Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 227973 - cifs does not allow null user names
Summary: cifs does not allow null user names
Keywords:
Status: CLOSED DUPLICATE of bug 238597
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: kernel
Version: 5.0
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
: ---
Assignee: Jeff Layton
QA Contact: Brian Brock
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-02-09 08:24 UTC by Dax Kelson
Modified: 2007-11-30 22:07 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2007-05-09 13:42:20 UTC
Target Upstream Version:


Attachments (Terms of Use)
proposed patch -- make sec=none force an anonymous mount (deleted)
2007-05-03 18:35 UTC, Jeff Layton
no flags Details | Diff


Links
System ID Priority Status Summary Last Updated
Samba Project 4039 None None None Never

Description Dax Kelson 2007-02-09 08:24:22 UTC
Description of problem:

If you create a Samba or Windows share with "guest ok = yes" you will be able to
mount it with smbfs but not cifs.

mount -t smbfs //station11.class2/tmp /mnt/tmp
Password: <enter>
Anonymous login successful

behind the scenes smbfs tries to login with username "nobody" then it retries
with a null username which works.

If you try with cifs you get:

mount -t cifs //station11.class2/tmp /mnt -o guest,sec=none
mount error 13 = Permission denied
Refer to the mount.cifs(8) manual page (e.g.man mount.cifs)

According to the Samba bug, the fix is in cifs-2.6.git branch which was merged
by Linus on Nov 3rd 2006 (and consequently is in the 2.6.20 kernel release).

Please back port this bug fix to the RHEL5 kernel.

The patch is here:
http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=0b0e0b5f1a22c20c0f127fb9b457136d6c3ca8ed;hp=895663cd92574367054e0eb604a7428852f359b8#patch2

Comment 1 Dax Kelson 2007-04-26 21:46:00 UTC
On testing it doesn't appear that patch fixed the problem. But maybe someone
else could check. It has been awhile.

Comment 2 Jeff Layton 2007-04-27 12:54:33 UTC
Yep, testing this on a F7 host gives me:

# mount /mnt/cifspub
mount error 13 = Permission denied
Refer to the mount.cifs(8) manual page (e.g.man mount.cifs)

So it looks like it's still an upstream bug. I suggest we work on fixing this
upstream first...

Mount options I'm using:

guest,domain=EXAMPLE,ro

Here's the mount syscall from mount.cifs. It looks like if you don't specify a
username you get "root":

mount("//dantu.rdu.redhat.com/public", "/mnt/cifspub", "cifs",
MS_RDONLY|MS_MANDLOCK,
"unc=//dantu.rdu.redhat.com\\public,ip=xxx.yyy.xxx.yyy,user=root,ver=1,ro,noauto,domain=EXAMPLE")
= -1 EACCES (Permission denied)

I'll have a look at some wire captures and see if I can tell what's happening...


Comment 3 Jeff Layton 2007-04-27 13:52:31 UTC
smbclient:

  0.015790 172.16.59.138 -> 172.16.57.196 SMB Session Setup AndX Request,
NTLMSSP_AUTH, User: EXAMPLE\guest
  0.020689 172.16.57.196 -> 172.16.59.138 SMB Session Setup AndX Response,
Error: STATUS_LOGON_FAILURE
  0.020810 172.16.59.138 -> 172.16.57.196 SMB Session Setup AndX Request, User:
anonymous
  0.021646 172.16.57.196 -> 172.16.59.138 SMB Session Setup AndX Response

CIFS client mount:

  0.012033 172.16.59.138 -> 172.16.57.196 SMB Session Setup AndX Request, User:
EXAMPLE\guest
  0.012471 172.16.57.196 -> 172.16.59.138 SMB Session Setup AndX Response,
Error: STATUS_LOGON_FAILURE

So smbclient tries to log in as user "EXAMPLE\guest" and fails and then retries
with user "anonymous". CIFS tries to just log in as EXAMPLE\guest and then gives up.

There also seem to be some differences in the session setup packet
(NTLMSSP_AUTH), but I'm not sure if that's significant.


Comment 4 Jeff Layton 2007-05-03 18:35:38 UTC
Created attachment 154058 [details]
proposed patch -- make sec=none force an anonymous mount

This is the proposed patch I've sent upstream. It makes sec=none override the
username passed from mount.cifs and force an anonymous mount. Awaiting feedback
from upstream at this point...

Comment 7 RHEL Product and Program Management 2007-05-07 11:44:02 UTC
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.

Comment 9 Jeff Layton 2007-05-09 13:42:20 UTC
I'm planning a large update for 5.1 so closing this as a duplicate of that
tracker bug.


*** This bug has been marked as a duplicate of 238597 ***

Comment 10 Dax Kelson 2007-05-09 14:26:34 UTC
(In reply to comment #4)
> Created an attachment (id=154058) [edit]
> proposed patch -- make sec=none force an anonymous mount
> 
> This is the proposed patch I've sent upstream. It makes sec=none override the
> username passed from mount.cifs and force an anonymous mount. Awaiting feedback
> from upstream at this point...

Did you get any feedback from upstream?

Comment 11 Jeff Layton 2007-05-09 14:37:16 UTC
Yes. The patch was incorporated into Steve French's CIFS git tree, so I think
it'll go in as is.


Note You need to log in before you can comment on or make changes to this bug.