[PATCH 3/3] smb: client: Add tracepoint for krb5 auth

[Paulo Alcantara <pc@manguebit.org>]

Add tracepoint to help debugging krb5 auth failures.

Example:

$ trace-cmd record -e smb3_kerberos_auth
$ mount.cifs ...
$ trace-cmd report
mount.cifs-1667 [003] .....  5810.668549: smb3_kerberos_auth: vers=2
host=w22-dc1.zelda.test ip=192.168.124.30:445 sec=krb5 uid=0 cruid=0
user=root pid=1667 upcall_target=app err=-126

Signed-off-by: Paulo Alcantara (Red Hat) <pc@manguebit.org>
Cc: Pierguido Lambri <plambri@redhat.com>
Cc: David Howells <dhowells@redhat.com>
Cc: linux-cifs@vger.kernel.org
---
 fs/smb/client/cifs_spnego.c | 25 ++++++++++------
 fs/smb/client/smb2pdu.c     |  2 --
 fs/smb/client/trace.h       | 60 +++++++++++++++++++++++++++++++++++++
 3 files changed, 76 insertions(+), 11 deletions(-)

diff --git a/fs/smb/client/cifs_spnego.c b/fs/smb/client/cifs_spnego.c
index da935bd1ce87..48e90773462c 100644
--- a/fs/smb/client/cifs_spnego.c
+++ b/fs/smb/client/cifs_spnego.c
@@ -84,12 +84,13 @@ struct key *
 cifs_get_spnego_key(struct cifs_ses *sesInfo,
 		    struct TCP_Server_Info *server)
 {
-	struct sockaddr_in *sa = (struct sockaddr_in *) &server->dstaddr;
 	struct sockaddr_in6 *sa6 = (struct sockaddr_in6 *) &server->dstaddr;
+	struct sockaddr_in *sa = (struct sockaddr_in *) &server->dstaddr;
+	const char *hostname = server->hostname;
+	const char *sec = "krb5";
 	char *description, *dp;
-	size_t desc_len;
 	struct key *spnego_key;
-	const char *hostname = server->hostname;
+	size_t desc_len;
 
 	/* length of fields (with semicolons): ver=0xyz ip4=ipaddress
 	   host=hostname sec=mechanism uid=0xFF user=username */
@@ -130,15 +131,14 @@ cifs_get_spnego_key(struct cifs_ses *sesInfo,
 
 	/* for now, only sec=krb5 and sec=mskrb5 and iakerb are valid */
 	if (server->sec_kerberos)
-		dp += sprintf(dp, ";sec=krb5");
+		sec = "krb5";
 	else if (server->sec_mskerberos)
-		dp += sprintf(dp, ";sec=mskrb5");
+		sec = "mskrb5";
 	else if (server->sec_iakerb)
-		dp += sprintf(dp, ";sec=iakerb");
-	else {
+		sec = "iakerb";
+	else
 		cifs_dbg(VFS, "unknown or missing server auth type, use krb5\n");
-		dp += sprintf(dp, ";sec=krb5");
-	}
+	dp += sprintf(dp, ";sec=%s", sec);
 
 	dp += sprintf(dp, ";uid=0x%x",
 		      from_kuid_munged(&init_user_ns, sesInfo->linux_uid));
@@ -159,6 +159,13 @@ cifs_get_spnego_key(struct cifs_ses *sesInfo,
 	cifs_dbg(FYI, "key description = %s\n", description);
 	scoped_with_creds(spnego_cred)
 		spnego_key = request_key(&cifs_spnego_key_type, description, "");
+	trace_smb3_kerberos_auth(CIFS_SPNEGO_UPCALL_VERSION,
+				 hostname, &server->dstaddr, sec,
+				 from_kuid_munged(&init_user_ns, sesInfo->linux_uid),
+				 from_kuid_munged(&init_user_ns, sesInfo->cred_uid),
+				 sesInfo->user_name, current->pid,
+				 sesInfo->upcall_target == UPTARGET_MOUNT ? "mount" : "app",
+				 IS_ERR(spnego_key) ? PTR_ERR(spnego_key) : 0);
 
 #ifdef CONFIG_CIFS_DEBUG2
 	if (cifsFYI && !IS_ERR(spnego_key)) {
diff --git a/fs/smb/client/smb2pdu.c b/fs/smb/client/smb2pdu.c
index 0d2940808be6..599cdc6db46c 100644
--- a/fs/smb/client/smb2pdu.c
+++ b/fs/smb/client/smb2pdu.c
@@ -1691,8 +1691,6 @@ SMB2_auth_kerberos(struct SMB2_sess_data *sess_data)
 	spnego_key = cifs_get_spnego_key(ses, server);
 	if (IS_ERR(spnego_key)) {
 		rc = PTR_ERR(spnego_key);
-		if (rc == -ENOKEY)
-			cifs_dbg(VFS, "Verify user has a krb5 ticket and keyutils is installed\n");
 		spnego_key = NULL;
 		goto out;
 	}
diff --git a/fs/smb/client/trace.h b/fs/smb/client/trace.h
index 252073352e79..0d0261777aa9 100644
--- a/fs/smb/client/trace.h
+++ b/fs/smb/client/trace.h
@@ -1692,6 +1692,66 @@ DEFINE_SMB3_CREDIT_EVENT(waitff_credits);
 DEFINE_SMB3_CREDIT_EVENT(overflow_credits);
 DEFINE_SMB3_CREDIT_EVENT(set_credits);
 
+DECLARE_EVENT_CLASS(smb3_kerberos_class,
+		    TP_PROTO(int vers,
+			     const char *host,
+			     const struct __kernel_sockaddr_storage *addr,
+			     const char *sec,
+			     uid_t uid,
+			     uid_t cruid,
+			     const char *user,
+			     pid_t pid,
+			     const char *upcall_target,
+			     int rc),
+		    TP_ARGS(vers, host, addr, sec, uid, cruid, user, pid, upcall_target, rc),
+		    TP_STRUCT__entry(
+			    __field(int, vers)
+			    __string(host, host)
+			    __array(__u8, addr, sizeof(struct sockaddr_storage))
+			    __string(sec, sec)
+			    __field(uid_t, uid)
+			    __field(uid_t, cruid)
+			    __string(user, user)
+			    __field(pid_t, pid)
+			    __string(upcall_target, upcall_target)
+			    __field(int, rc)
+		    ),
+		    TP_fast_assign(
+			    struct sockaddr_storage *pss = NULL;
+
+			    __entry->vers = vers;
+			    __assign_str(host);
+			    pss = (struct sockaddr_storage *)__entry->addr;
+			    *pss = *addr;
+			    __assign_str(sec);
+			    __entry->uid = uid;
+			    __entry->cruid = cruid;
+			    __assign_str(user);
+			    __entry->pid = pid;
+			    __assign_str(upcall_target);
+			    __entry->rc = rc;
+		    ),
+		    TP_printk("vers=%d host=%s ip=%pISpsfc sec=%s uid=%d cruid=%d user=%s pid=%d upcall_target=%s err=%d",
+			      __entry->vers, __get_str(host), __entry->addr,
+			      __get_str(sec), __entry->uid, __entry->cruid,
+			      __get_str(user), __entry->pid, __get_str(upcall_target),
+			      __entry->rc))
+
+#define DEFINE_SMB3_KERBEROS_EVENT(name) \
+DEFINE_EVENT(smb3_kerberos_class, smb3_##name, \
+	TP_PROTO(int vers, \
+		 const char *host, \
+		 const struct __kernel_sockaddr_storage *addr, \
+		 const char *sec, \
+		 uid_t uid, \
+		 uid_t cruid, \
+		 const char *user, \
+		 pid_t pid, \
+		 const char *upcall_target, \
+		 int rc), \
+	TP_ARGS(vers, host, addr, sec, uid, cruid, user, pid, upcall_target, rc))
+
+DEFINE_SMB3_KERBEROS_EVENT(kerberos_auth);
 
 TRACE_EVENT(smb3_tcon_ref,
 	    TP_PROTO(unsigned int tcon_debug_id, int ref,
-- 
2.52.0