[1248]: ip=192.168.122.248
cifs.upcall[1248]: sec=1
cifs.upcall[1248]: uid=1000
cifs.upcall[1248]: creduid=1000
cifs.upcall[1248]: user=ubuntu
cifs.upcall[1248]: pid=1243
cifs.upcall[1248]: upcall_target=app
cifs.upcall[1247]: upcall_target=app, switching namespaces to application thread
cifs.upcall[1247]: get_cachename_from_process_env: pathname=/proc/1243/environ
cifs.upcall[1247]: get_existing_cc: default ccache is FILE:/tmp/krb5cc_1000
cifs.upcall[1247]: main: valid service ticket exists in credential cache
cifs.upcall[1247]: handle_krb5_mech: getting service ticket for 
samba-dc.example.com
cifs.upcall[1247]: handle_krb5_mech: using native krb5
cifs.upcall[1247]: handle_krb5_mech: obtained service ticket
cifs.upcall[1247]: Exit status 0

Let's try as a different uid user, e.g. like AD user:

ubuntu@noble-dc:~$ export KRB5CCNAME=/tmp/krb5cc_11200
ubuntu@noble-dc:~$ mv /tmp/krb5cc_1000 /tmp/krb5cc_11200
ubuntu@noble-dc:~$ klist
Ticket cache: FILE:/tmp/krb5cc_11200
Default principal: administra...@samba-dc.example.com

Valid starting     Expires            Service principal
06/16/25 04:32:50  06/16/25 14:32:50  
krbtgt/samba-dc.example....@samba-dc.example.com
        renew until 06/17/25 04:32:47
06/16/25 04:33:01  06/16/25 14:32:50  cifs/samba-dc.example.com@
        renew until 06/17/25 04:32:47
        Ticket server: cifs/samba-dc.example....@samba-dc.example.com
ubuntu@noble-dc:~$ sudo mount -t cifs -o sec=krb5i //samba-dc.example.com/demo 
/mnt/testshare1
ubuntu@noble-dc:~$ mount -l | grep cifs
//samba-dc.example.com/demo on /mnt/testshare1 type cifs 
(rw,relatime,vers=3.1.1,sec=krb5i,cruid=1000,cache=strict,upcall_target=app,username=root,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.122.248,file_mode=0755,dir_mode=0755,soft,nounix,serverino,mapposix,rsize=4194304,wsize=4194304,bsize=1048576,retrans=1,echo_interval=60,actimeo=1,closetimeo=1)
$ journalctl -b0
kernel: CIFS: Attempting to mount //samba-dc.example.com/demo
cifs.upcall[1283]: key description: 
cifs.spnego;0;0;39010000;ver=0x2;host=samba-dc.example.com;ip4=192.168.122.248;sec=krb5;uid=0x0;creduid=0x3e8;user=root;pid=0x4fa;upcall_target=app
cifs.upcall[1284]: ver=2
cifs.upcall[1284]: host=samba-dc.example.com
cifs.upcall[1284]: ip=192.168.122.248
cifs.upcall[1284]: sec=1
cifs.upcall[1284]: uid=0
cifs.upcall[1284]: creduid=1000
cifs.upcall[1284]: user=root
cifs.upcall[1284]: pid=1274
cifs.upcall[1284]: upcall_target=app
cifs.upcall[1283]: upcall_target=app, switching namespaces to application thread
cifs.upcall[1283]: get_cachename_from_process_env: pathname=/proc/1274/environ
cifs.upcall[1283]: get_cachename_from_process_env: cachename = /tmp/krb5cc_11200
cifs.upcall[1283]: get_existing_cc: default ccache is FILE:/tmp/krb5cc_11200
cifs.upcall[1283]: main: valid service ticket exists in credential cache
cifs.upcall[1283]: handle_krb5_mech: getting service ticket for 
samba-dc.example.com
cifs.upcall[1283]: handle_krb5_mech: using native krb5
cifs.upcall[1283]: handle_krb5_mech: obtained service ticket
cifs.upcall[1283]: Exit status 0

Let's try as root user:

root@noble-dc:/home/ubuntu# kinit administra...@samba-dc.example.com
Password for administra...@samba-dc.example.com: 
Warning: Your password will expire in 25 days on Sat Jul 12 01:54:39 2025
root@noble-dc:/home/ubuntu# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administra...@samba-dc.example.com

Valid starting     Expires            Service principal
06/16/25 04:35:58  06/16/25 14:35:58  
krbtgt/samba-dc.example....@samba-dc.example.com
        renew until 06/17/25 04:35:54
root@noble-dc:/home/ubuntu# mount -t cifs -o 
cruid=root,user=root,sec=krb5i,uid=0,gid=0,cred=/tmp/krb5cc_0 
//samba-dc.example.com/demo /mnt/testshare1
root@noble-dc:/home/ubuntu# mount -l | grep cifs
//samba-dc.example.com/demo on /mnt/testshare1 type cifs 
(rw,relatime,vers=3.1.1,sec=krb5i,cruid=0,cache=strict,upcall_target=app,username=root,uid=0,forceuid,gid=0,forcegid,addr=192.168.122.248,file_mode=0755,dir_mode=0755,soft,nounix,serverino,mapposix,rsize=4194304,wsize=4194304,bsize=1048576,retrans=1,echo_interval=60,actimeo=1,closetimeo=1)
$ journalctl -b0
kernel: CIFS: enabling forceuid mount option implicitly because uid= option is 
specified
kernel: CIFS: enabling forcegid mount option implicitly because gid= option is 
specified
kernel: CIFS: Attempting to mount //samba-dc.example.com/demo
cifs.upcall[1312]: key description: 
cifs.spnego;0;0;39010000;ver=0x2;host=samba-dc.example.com;ip4=192.168.122.248;sec=krb5;uid=0x0;creduid=0x0;user=root;pid=0x51c;upcall_target=app
cifs.upcall[1313]: ver=2
cifs.upcall[1313]: host=samba-dc.example.com
cifs.upcall[1313]: ip=192.168.122.248
cifs.upcall[1313]: sec=1
cifs.upcall[1313]: uid=0
cifs.upcall[1313]: creduid=0
cifs.upcall[1313]: user=root
cifs.upcall[1313]: pid=1308
cifs.upcall[1313]: upcall_target=app
cifs.upcall[1312]: upcall_target=app, switching namespaces to application thread
cifs.upcall[1312]: get_cachename_from_process_env: pid == 0
cifs.upcall[1312]: get_existing_cc: default ccache is FILE:/tmp/krb5cc_0
cifs.upcall[1312]: handle_krb5_mech: getting service ticket for 
samba-dc.example.com
cifs.upcall[1312]: handle_krb5_mech: using native krb5
cifs.upcall[1312]: handle_krb5_mech: obtained service ticket
cifs.upcall[1312]: Exit status 0

Everything still mounts okay with the cifs-utils package in -security-
proposed.

Happy to mark verified for noble.

** Tags added: verification-done-noble

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2112614

Title:
  Regression: After CVE-2025-2312 cifs.upcall can't find credential
  caches from user env

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cifs-utils/+bug/2112614/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 2112614] Re: Regression: After CVE-2025-2312 cifs.upcall can't find credential caches from user env

Reply via email to