NetBSD Problem Report #32513

From mlelstv@henery.1st.de  Thu Jan 12 21:09:37 2006
Return-Path: <mlelstv@henery.1st.de>
Received: from serpens.de (serpens.de [62.208.181.200])
	by narn.netbsd.org (Postfix) with ESMTP id 1A53A63B84F
	for <gnats-bugs@gnats.NetBSD.org>; Thu, 12 Jan 2006 21:09:36 +0000 (UTC)
Message-Id: <200601122109.k0CL9Uba002640@henery.1st.de>
Date: Thu, 12 Jan 2006 22:09:30 +0100 (CET)
From: mlelstv@serpens.de
Reply-To: mlelstv@serpens.de
To: gnats-bugs@netbsd.org
Subject: smbfs forbids anonymous mounts
X-Send-Pr-Version: 3.95

>Number:         32513
>Category:       kern
>Synopsis:       smbfs forbids anonymous mounts
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    kern-bug-people
>State:          closed
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Jan 12 21:10:00 +0000 2006
>Closed-Date:    Sat Apr 04 16:12:12 +0000 2020
>Last-Modified:  Sat Apr 04 16:12:12 +0000 2020
>Originator:     Michael van Elst
>Release:        NetBSD 3.0_STABLE
>Organization:
-- 
                                Michael van Elst
Internet: mlelstv@serpens.de
                                "A potential Snark may lurk in every tree."
>Environment:


System: NetBSD henery 3.0_STABLE NetBSD 3.0_STABLE (HENERY) #23: Thu Jan 12 21:50:28 CET 2006 src@henery:/usr/obj/home/src/sys/arch/i386/compile/HENERY i386
Architecture: i386
Machine: i386
>Description:
smbfs forbids anonymous mounts.

The default for mount_smbfs is to access the SMB server with
a username identical to the currently logged in user. You
can specify a different user in the path string as //user@server/
or with the undocumented option -U. However, the first doesn't
parse an empty username and the second is filtered out later.

The kernel part in sys/netsmb does support anonymous mounts
by chosing an empty username and an empty password. But here
again, the username is validated as being non-empty.

>How-To-Repeat:
% mount_smbfs -U "" -N -I server-ip '//*SMB-SERVER/share' /mnt
mount_smbfs: unable to open connection
mount_smbfs: mount error for /mnt: Socket is not connected

>Fix:
Removing all the checks for an empty username makes anonymous
mounts work. I didn't try to patch the path parser to allow
//@server/share, documenting -U however should be enough.

Index: dist/smbfs/lib/smb/ctx.c
===================================================================
RCS file: /cvsroot/src/dist/smbfs/lib/smb/ctx.c,v
retrieving revision 1.9
diff -u -r1.9 ctx.c
--- dist/smbfs/lib/smb/ctx.c	21 Mar 2004 12:30:51 -0000	1.9
+++ dist/smbfs/lib/smb/ctx.c	12 Jan 2006 21:05:24 -0000
@@ -508,11 +508,13 @@
 		smb_error("no server name specified", 0);
 		return EINVAL;
 	}
+#ifdef NOANON
 	if (ssn->ioc_user[0] == 0) {
 		smb_error("no user name specified for server %s",
 		    0, ssn->ioc_srvname);
 		return EINVAL;
 	}
+#endif
 	if (ctx->ct_minlevel >= SMBL_SHARE && sh->ioc_share[0] == 0) {
 		smb_error("no share name specified for %s@%s",
 		    0, ssn->ioc_user, ssn->ioc_srvname);
Index: sys/netsmb/smb_usr.c
===================================================================
RCS file: /cvsroot/src/sys/netsmb/smb_usr.c,v
retrieving revision 1.10
diff -u -r1.10 smb_usr.c
--- sys/netsmb/smb_usr.c	26 Feb 2005 22:39:50 -0000	1.10
+++ sys/netsmb/smb_usr.c	12 Jan 2006 21:05:24 -0000
@@ -67,8 +67,10 @@
 	int flags = 0;

 	bzero(spec, sizeof(*spec));
+#ifdef NOANON
 	if (dp->ioc_user[0] == 0)
 		return EINVAL;
+#endif
 	if (dp->ioc_server == NULL)
 		return EINVAL;
 	if (dp->ioc_localcs[0] == 0) {

>Release-Note:

>Audit-Trail:

Responsible-Changed-From-To: kern-bug-people->jmmv
Responsible-Changed-By: jmmv@NetBSD.org
Responsible-Changed-When: Sat, 10 Jul 2010 08:04:32 +0000
Responsible-Changed-Why:
I just hit this issue myself, so may try to look at it.


From: Michael van Elst <mlelstv@serpens.de>
To: gnats-bugs@NetBSD.org
Cc: jmmv@NetBSD.org, kern-bug-people@NetBSD.org, netbsd-bugs@NetBSD.org,
        gnats-admin@NetBSD.org
Subject: Re: kern/32513 (smbfs forbids anonymous mounts)
Date: Sat, 10 Jul 2010 10:15:54 +0200

 On Sat, Jul 10, 2010 at 08:04:33AM +0000, jmmv@NetBSD.org wrote:
 > Synopsis: smbfs forbids anonymous mounts
 > 
 > Responsible-Changed-From-To: kern-bug-people->jmmv
 > Responsible-Changed-By: jmmv@NetBSD.org
 > Responsible-Changed-When: Sat, 10 Jul 2010 08:04:32 +0000
 > Responsible-Changed-Why:
 > I just hit this issue myself, so may try to look at it.

 I have (or had?) a patch. But maybe we should first update the
 code, FreeBSD has a much more recent version.


 -- 
                                 Michael van Elst
 Internet: mlelstv@serpens.de
                                 "A potential Snark may lurk in every tree."

Responsible-Changed-From-To: jmmv->kern-bug-people
Responsible-Changed-By: jmmv@NetBSD.org
Responsible-Changed-When: Sat, 14 Jul 2012 19:34:26 +0000
Responsible-Changed-Why:
Reallistically, I'm not going to look at this.

Plus, our smbfs code is riddled with bugs.  We really should import a more
recent version from FreeBSD and reevaluate all smbfs-related PRs...


State-Changed-From-To: open->closed
State-Changed-By: jdolecek@NetBSD.org
State-Changed-When: Sat, 04 Apr 2020 16:12:12 +0000
State-Changed-Why:
Obsolete, SMBFS/nsmb was removed from the tree. Thanks for report.


>Unformatted:

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: gnats-precook-prs,v 1.4 2018/12/21 14:20:20 maya Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2017 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.