Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
For bugs related to Red Hat Enterprise Linux 5 product line. The current stable release is 5.10. For Red Hat Enterprise Linux 6 and above, please visit Red Hat JIRA https://issues.redhat.com/secure/CreateIssue!default.jspa?pid=12332745 to report new issues.

Bug 227973

Summary: cifs does not allow null user names
Product: Red Hat Enterprise Linux 5 Reporter: Dax Kelson <dkelson>
Component: kernelAssignee: Jeff Layton <jlayton>
Status: CLOSED DUPLICATE QA Contact: Brian Brock <bbrock>
Severity: medium Docs Contact:
Priority: medium    
Version: 5.0CC: staubach, steved
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-05-09 13:42:20 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
proposed patch -- make sec=none force an anonymous mount none

Description Dax Kelson 2007-02-09 08:24:22 UTC 
Description of problem:

If you create a Samba or Windows share with "guest ok = yes" you will be able to
mount it with smbfs but not cifs.

mount -t smbfs //station11.class2/tmp /mnt/tmp
Password: <enter>
Anonymous login successful

behind the scenes smbfs tries to login with username "nobody" then it retries
with a null username which works.

If you try with cifs you get:

mount -t cifs //station11.class2/tmp /mnt -o guest,sec=none
mount error 13 = Permission denied
Refer to the mount.cifs(8) manual page (e.g.man mount.cifs)

According to the Samba bug, the fix is in cifs-2.6.git branch which was merged
by Linus on Nov 3rd 2006 (and consequently is in the 2.6.20 kernel release).

Please back port this bug fix to the RHEL5 kernel.

The patch is here:
http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=0b0e0b5f1a22c20c0f127fb9b457136d6c3ca8ed;hp=895663cd92574367054e0eb604a7428852f359b8#patch2
Comment 1 Dax Kelson 2007-04-26 21:46:00 UTC 
On testing it doesn't appear that patch fixed the problem. But maybe someone
else could check. It has been awhile.
Comment 2 Jeff Layton 2007-04-27 12:54:33 UTC 
Yep, testing this on a F7 host gives me:

# mount /mnt/cifspub
mount error 13 = Permission denied
Refer to the mount.cifs(8) manual page (e.g.man mount.cifs)

So it looks like it's still an upstream bug. I suggest we work on fixing this
upstream first...

Mount options I'm using:

guest,domain=EXAMPLE,ro

Here's the mount syscall from mount.cifs. It looks like if you don't specify a
username you get "root":

mount("//dantu.rdu.redhat.com/public", "/mnt/cifspub", "cifs",
MS_RDONLY|MS_MANDLOCK,
"unc=//dantu.rdu.redhat.com\\public,ip=xxx.yyy.xxx.yyy,user=root,ver=1,ro,noauto,domain=EXAMPLE")
= -1 EACCES (Permission denied)

I'll have a look at some wire captures and see if I can tell what's happening...
Comment 3 Jeff Layton 2007-04-27 13:52:31 UTC 
smbclient:

  0.015790 172.16.59.138 -> 172.16.57.196 SMB Session Setup AndX Request,
NTLMSSP_AUTH, User: EXAMPLE\guest
  0.020689 172.16.57.196 -> 172.16.59.138 SMB Session Setup AndX Response,
Error: STATUS_LOGON_FAILURE
  0.020810 172.16.59.138 -> 172.16.57.196 SMB Session Setup AndX Request, User:
anonymous
  0.021646 172.16.57.196 -> 172.16.59.138 SMB Session Setup AndX Response

CIFS client mount:

  0.012033 172.16.59.138 -> 172.16.57.196 SMB Session Setup AndX Request, User:
EXAMPLE\guest
  0.012471 172.16.57.196 -> 172.16.59.138 SMB Session Setup AndX Response,
Error: STATUS_LOGON_FAILURE

So smbclient tries to log in as user "EXAMPLE\guest" and fails and then retries
with user "anonymous". CIFS tries to just log in as EXAMPLE\guest and then gives up.

There also seem to be some differences in the session setup packet
(NTLMSSP_AUTH), but I'm not sure if that's significant.
Comment 4 Jeff Layton 2007-05-03 18:35:38 UTC 
Created attachment 154058 [details]
proposed patch -- make sec=none force an anonymous mount

This is the proposed patch I've sent upstream. It makes sec=none override the
username passed from mount.cifs and force an anonymous mount. Awaiting feedback
from upstream at this point...
Comment 7 RHEL Program Management 2007-05-07 11:44:02 UTC 
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.
Comment 9 Jeff Layton 2007-05-09 13:42:20 UTC 
I'm planning a large update for 5.1 so closing this as a duplicate of that
tracker bug.


*** This bug has been marked as a duplicate of 238597 ***
Comment 10 Dax Kelson 2007-05-09 14:26:34 UTC 
(In reply to comment #4)
> Created an attachment (id=154058) [edit]
> proposed patch -- make sec=none force an anonymous mount
> 
> This is the proposed patch I've sent upstream. It makes sec=none override the
> username passed from mount.cifs and force an anonymous mount. Awaiting feedback
> from upstream at this point...

Did you get any feedback from upstream?
Comment 11 Jeff Layton 2007-05-09 14:37:16 UTC 
Yes. The patch was incorporated into Steve French's CIFS git tree, so I think
it'll go in as is.