Bug 201081 - Cannot mount >1 share if shares have share-level security
Cannot mount >1 share if shares have share-level security
Product: Fedora
Classification: Fedora
Component: kernel (Show other bugs)
All Linux
medium Severity high
: ---
: ---
Assigned To: Jeff Layton
Brian Brock
: Reopened
Depends On:
  Show dependency treegraph
Reported: 2006-08-02 13:53 EDT by samba_help_needed
Modified: 2014-06-18 03:35 EDT (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-12-08 07:41:01 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
console log of stracing the first mount (7.32 KB, text/plain)
2006-08-02 14:21 EDT, samba_help_needed
no flags Details
console log of stracing the second (failed) mount (7.42 KB, text/plain)
2006-08-02 14:23 EDT, samba_help_needed
no flags Details
console log of running strace -f when running the first mount command (17.64 KB, text/plain)
2006-08-02 14:58 EDT, samba_help_needed
no flags Details
console log of running strace -f when running the second (failed) mount command (16.89 KB, text/plain)
2006-08-02 14:59 EDT, samba_help_needed
no flags Details
console log of running strace -f -s 65536 when running the first mount command (37.95 KB, text/plain)
2006-08-02 15:10 EDT, samba_help_needed
no flags Details
console log of running strace -f -s 65536 when running the second (failed) mount command (35.05 KB, text/plain)
2006-08-02 15:11 EDT, samba_help_needed
no flags Details
patch 1 -- zero out session password on free (906 bytes, patch)
2008-12-05 16:16 EST, Jeff Layton
no flags Details | Diff
patch 2 -- change args to calc_lanman_hash (7.29 KB, patch)
2008-12-05 16:17 EST, Jeff Layton
no flags Details | Diff
patch 3 -- store password in tcon (3.54 KB, patch)
2008-12-05 16:18 EST, Jeff Layton
no flags Details | Diff

External Trackers
Tracker ID Priority Status Summary Last Updated
Samba Project 3992 None None None Never

  None (edit)
Description samba_help_needed 2006-08-02 13:53:29 EDT
Description of problem:
It is impossible to mount more than one share if the shares have share-level
security and different passwords.

Version-Release number of selected component (if applicable):
Kernel 2.6.17-1.2157_FC5

How reproducible:

Steps to Reproduce:
0.  Use a server that serves two shares with share-level security.  Make sure
the shares have different passwords.
1.  Using the standard mount command and specifying cifs as the fs, mount the
first share (it doesn't matter which one you pick).
2.  Now attempt to mount the second share using the mount command as well.  
Actual results:
This will fail with an "Operation not permitted" error, and ethereal traffic
will show the server responded with STATUS_WRONG_PASSWORD.

Expected results:
The second share should have mounted as well.

Additional info:
Ethereal tracing shows that this bug is occurring because the samba kernel
client is sending the password of the first share for all subsequent share mount

I already filed this bug in the samba bugzilla on the advice of Steve French
(bug 3992), who acknowledged that it's probably a bug (the bug description there
describes addtional details, including pinpointing the problem behaviour). 
Steve is the bugzilla owner there for cifs bugs.

I'm also filing it here so that Fedora people know about it.  Since Fedora made
the decision to take away smbfs from the current kernels, all we're left with it
is cifs, and that means currently people can only access one share at a time if
they're using share-level security (please don't tell me to use user-level
security; if I could, I would).  That's a serious problem.  I'm hoping someone
at Fedora will keep an eye out on the bug in the samba bugzilla, and - once a
fixed version is available (Steve promised to work on it in the next few days) -
will push out a kernel with the fixed samba kernel client as soon as possible.
Comment 1 Jay Fenlason 2006-08-02 13:57:10 EDT
Can you strace both mount commands and attach the output to this bug?  That 
will show whether the second mount command is passing the correct password to 
the kernel.  If it isn't, it's a userspace bug in mount.cifs.  If it is, it's 
a kernel bug, and this bug needs to be reassigned to the kernel folks. 
Comment 2 samba_help_needed 2006-08-02 14:07:05 EDT
I'll do that in a minute, Jay, but I can already tell you that's the case.  If
you look at the additional details in the bug on the samba site (there's a link
to it in this bug), you'll see that ethereal proves that definitively.
Comment 3 samba_help_needed 2006-08-02 14:20:43 EDT
OK, here's how I created the soon-to-be-attached strace console logs.  Please
note this contains my actual server address and passwords, so if one of you has
the ability to change the group permissions on this bug to make it less public,
I'd appreciate it (I couldn't figure out how to do that once the bug's been
filed).  If not, it's not a big deal: I'll change the passwords soon anyway.

Jay, if this isn't what you were looking for, lemme know and I'll fix it.

[root@talisker madwifi]# rmmod cifs
[root@talisker madwifi]# strace mount -t cifs -o ro,password=askari01
//www.bowenjamil.com/Pictures /media/Pictures > /tmp/first_mount.txt 2>&1
[root@talisker madwifi]# strace mount -t cifs -o ro,password=askari03
//www.bowenjamil.com/Music /media/Music > /tmp/second_mount.txt 2>&1
Comment 4 samba_help_needed 2006-08-02 14:22:00 EDT
Created attachment 133501 [details]
console log of stracing the first mount
Comment 5 samba_help_needed 2006-08-02 14:23:15 EDT
Created attachment 133502 [details]
console log of stracing the second (failed) mount
Comment 6 Jay Fenlason 2006-08-02 14:32:39 EDT
Unfortunately, strace didn't follow the fork() that the mount command did 
before exec-ing the mount.cifs command that we're interested in.  Can you 
re-run the tests, using strace -f ? 
Comment 7 samba_help_needed 2006-08-02 14:58:25 EDT
Created attachment 133503 [details]
console log of running strace -f when running the first mount command
Comment 8 samba_help_needed 2006-08-02 14:59:30 EDT
Created attachment 133504 [details]
console log of running strace -f when running the second (failed) mount command
Comment 9 Jay Fenlason 2006-08-02 15:06:02 EDT
Argh!  Now strace is truncating the line we're interested in: 
[pid  1633] mount("//www.{server}.com/Pictures", "/media/Pictures", "cifs", 
MS_RDONLY|MS_MANDLOCK, "unc=//www.{server}.com\\Picture"...) = 0 
(servername redacted for security reasons.)  Can you rerun it again (sigh) 
with strace -f -s 65536 ? 
Comment 10 samba_help_needed 2006-08-02 15:07:53 EDT
I'm getting to learn about all these options to strace I didn't know about. :)  

Further attachments forthcoming very shortly.
Comment 11 samba_help_needed 2006-08-02 15:10:32 EDT
Created attachment 133507 [details]
console log of running strace -f -s 65536 when running the first mount command
Comment 12 samba_help_needed 2006-08-02 15:11:34 EDT
Created attachment 133508 [details]
console log of running strace -f -s 65536 when running the second (failed) mount command
Comment 13 Jay Fenlason 2006-08-02 15:15:34 EDT
Ok.  Now it's clear that mount.cifs is doing the right thing.  Off to the 
kernel team we go. . . 
Comment 14 samba_help_needed 2006-08-02 15:17:03 EDT
OK.  Thanks for helping me track that down.  Please let me know if there's any
other information I can provide.
Comment 15 samba_help_needed 2006-08-04 14:11:38 EDT
Can someone on the kernel team please let me know when I can expect an update on
this?  Thanks!
Comment 16 samba_help_needed 2006-09-15 14:35:03 EDT
It's been a few weeks since I last asked for an update.  Anyone out there, or is
this bug sitting in a black hole?  Bueller?  Bueller?
Comment 17 Dave Jones 2006-10-16 14:20:14 EDT
A new kernel update has been released (Version: 2.6.18-1.2200.fc5)
based upon a new upstream kernel release.

Please retest against this new kernel, as a large number of patches
go into each upstream release, possibly including changes that
may address this problem.

This bug has been placed in NEEDINFO state.
Due to the large volume of inactive bugs in bugzilla, if this bug is
still in this state in two weeks time, it will be closed.

Should this bug still be relevant after this period, the reporter
can reopen the bug at any time. Any other users on the Cc: list
of this bug can request that the bug be reopened by adding a
comment to the bug.

In the last few updates, some users upgrading from FC4->FC5
have reported that installing a kernel update has left their
systems unbootable. If you have been affected by this problem
please check you only have one version of device-mapper & lvm2
installed.  See bug 207474 for further details.

If this bug is a problem preventing you from installing the
release this version is filed against, please see bug 169613.

If this bug has been fixed, but you are now experiencing a different
problem, please file a separate bug for the new problem.

Thank you.
Comment 18 samba_help_needed 2006-10-26 18:24:47 EDT
I tested this with 2.6.18-1.2200.fc5.  The bug is alive and well.  It has 
exactly the same symptoms.  I still need a fix, please.
Comment 19 samba_help_needed 2006-10-26 18:26:51 EDT
I am changing the status from NEEDINFO to ON_DEV.
Comment 20 samba_help_needed 2007-04-29 16:42:26 EDT
Steve, it's been 9 months since you acknowledged the existence/reproducibility 
of this bug in the samba project bugzilla.  Can you please either fix it, or - 
if you're too busy - assign it to someone else who will fix it?  Thanks!

BTW, the samba bugzilla lists you with an ibm e-mail address.  Is that still 
Comment 21 samba_help_needed 2007-10-08 16:03:27 EDT
Hello.  It's been 14 months since I opened this bug, and 5 months since the last
time I asked for an update (at that time, Steve cc'ed someone at IBM about the
bug, but that was it).  No work has happened on this as far as I know.  

Can someone please let me know why this bug just keeps getting ignored?
Comment 22 Chuck Ebbert 2007-10-08 17:06:10 EDT
You should be able to work around this limitation by using NAT for the connections.
Comment 23 Jeff Layton 2007-12-29 07:07:23 EST
I think I see what the problem may be. CIFS tries to share SMB sessions when
there's an existing one, but in this case the sessions really shouldn't be
shared. I'll have a look when I get some time -- this may be fixable.
Comment 24 Bug Zapper 2008-04-03 23:25:53 EDT
Fedora apologizes that these issues have not been resolved yet. We're
sorry it's taken so long for your bug to be properly triaged and acted
on. We appreciate the time you took to report this issue and want to
make sure no important bugs slip through the cracks.

If you're currently running a version of Fedora Core between 1 and 6,
please note that Fedora no longer maintains these releases. We strongly
encourage you to upgrade to a current Fedora release. In order to
refocus our efforts as a project we are flagging all of the open bugs
for releases which are no longer maintained and closing them.

If this bug is still open against Fedora Core 1 through 6, thirty days
from now, it will be closed 'WONTFIX'. If you can reporduce this bug in
the latest Fedora version, please change to the respective version. If
you are unable to do this, please add a comment to this bug requesting
the change.

Thanks for your help, and we apologize again that we haven't handled
these issues to this point.

The process we are following is outlined here:

We will be following the process here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping to ensure this
doesn't happen again.

And if you'd like to join the bug triage team to help make things
better, check out http://fedoraproject.org/wiki/BugZappers
Comment 25 Bug Zapper 2008-05-06 12:11:29 EDT
This bug is open for a Fedora version that is no longer maintained and
will not be fixed by Fedora. Therefore we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen thus bug against that version.

Thank you for reporting this bug and we are sorry it could not be fixed.
Comment 26 Jeff Layton 2008-05-06 12:39:18 EDT
Reopening bug. I'm pretty sure this is still an upstream bug, so moving it to
Comment 27 Bug Zapper 2008-05-13 22:16:04 EDT
Changing version to '9' as part of upcoming Fedora 9 GA.
More information and reason for this action is here:
Comment 28 Bug Zapper 2008-11-25 20:49:49 EST
This bug appears to have been reported against 'rawhide' during the Fedora 10 development cycle.
Changing version to '10'.

More information and reason for this action is here:
Comment 29 Jeff Layton 2008-12-05 16:16:53 EST
Created attachment 325909 [details]
patch 1 -- zero out session password on free

minor cleanup/security patch
Comment 30 Jeff Layton 2008-12-05 16:17:54 EST
Created attachment 325910 [details]
patch 2 -- change args to calc_lanman_hash

the current function assumes that the password is attached to the smb session
Comment 31 Jeff Layton 2008-12-05 16:18:54 EST
Created attachment 325911 [details]
patch 3 -- store password in tcon

store the password in the tree-connect struct so that each share can use an individual password for share-level security
Comment 32 Jeff Layton 2008-12-05 16:20:45 EST
With these 3 patches, this now works for me. The patches here may not apply to anything but the latest upstream code, however.

I've sent this to the upstream CIFS maintainer for comment. It may need some tweaking before it goes in, but should basically work. If you're able to test these patches, then let me know if they work for you.
Comment 33 Jeff Layton 2008-12-08 07:41:01 EST
Patchset to fix this is now upstream in Steve French's cifs-2.6 git tree. I'm going to close this with a resolution of UPSTREAM. The fix should show up in 2.6.29.

Note You need to log in before you can comment on or make changes to this bug.