netbsd-bugs: kern/32513: smbfs forbids anonymous mounts

Subject: kern/32513: smbfs forbids anonymous mounts
To: None <kern-bug-people@netbsd.org, gnats-admin@netbsd.org,>
From: None <mlelstv@serpens.de>
List: netbsd-bugs
Date: 01/12/2006 21:10:00
>Number:         32513
>Category:       kern
>Synopsis:       smbfs forbids anonymous mounts
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Jan 12 21:10:00 +0000 2006
>Originator:     Michael van Elst
>Release:        NetBSD 3.0_STABLE
>Organization:
-- 
                                Michael van Elst
Internet: mlelstv@serpens.de
                                "A potential Snark may lurk in every tree."
>Environment:
	
	
System: NetBSD henery 3.0_STABLE NetBSD 3.0_STABLE (HENERY) #23: Thu Jan 12 21:50:28 CET 2006 src@henery:/usr/obj/home/src/sys/arch/i386/compile/HENERY i386
Architecture: i386
Machine: i386
>Description:
smbfs forbids anonymous mounts.

The default for mount_smbfs is to access the SMB server with
a username identical to the currently logged in user. You
can specify a different user in the path string as //user@server/
or with the undocumented option -U. However, the first doesn't
parse an empty username and the second is filtered out later.

The kernel part in sys/netsmb does support anonymous mounts
by chosing an empty username and an empty password. But here
again, the username is validated as being non-empty.

>How-To-Repeat:
% mount_smbfs -U "" -N -I server-ip '//*SMB-SERVER/share' /mnt
mount_smbfs: unable to open connection
mount_smbfs: mount error for /mnt: Socket is not connected

>Fix:
Removing all the checks for an empty username makes anonymous
mounts work. I didn't try to patch the path parser to allow
//@server/share, documenting -U however should be enough.

Index: dist/smbfs/lib/smb/ctx.c
===================================================================
RCS file: /cvsroot/src/dist/smbfs/lib/smb/ctx.c,v
retrieving revision 1.9
diff -u -r1.9 ctx.c
--- dist/smbfs/lib/smb/ctx.c	21 Mar 2004 12:30:51 -0000	1.9
+++ dist/smbfs/lib/smb/ctx.c	12 Jan 2006 21:05:24 -0000
@@ -508,11 +508,13 @@
 		smb_error("no server name specified", 0);
 		return EINVAL;
 	}
+#ifdef NOANON
 	if (ssn->ioc_user[0] == 0) {
 		smb_error("no user name specified for server %s",
 		    0, ssn->ioc_srvname);
 		return EINVAL;
 	}
+#endif
 	if (ctx->ct_minlevel >= SMBL_SHARE && sh->ioc_share[0] == 0) {
 		smb_error("no share name specified for %s@%s",
 		    0, ssn->ioc_user, ssn->ioc_srvname);
Index: sys/netsmb/smb_usr.c
===================================================================
RCS file: /cvsroot/src/sys/netsmb/smb_usr.c,v
retrieving revision 1.10
diff -u -r1.10 smb_usr.c
--- sys/netsmb/smb_usr.c	26 Feb 2005 22:39:50 -0000	1.10
+++ sys/netsmb/smb_usr.c	12 Jan 2006 21:05:24 -0000
@@ -67,8 +67,10 @@
 	int flags = 0;
 
 	bzero(spec, sizeof(*spec));
+#ifdef NOANON
 	if (dp->ioc_user[0] == 0)
 		return EINVAL;
+#endif
 	if (dp->ioc_server == NULL)
 		return EINVAL;
 	if (dp->ioc_localcs[0] == 0) {

>Unformatted: