This service will be undergoing maintenance at 00:00 UTC, 2016-08-01. It is expected to last about 1 hours
Bug 500123 - No access to read protected public shares
No access to read protected public shares
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: gnome-user-share (Show other bugs)
11
i686 Linux
low Severity medium
: ---
: ---
Assigned To: Bastien Nocera
Fedora Extras Quality Assurance
:
: 505060 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-05-11 05:45 EDT by louy2k
Modified: 2010-02-24 01:15 EST (History)
8 users (show)

See Also:
Fixed In Version: 2.26.0-3.fc11
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-08-21 21:06:50 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
dmesg output (28.39 KB, text/plain)
2009-05-22 09:54 EDT, louy2k
no flags Details


External Trackers
Tracker ID Priority Status Summary Last Updated
GNOME Desktop 586755 None None None Never

  None (edit)
Description louy2k 2009-05-11 05:45:32 EDT
Description of problem:
No access to a password read protected public file share

Version-Release number of selected component (if applicable):
gnome-user-share.i586 2.26.0-2.fc11

How reproducible:
Always

Steps to Reproduce:
0. On the very same computer from step 1 to 5:

1. Define a password for Gnome Personal File Sharing for "network public file sharing"/Password required/Always
2. Display current network resources
3. Double click on the requested remote resource xxxxx's public files on x.computer.xxx
4. Pop-up windows appears and requests password to be provided for "Please log in as the user guest"
5. Type in the password defined at step 1

Actual results:
Error pop-up window saying "HTTP Error : Authorization Required"

Expected results:
Same result as the same procedure with Password required/Never option at step 1 instead of Always, ie creation at desktop level of a icon labeled "xxxxx public files on x.computer.xxx"

Additional info:
Updated out of the box Fedora 11.
Accessing an unprotected share works fine.
Comment 1 Matthias Clasen 2009-05-11 20:54:20 EDT
I am seeing this too.

Additional issues observed when password is 'Never': Mounting succeeds, but the window I open has a title of '/', which is confusing at best.

Additional issues observed when password is 'When writing': Mounting succeeds, but when trying to create a file, I get an error dialog that says


Error while creating file new file.

There was an error creating the directory in dav+sd://mclasen%2527s%2520public%2520files%2520on%2520planemask._webdav._tcp.local/.

Details:

Authorization Required


There's obviously multiple issues here...
Comment 2 Matthias Clasen 2009-05-12 10:01:44 EDT
This may acutally be a gvfs bug, ccing tbzatek
Comment 3 Bastien Nocera 2009-05-12 10:19:26 EDT
louy2k, could you please set the LogLevel to debug in:
/usr/share/gnome-user-share/dav_user_2.2.conf
and restart the HTTP sharing in gnome-user-share (untick/tick the http sharing in the properties will do).

This should give us some debug, the files will be in:
~/.config/user-share/log
You might want to remove that file before restarting the share, to be sure it's empty.

I'm pretty sure this is a gvfs bug, and that it would work fine (or at least as well as it used to) from an F10 machine accessing the F11 gnome-user-share.
Comment 4 louy2k 2009-05-12 14:06:48 EDT
I have changed config from :

cat /usr/share/gnome-user-share/dav_user_2.2.conf
ServerRoot ${XDG_CONFIG_HOME}/user-share
PidFile pid
LockFile lock
LogLevel crit
#LogLevel info
ErrorLog log

to

cat /usr/share/gnome-user-share/dav_user_2.2.conf
ServerRoot ${XDG_CONFIG_HOME}/user-share
PidFile pid
LockFile lock
Loglevel debug
#LogLevel crit
##LogLevel info
ErrorLog log

+ an untick/tick of the public file share option with Password Required set to always as well as password set. Following log file has been generated :

c cat ~/.config/user-share/log
[Tue May 12 19:36:43 2009] [notice] SELinux policy enabled; httpd running as context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
[Tue May 12 19:36:43 2009] [notice] Digest: generating secret for digest authentication ...
[Tue May 12 19:36:43 2009] [notice] Digest: done
[Tue May 12 19:36:43 2009] [notice] Apache/2.2.11 (Unix) DAV/2 configured -- resuming normal operations
[Tue May 12 19:36:43 2009] [info] Server built: Mar 17 2009 09:15:10
[Tue May 12 19:36:43 2009] [debug] prefork.c(1001): AcceptMutex: sysvsem (default: sysvsem)
Comment 5 Matthias Clasen 2009-05-13 00:56:23 EDT
The patch in http://bugzilla.gnome.org/show_bug.cgi?id=582373 helps a bit. It seems to fix the problem with 'Always'. The issue with 'When writing files' is still there.
Comment 6 Matthias Clasen 2009-05-13 01:21:23 EDT
Test packages are here: https://koji.fedoraproject.org/koji/buildinfo?buildID=101952
Comment 7 louy2k 2009-05-15 01:38:02 EDT
Sorry but Test Packages seem out of reach :

Connection returns "ssl_error_handshake_failure_alert" after certificate has been accepted.
Comment 8 Matthias Clasen 2009-05-16 01:17:12 EDT
Does http://koji.fedoraproject.org/koji/buildinfo?buildID=101952 work better ?
Comment 9 louy2k 2009-05-16 05:25:21 EDT
The provided link works better. Thks

I've installed all concerned packages and rebooted the system.

here's the resulting log :

------------------ Ticking the share
[Sat May 16 11:07:29 2009] [notice] SELinux policy enabled; httpd running as context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
[Sat May 16 11:07:29 2009] [notice] Digest: generating secret for digest authentication ...
[Sat May 16 11:07:29 2009] [notice] Digest: done
[Sat May 16 11:07:29 2009] [notice] Apache/2.2.11 (Unix) DAV/2 configured -- resuming normal operations
[Sat May 16 11:07:29 2009] [info] Server built: Mar 17 2009 09:15:10
[Sat May 16 11:07:29 2009] [debug] prefork.c(1001): AcceptMutex: sysvsem (default: sysvsem)
-------------------- Try to access read protected share
[Sat May 16 11:08:19 2009] [error] [client 192.168.0.12] Digest: user `guest' in realm `Please log in as the user guest' not found: /

-------------------- END OF LOG

Commment :
The validation after password input falls back to a password input dialog box but without any password status option (remove immediately, keep until end of session, remember forever as they are shown at first connect attempt).

Hope this helps.
Comment 10 Tomáš Bžatek 2009-05-20 11:34:28 EDT
(In reply to comment #5)
> The patch in http://bugzilla.gnome.org/show_bug.cgi?id=582373 helps a bit. It
> seems to fix the problem with 'Always'. The issue with 'When writing files' is
> still there.  
Confirming, that patch fixes the issue with 'Always'.

The issue with 'When writing files' is more complicated as we can present password prompt to the user only during mount operation. The soup "authenticate" callback for other situations is handled by passing the credentials we retrieved during the mount operation, no UI interaction there.

(In reply to comment #9)
> Commment :
> The validation after password input falls back to a password input dialog box
> but without any password status option (remove immediately, keep until end of
> session, remember forever as they are shown at first connect attempt).
Can you please clarify this? What do you mean by 'fall back' here? Does it show password prompt twice? Or you don't see the password save options?
Comment 11 louy2k 2009-05-21 05:29:39 EDT
Answering comment #10

Sorry 'fall back' isn't correct indeed.
What I meant is that the password dialog box pops up again after first pwd input validation, but without password retaining policy options (password save options).

gvfs updated to regular 1.2.3.2 packages.
Firewall remains deactivated, connection from xxx session to xxx's shared public files

Here's the log for feature activation and connection attempts :

[Thu May 21 10:42:49 2009] [notice] SELinux policy enabled; httpd running as context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
[Thu May 21 10:42:49 2009] [notice] Digest: generating secret for digest authentication ...
[Thu May 21 10:42:49 2009] [notice] Digest: done
[Thu May 21 10:42:49 2009] [notice] Apache/2.2.11 (Unix) DAV/2 configured -- resuming normal operations
[Thu May 21 10:42:49 2009] [info] Server built: Mar 17 2009 09:15:10
[Thu May 21 10:42:49 2009] [debug] prefork.c(1001): AcceptMutex: sysvsem (default: sysvsem)
[Thu May 21 11:09:35 2009] [error] [client 192.168.0.12] Digest: user `guest' in realm `Please log in as the user guest' not found: /

Cancellation brings a pop-up saying "Impossible to mount ...."/"HTTP Error : Cancelled"

SELinux policy error/warning hasn't been commented yet ... Couldn't it be a source of problem ?
Comment 12 Tomáš Bžatek 2009-05-21 07:47:41 EDT
(In reply to comment #11)
> What I meant is that the password dialog box pops up again after first pwd
> input validation, but without password retaining policy options (password save
> options).
weird... can you please run `GVFS_DEBUG=1 /usr/libexec/gvfsd -r`, go through your usual mount operation and attach the output here?

> [Thu May 21 11:09:35 2009] [error] [client 192.168.0.12] Digest: user `guest'
> in realm `Please log in as the user guest' not found: /
I don't like this message. Can you please disable sharing, rm -rf ~/.config/user-share and set up sharing again (including password)?

The ~/.config/user-share/passwd should look like
"guest:Please log in as the user guest:908d85a6f2b7d74f0dba259b3a7c148b"

> SELinux policy error/warning hasn't been commented yet ... Couldn't it be a
> source of problem ?  
The SELinux message you posted is correct. Are there any denials in dmesg? Does `sealert -b` show any suspicious denials related to gnome-user-share? Does `setenforce 0` help in this case?
Comment 13 louy2k 2009-05-22 09:52:01 EDT
Please find the requested results :

GVFS_DEBUG=1 /usr/libexec/gvfsd -r
Added new job source 0x8c60c48 (GVfsBackendDav)
Queued new job 0x8c6a800 (GVfsJobMount)
+ mount
+ soup_authenticate_interactive (first auth) 
- soup_authenticate 
+ soup_authenticate_interactive (retrying) 
- soup_authenticate 
send_reply, failed: 1


cat '/home/luc/.config/user-share/passwd' 
guest:Veuillez vous connecter en tant qu'utilisateur invité:8782752615992b11a150323301bb750a

dmesg.log in following attachment.
Comment 14 louy2k 2009-05-22 09:54:04 EDT
Created attachment 345094 [details]
dmesg  output

No problem reported IMO.
Comment 15 louy2k 2009-05-22 09:56:19 EDT
Forgot to say "sealert -b" is empty
Comment 16 Tomáš Bžatek 2009-06-02 11:59:01 EDT
Thanks for the outputs, so far it all looks correct.

(In reply to comment #13)
> cat '/home/luc/.config/user-share/passwd' 
> guest:Veuillez vous connecter en tant qu'utilisateur
> invité:8782752615992b11a150323301bb750a
Did you try to delete the settings and set it up again? No idea what else can be broken here...
Comment 17 louy2k 2009-06-08 00:14:58 EDT
Yes I once again did. No change, as far as I can notice.

Trying to sum up the issue I came to list 3 relevant issues IMHO :

1) The pop up dialog to connect to the ressource displays the following quoted sentence :
"Saisissez le mot de passe pour Please log in as the user guest"
This prompt is a sentence that combines localized language, i.e. french and "system language", i.e. english. Intriguing ...

2) Moreover the ~/.config/user-share/passwd contains localized sentence ("Veuillez vous connecter en tant qu'utilisateur invité") highly possible to be the french translation of the system part of the prompt previously mentioned in 1)

3) To end with this subject the log file sums up the authentication failure as follows : "user `guest' in realm `Please log in as the user guest' not found: /"
Now we learn that the name of the realm the user 'guest' is expected to be acknowledged by is equivalent to the system part of the sentence commented in 1). I remember you saying in comment #12 you didn't like that sentence.

=> The localized sentence contained in ~/.config/user-share/passwd is never displayed on the screen during the authentication process, Intriguing ...

=> This is my two cents comment of course, but as you seem to have no issue on your fedora system which I suppose to be in english, couldn't it be a issue due to localization causing problems on my side ?
Comment 18 Tomáš Bžatek 2009-06-08 05:45:52 EDT
You're right, I'm finally able to reproduce and debug this issue. Localization is the problem here. I'll keep you posted about the progress.
Comment 19 louy2k 2009-06-08 12:17:38 EDT
Thks for reply, sorry for cerebral latence, I should have figured out earlier I guess. Wishing you the best & because of the RC to come, hoping you don't to much of a pressure, if any. ;)
Comment 20 Bug Zapper 2009-06-09 11:37:28 EDT
This bug appears to have been reported against 'rawhide' during the Fedora 11 development cycle.
Changing version to '11'.

More information and reason for this action is here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 21 Tomáš Bžatek 2009-06-23 11:20:28 EDT
I've opened an upstream bug, describing my findings. My idea proved not to be working, expecting a little stupid mistake there.

http://bugzilla.gnome.org/show_bug.cgi?id=586755
Comment 22 Bastien Nocera 2009-06-29 05:53:33 EDT
*** Bug 505060 has been marked as a duplicate of this bug. ***
Comment 23 Fedora Update System 2009-08-20 08:22:34 EDT
gnome-user-share-2.26.0-3.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/gnome-user-share-2.26.0-3.fc11
Comment 24 Fedora Update System 2009-08-21 21:06:44 EDT
gnome-user-share-2.26.0-3.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 25 Mickey Knox 2010-02-20 08:49:56 EST
I am having the issue described above running gnome-user-share-2.28.2-1.fc12 with a german-localized user environment.
Comment 26 Mickey Knox 2010-02-20 08:57:18 EST
Loglevel debug revealed:

$ grep error .config/user-share/log 
[Sat Feb 20 14:53:46 2010] [error] [client 192.168.1.2] Digest: user `guest' in realm `Bitte melden Sie sich als Gastbenutzer an' not found: /
$ cat .config/user-share/passwd 
guest:Please log in as the user guest:0f00a00abf0b685d9dc948fd56f62878
Comment 27 Tomáš Bžatek 2010-02-22 08:31:27 EST
(In reply to comment #26)
> [Sat Feb 20 14:53:46 2010] [error] [client 192.168.1.2] Digest: user `guest' in
> realm `Bitte melden Sie sich als Gastbenutzer an' not found: /
You're right, this shouldn't be localized. Fixed upstream, will package it to F12 and F13 soon.

http://git.gnome.org/browse/gnome-user-share/commit/?id=1a2aff08c16c87fcae10563acd9485624a5e262d
Comment 28 Fedora Update System 2010-02-22 09:47:18 EST
gnome-user-share-2.28.1-5.fc13 has been submitted as an update for Fedora 13.
http://admin.fedoraproject.org/updates/gnome-user-share-2.28.1-5.fc13
Comment 29 Fedora Update System 2010-02-22 09:48:09 EST
gnome-user-share-2.28.2-2.fc12 has been submitted as an update for Fedora 12.
http://admin.fedoraproject.org/updates/gnome-user-share-2.28.2-2.fc12
Comment 30 Fedora Update System 2010-02-24 01:15:58 EST
gnome-user-share-2.28.2-2.fc12 has been pushed to the Fedora 12 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.