GNOME Bugzilla – Bug 171468
samba server login fails if user enters wrong password first time
Last modified: 2005-04-07 00:30:49 UTC
Please describe the problem: a) Launch nautilus b) Browse to samba location smb:// c) Browse to a server which requires authentication details to login d) Authentication dialog pops up; enter username, domain and incorrect password for the user e) Since user provided wrong password, authentication dialog pops again. This time enter correct password. The dialog appears again even if username, domain, password details are correct. So, in this case, user will never be able to login into the samba server if he/she enters wrong password, first time. Steps to reproduce: 1. 2. 3. Actual results: Expected results: Entering wrong password is very common. smb method should take correct password entered later and display shares. Does this happen every time? Yes Other information:
I have evaluated the bug and know the root cause. The problem lies in libsmbclient.so library. I have filed a bug against samba. https://bugzilla.samba.org/show_bug.cgi?id=2543. Also submitted a patch there to fix the issue. But I also feel we need to change smb method also a bit to take care of the issue completely. I have an idea on what to do and how to do. Will update evaluation and patch on 29/03/2005.
This problem may not be seen on all networks and all servers. When correct username, domain, but wrong password, are entered first time, libsmbclient library tries to set up a session with the server. But since password is wrong, login fails. Then it tries to setup session with anonymous login. If anonymous login succeeds, the server details (server, share, domain and username) for this connection is cached. Anonymous login into server might succeed, but, these details may not be suffifient to list shares. Failure to list shares prompts authentication once again. Now, second time, even if user provides correct password for the same user, the server is found from the cache for the 'server, share, domain and username' combination. But this server details are wrong and it will not list shares again. This goes in loop and user will never be able to see shares from server. Note: This problem will be seen only for servers which allow anonymous login. In smb-method code, if authentication details are asked after previous attempt is failed, then see if there is a server in cache with these details. If server is found in cache, remove it. Its better to do this even if samba community takes patch given to https://bugzilla.samba.org/show_bug.cgi?id=2543
Created attachment 39433 [details] [review] Proposed patch
What version of Samba are you running? In particular do you have the version that includes our recent patches? https://bugzilla.samba.org/show_bug.cgi?id=2092 Samba 3.0.11 and later have included the modifications that prevent auto logins, when not requested by gnome-vfs. I'm closing this bug, but if you feel that this is is error, please feel free to reopen it with further details.
BTW, the samba changes are still valid (though the patch may need to be redone against a newever version of samba). But the samba changes don't apply to or affect gnome-vfs's use of libsmbclient where the samba version >= 3.0.11. Again if there's something I'm missing here, please point it out.
Nielsen, I am using samba-3.0.9. You are correct that this patch may not be required if samba version is 3.0.11. But many of the current distros have either samba 3.0.4, 3.0.5 or 3.0.9. So, this issue will be there in all those distros. Keeping that in mind, I feel this patch needs to be considered as it does not do any harm, even if samba version is 3.0.11. The patch makes an extra check to ensure the server cache is upto date. Anyways, its upto you to take a decision on this :) -Narayana
Distros that ship recent gnome-vfs really do have to patch their samba if they ship the old one. gnome-vfs can't really do a good job without them.
Created attachment 39534 [details] [review] Proposed update to patch Yes, true. I've made a few changes to the patch. - Have get_cached_server call find_cached_server to avoid duplicated code. - Move the calls in auth_callback, as the code right above modifies some of of the lookup parameters (ie: username_out ...) Does that work for you? If so, then it looks ready to be committed.
The above patch still does not work. In auth_callback, the check for server in cache has to be done at the end, just before returning new values to libsmbclient. Idea is to check for server entry with the new username/domain values user has entered. So, it works if the check is at the end of the function, as done in the patch I uploaded.
Okay, I guess then the first part of my patch and the last part of your patch would be the solution.
True. To make it easier for you, recreated the patch with the suggested changes and tested. It can be committed directly now.
Created attachment 39665 [details] [review] re-created patch to fix the issue
Thanks, committed.