GNOME Bugzilla – Bug 582277
gvfs with smbclient support doesn't pass anonymous browsing
Last modified: 2018-09-21 16:44:58 UTC
Please describe the problem: gvfs subsystem not trying for force anonymous browse on SMB network when other kredentical (login/pw/Kerberos) is not correct. for example, gvfs-ls smb:/// no showing anything and as effects, some application (nautilus) not showing anything in Network. Problem appear with upgrading to Gnome 2.26.0 with gvfs-1.2.2 Steps to reproduce: 1. gvfs-ls smb:/// or go to Network browsing in Nautilus when PC in Windows browseable network 2. 3. Actual results: i've see nothing Expected results: There should be a network environment. Such behaviour was on the previous versions gvfs Does this happen every time? yes Other information: some problem with forcing anonymous attempt in daemon/gvfsbackendsmbbrowse.c
Back-posting interesting comment from FreeBSD bug (http://www.freebsd.org/cgi/query-pr.cgi?pr=134361) Fix: this code is not patch, just try forcing anonymous attempt (for /usr/local/libexec/gvfsd-smb-browse) and this work, so the truth is out there --- daemon/gvfsbackendsmbbrowse.c 2009-02-26 12:12:24.000000000 +0300 +++ gvfsbackendsmbbrowse.c 2009-05-07 20:22:56.000000000 +0400 @@ -318,6 +318,12 @@ return; } + /* Try anon login */ + strncpy (username_out, "", unmaxlen); + strncpy (password_out, "", pwmaxlen); + /* Try again if anon login fails */ + backend->mount_try_again = TRUE; + if (backend->mount_try == 0 && backend->user == NULL && backend->domain == NULL)
The current designed behaviour is like this: 1. login name specified - no anonymous - Kerberos is enabled in the first try, with fallback to standard password authentication 2. no login name specified - anonymous and Kerberos are enabled, if both fails, we fall back to standard password prompt again The question is, do we want to change this and fall back to anonymous? At least in the first case users might be confused. Perhaps only when browsing network (i.e. type=smb-network - e.g. smb:/// or a workgroup) we should use anonymous + kerberos, disabling password auth. Type=smb-server requires full authentication. TBD. Anyway, `GFS_DEBUG=1 /usr/libexec/gvfsd-smb-browse type=smb-network` output would be appreciated.
(In reply to comment #1) > + /* Try anon login */ > + strncpy (username_out, "", unmaxlen); > + strncpy (password_out, "", pwmaxlen); Passing empty string as an username makes libsmbclient confused and from my experiments it's unable to do Kerberos authentication properly. I wonder if passing empty strings would make such big difference to smbclient - in anonymous pass we only clear password but we keep username and domain (which is almost never used anyway). I'm still thinking about my previous proposal to diferentiate smb-network from smb-server, this will require heavy testing but could improve robustness. It's somewhat connected to the bug 582612 - I'm curious to see any real improvement when upgrading from samba 3.0 series to 3.2.
-- GitLab Migration Automatic Message -- This bug has been migrated to GNOME's GitLab instance and has been closed from further activity. You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.gnome.org/GNOME/gvfs/issues/95.