Bug 4640 - cifs: -o guest yields root login
Summary: cifs: -o guest yields root login
Alias: None
Product: CifsVFS
Classification: Unclassified
Component: user space tools (show other bugs)
Version: 2.6
Hardware: Other Linux
: P3 normal
Target Milestone: ---
Assignee: Steve French
QA Contact:
URL: http://bugs.debian.org/423971
: 4039 (view as bug list)
Depends on:
Reported: 2007-05-19 02:17 UTC by Christian Perrier (dead mail address)
Modified: 2009-05-15 10:51 UTC (History)
3 users (show)

See Also:

login as anonymous for -o guest option to mount.cifs command (580 bytes, patch)
2009-02-20 13:31 UTC, shirishpargaonkar@gmail.com
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Christian Perrier (dead mail address) 2007-05-19 02:17:13 UTC
THis was reported in Debian (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=423971)

I can also reproduce this with the following simple smb.conf:
   guest account = nobody
   invalid users = root
   workgroup = MAISON
   server string = Le portable de Kiki (samba %v)

   comment = Home Directories
   browseable = yes
   read only = no
   create mode = 0700

read only=no

root@mykerinos:/etc/samba> mount -t smbfs -o guest // /mnt
Anonymous login successful
root@mykerinos:/etc/samba> umount /mnt
root@mykerinos:/etc/samba> mount -t cifs -o guest // /mnt --verbose
parsing options: rw,guest

mount.cifs kernel mount options unc=//\public,ip=,user=root,ver=1,rw,guest
mount error 13 = Permission denied
Refer to the mount.cifs(8) manual page (e.g.man mount.cifs)
Comment 1 Steve French 2007-07-20 16:22:19 UTC
The man page (for both smbfs and cifs) specifies:

          Don't prompt for a password

I agree that it would make sense for cifs to retry on authentication failure with anonymous user (and also I agree that user mount should try to authenticate with the user not user, although the issue of default uid/gid when mounted to Windows ie bug 4780 needs to be fixed).

My initial reaction is that the man page behavior must be followed (no prompt), and that we should attempt to authenticate with the "default" username (either root if we are mounted as root or the user's uid if we are doing a user mount) but that we should allow automatic retry (null user authentication, ie "username=" ie an empty string) if root can not authenticate due to access denied on session setup and perhaps one or two other errors (like a TConX access denied failure).  If username  "root" can authenticate as "guest" successfully, why retry as anonymous (null user)?
Comment 2 Steve French 2007-07-20 16:23:59 UTC
Didn't you send a patch to me for this once (retrying failed guest mounts as anonymous userid)?  Was it a kernel or userspace patch?
Comment 3 Debian samba package maintainers (PUBLIC MAILING LIST) 2009-01-31 12:07:30 UTC
Bug still in samba 3.2.5 (kernel 2.6.25)
Comment 4 shirishpargaonkar@gmail.com 2009-02-18 05:13:49 UTC
Will spend some time today on this bug and try to get resolved.
Comment 5 shirishpargaonkar@gmail.com 2009-02-18 09:41:19 UTC
I think this depends on the server. What is the cifs/smb server?

I tried it against a samba server Version 3.2.5-1.3 (smbd -V) from two
different linux clients and it works.  Against a samba server
Version 3.0.22-3 it did not from either of those two cifs client.

cifstest4 is running samba server version 3.0.22
cifstest8 is running samba server version 3.2.5

cifstest6:~ # uname -r

cifstest6:~ # mount -t cifs //cifstest4/share /mnt/smb_a -o guest
mount error 13 = Permission denied

cifstest6:~ # mount.cifs //cifstest8/smb8 /mnt/smb_a -o guest

cifstest6:~ # mount
//cifstest8/smb8 on /mnt/smb_a type cifs (rw,mand)


linux-nfs1:~ # uname -r

linux-nfs1:~ # mount -t cifs //cifstest4/share /mnt/smb_t -o guest
mount error 13 = Permission denied

linux-nfs1:~ # mount -t cifs //cifstest8/smb8 /mnt/smb_t -o guest

linux-nfs1:~ # mount
//cifstest8/smb8 on /mnt/smb_t type cifs (rw,mand)
Comment 6 Debian samba package maintainers (PUBLIC MAILING LIST) 2009-02-18 12:50:38 UTC
See additionnal details in the linked Debian bug. That bug finally turns out to be only a wishlist bug for a behaviour change wrt mount.smbfs
Comment 7 shirishpargaonkar@gmail.com 2009-02-20 13:31:09 UTC
Created attachment 3949 [details]
login as anonymous for -o guest option to mount.cifs command

Fix mount.cifs code to network login as anonymous user during -o guest
option of mount.cifs command
Comment 8 Steve French 2009-03-07 11:11:05 UTC
Should be fixed in current Samba development trees (3.3 and 3.2 series) and will be in next stable Samba releases (fix to mount.cifs)
Comment 9 Steve French 2009-05-15 10:51:47 UTC
*** Bug 4039 has been marked as a duplicate of this bug. ***