Greetings, I have just updated my laptop to Samba 4.7 and immediately found out that I cannot access any shared data on our departmental server. The server (running CentOS 7.4 and Samba 4.6) requires valid login credentials which are checked against a DC. I use KDE's Dolphin file manager to access the shares. Dolphin's SMB plugin expects libsmbclient to return either EPERM or EACCES if the server rejects the login credentials. The libsmbclient that came with Samba 4.7 update returns EEXIST instead. I have verified that this is really happening with "smbbrowse2.c" example code supplied with Samba sources. Note that EEXIST is returned only when I try to access a "top-level" directory (a share) on the server. If I to access a directory within a share that I do not have access to, EPERM is returned. Here is a sample output from the slightly modified "testbrowse2.c" /(unknown_group)/ect228-srv/root Cannot open remote directory, errno: 17 (File exists) /(unknown_group)/ect228-srv/guests /(unknown_group)/ect228-srv/guests/ecguest1 /(unknown_group)/ect228-srv/instruments /(unknown_group)/ect228-srv/instruments/308_CE1600-N /(unknown_group)/ect228-srv/instruments/308_CE1600-A /(unknown_group)/ect228-srv/home /(unknown_group)/ect228-srv/home/kalusm Cannot open remote directory, errno: 13 (Permission denied) /(unknown_group)/ect228-srv/home/a6-22 Cannot open remote directory, errno: 13 (Permission denied) /(unknown_group)/ect228-srv/home/kucerog1 Cannot open remote directory, errno: 13 (Permission denied) /(unknown_group)/ect228-srv/home/ordogovm Cannot open remote directory, errno: 13 (Permission denied) /(unknown_group)/ect228-srv/home/boublikm Cannot open remote directory, errno: 13 (Permission denied) /(unknown_group)/ect228-srv/home/zuskova Cannot open remote directory, errno: 13 (Permission denied) /(unknown_group)/ect228-srv/home/vcelakov Cannot open remote directory, errno: 13 (Permission denied) /(unknown_group)/ect228-srv/home/kalikova Cannot open remote directory, errno: 13 (Permission denied) /(unknown_group)/ect228-srv/home/tesarove Cannot open remote directory, errno: 13 (Permission denied) /(unknown_group)/ect228-srv/home/ansorgem Cannot open remote directory, errno: 13 (Permission denied) /(unknown_group)/ect228-srv/home/dubsky Cannot open remote directory, errno: 13 (Permission denied) /(unknown_group)/ect228-srv/home/malymi /(unknown_group)/ect228-srv/home/malymi/some_file.txt Downgrading back to Samba 4.6 or making Dolphin's SMB plugin recognize the EEXIST retcode as a case of invalid credentials fixes the issue for me. Is this behavior expected with Samba 4.7?
I too have seen this issue. When the credentials are invalid when accessing a samba share we don't get the expected error number with samba 4.7.0; EEXIST is returned instead. Downgrading to 4.6.8 fixes the issue. After investigating the issue seems to be happening the the cli_shutdown code called from source3/libsmb/libsmc_server.c: 563 status = cli_tree_connect_creds(c, share, "?????", creds); 564 if (!NT_STATUS_IS_OK(status)) { 565 errno = map_errno_from_nt_status(status); 566 cli_shutdown(c); 567 return NULL; 568 } In this instance, the cli_shutdown is called after setting the errno, however throughout this file the errno is set after the cli_shutdown is called. So my suggested patch for this is to do the same here and set the errno after cli_shutdown: 563 status = cli_tree_connect_creds(c, share, "?????", creds); 564 if (!NT_STATUS_IS_OK(status)) { 565 cli_shutdown(c); 566 errno = map_errno_from_nt_status(status); 567 return NULL; 568 }
Created attachment 13751 [details] potential fix
Tested the recommendation by Donna and this does resolve the issue in Dolphin. It returns the behavior to 4.6x.
(In reply to David Mulder from comment #3) Any chance we can get a test for this in our automated test suite, so we don't regress here again?
Is this bug open or resolved ?
Dolphin has worked around the issue so users aren't affected, but the underlying issue in Samba remains.
(In reply to Nathaniel Graham from comment #6) Okay. Thanks.
This is fixed with commit 7470b9b18af282a742929d3fc90f4be5520428a1 in Samba 4.8.0 and above. Do you need a back-port for 4.7.next also ? CC:ing Jim on this one as he +1'ed the original patch from SuSE.
Created attachment 14100 [details] git-am fix for 4.7.next. Cherry-pick from master.
Let me know if this gets backported to 4.7.x (and what version it makes it into) so I can know what versions we can revert our workaround for.
Comment on attachment 14100 [details] git-am fix for 4.7.next. LGTM
Karolin, please add the fix to 4.7. Thanks!
(In reply to Andreas Schneider from comment #12) Pushed to autobuild-v4-7-test.
(In reply to Karolin Seeger from comment #13) Pushed to v4-7-test. Closing out bug report. Thanks!