Bug 6305 - Net, Inconsistent behaviour with -U flag
Net, Inconsistent behaviour with -U flag
Product: Samba 3.4
Classification: Unclassified
Component: Client Tools
Other Linux
: P3 critical
: ---
Assigned To: Kai Blin
Samba QA Contact
Depends on:
  Show dependency treegraph
Reported: 2009-04-30 10:26 UTC by David Markey
Modified: 2009-06-19 01:29 UTC (History)
3 users (show)

See Also:

use a prompt as last resort (1.18 KB, patch)
2009-05-13 17:01 UTC, Guenther Deschner
no flags Details
Prompt for password in net if -U is specified but no password is given (689 bytes, patch)
2009-06-10 06:50 UTC, Kai Blin
no flags Details
patch for master and 3.4 (1.18 KB, patch)
2009-06-16 08:10 UTC, Guenther Deschner
kai: review+

Note You need to log in before you can comment on or make changes to this bug.
Description David Markey 2009-04-30 10:26:12 UTC
Debian 32bit, 3.4 pre1

debian5:/var/log/samba# /opt/samba/samba-3.4.0pre1/bin/net -Uroot -Sdebian5-34srv  rpc user
Anonymous login successful

Notice i specified the -Uroot, net should ask me for the root password instead of attempting anonymous login.

-Uroot%password works as expected.
Comment 1 David Markey 2009-04-30 12:58:23 UTC
I think this is the chunk of code exhibiting this behavior. And if that comment is anything to go by it'd by design. 

Dunno about you but i dont like having to supply passwords on the command line!

"source3/libsmb/clidfs.c" line 218

               /* If a password was not supplied then
                 * try again with a null username. */
                if (password[0] || !username[0] ||
                        get_cmdline_auth_info_use_kerberos(auth_info) ||
                        !NT_STATUS_IS_OK(cli_session_setup(c, "",
                                                "", 0,
                                                "", 0,
                                               lp_workgroup()))) {
                        d_printf("session setup failed: %s\n", cli_errstr(c));
                        if (NT_STATUS_V(cli_nt_error(c)) ==
                                d_printf("did you forget to run kinit?\n");
                        return NULL;
                d_printf("Anonymous login successful\n");
Comment 2 Guenther Deschner 2009-04-30 17:14:43 UTC
Hm, one way of fixing this would be to prompt for a passord whenever "-U username" gets defined and no password is provided (like in -U username%password).

diff --git a/source3/utils/net.c b/source3/utils/net.c
index 9cd41c5..8144aa2 100644
--- a/source3/utils/net.c
+++ b/source3/utils/net.c
@@ -714,6 +714,9 @@ static struct functable net_func[] = {
                        if (p) {
                                *p = 0;
                                c->opt_password = p+1;
+                       } else {
+                               c->opt_password = net_prompt_pass(c,
+                                                       c->opt_user_name);

Kai, makes sense ?
Comment 3 Guenther Deschner 2009-04-30 17:20:47 UTC
I am afraid this is a 3.3 issue as well.
Comment 4 Kai Blin 2009-05-01 05:23:23 UTC
Looks reasonable, but I'm not sure if this is critical enough to push to 3.3 full ack for 3.4, though. Feel free to attach a real patch for 3.4 here and I'll sign off on it.
Comment 5 Karolin Seeger 2009-05-03 01:48:26 UTC
In my opinion it is critical enough for 3.3.5.
Comment 6 Kai Blin 2009-05-03 02:26:04 UTC
On poking this a bit more, it looks like the libsmb/clidfs.c code asks for a password if none is given in 3.3 (lines 204-214).

On another note, we'd probably have to check for the -k flag as well for the 3.4 patch. Doesn't make much sense to ask for a password if we've got a kerberos ticket.
Comment 7 Guenther Deschner 2009-05-13 16:56:11 UTC
I think I have a fix for at least the portions that use libnetapi inside of net.
Comment 8 Guenther Deschner 2009-05-13 17:01:48 UTC
Created attachment 4149 [details]
use a prompt as last resort

We carefully need to verify at least all "net rpc" commands to verify if we are consistent again.
Comment 9 Kai Blin 2009-05-14 03:36:25 UTC
I don't like it. Talking to the command line from within a lib looks fishy. I think this should be fixed within net, like we discussed in IRC. I opened bug #6357 to track this.
Comment 10 Kai Blin 2009-05-26 03:49:58 UTC
Should be fixed in current master and v3-4-test git trees.
Comment 11 Kai Blin 2009-06-10 06:38:20 UTC
Turns out that the use of popt_common to handle the authentication-related command line options was causing more hassles than it solved. My patch for bug #6460 reverts this. I will prepare a patch to fix this particular issue shortly.
Comment 12 Kai Blin 2009-06-10 06:50:44 UTC
Created attachment 4269 [details]
Prompt for password in net if -U is specified but no password is given

Less intrusive fix for this bug. Günther, please check.
Comment 13 Guenther Deschner 2009-06-16 05:21:00 UTC
For the libnetapi standalone users (all the example code) we need to restore the prompt for passwords as well. This has been pushed to master as 33be1f56f778116a5657b257ffb0f1eb7196658a. Karolin please cherry-pick to 3.4.
Comment 14 Guenther Deschner 2009-06-16 08:10:04 UTC
Created attachment 4295 [details]
patch for master and 3.4

This really needs to go into 3.4
Comment 15 Kai Blin 2009-06-16 10:10:58 UTC
Comment on attachment 4295 [details]
patch for master and 3.4

Not pretty, but 3.3 behaviour. Should be pushed.
Comment 16 Karolin Seeger 2009-06-17 07:23:16 UTC
Pushed 33be1f56f to v3-4-test.
Comment 17 Guenther Deschner 2009-06-18 19:15:15 UTC
Kai, correct me if I'm wrong but as we decided that we revert the changes with https://bugzilla.samba.org/show_bug.cgi?id=6460 we can close this bug for now ?
Comment 18 Kai Blin 2009-06-19 01:28:37 UTC
Comment on attachment 4269 [details]
Prompt for password in net if -U is specified but no password is given

Günther's patch is sufficient, we don't need this one.
Comment 19 Kai Blin 2009-06-19 01:29:27 UTC
Marking bug as fixed.