smbfs AD support (was Re: CIFS VFS posted)

Urban Widmark urban at
Fri Jun 21 05:34:02 GMT 2002

On Fri, 21 Jun 2002, Andrew Bartlett wrote:

> Silly mapping bug?  NTSTATUS -> dos stuff?

No, NTSTATUS -> linux errno value. The patch makes smbfs use NTSTATUS
codes and maps dos -> NTSTATUS for old systems.

> As to smbmount, would you like the 'negotiate' patches put into Samba
> HEAD?  I'm *very* interested in the kerberos stuff, particularly with
> Samba unix extenstions.

Attached. It will mount with that if you have a kerberos ticket and
specify the 'krb' option, but you will get the wrong error codes in smbfs
and some things will stop working. This patch helps, but has bugs:

The error code numbers are spread out so I used separate arrays to make
them more compact. But I think I just made it complicated, and the bug
being in that part proves that I made a mess of it.

I have some other stuff I should have gotten into samba 2.2 long ago, most
of that wants to be in HEAD too. I'm going to add this together with that,
once I get everything cleaned up.

> Possibly becouse Samba client code is *ugly* :-).

Is it beyond repair?

And fixing the samba client code also helps smbclient and smbwrapper, as
well as any external libsmb users. Or?

If there wasn't a performance loss (which I believe it is), a cool thing
would be to make smbfs a userspace filesystem re-using the libsmb code
directly. Others have suggested this, but not done much about it.

> The idea there is just like smbmount - the syntax comes from a desire to
> be a bit like NT, and an attempt to get just one client utility -
> instead of a small gaggle of little, undocumented utilities.

But having a command for mounting like NT is just bad. _Please_ don't.

People want to put filesystems in /etc/fstab[1], in autofs maps and unless
there is a good reason to be different the way to do things is to use
mount as the interface.

To reduce confusion it should be the only interface and it should work
exactly like mount always does. This is what people expect from a
filesystem and smbfs and ncpfs are the ugly ducklings in the linux kernel
for not being like the others.

'net use' can be a frontend to mount that does absolutely nothing except
rearrange the options. Well, the user could do that themselves so it seems
rather pointless to me.

Or it is a command that does some work before passing them to mount, eg
name lookups. If you do that you get something that doesn't work equally
from fstab.

The old smbmount/smbclient syntax was, er ... interesting?

The current smbmount makes it work with mount, but some things break such
as user mounts with noexec/nosuid flags. smbmount is not a model to copy.
Adding fstab parsing to fix these issues will bring down the wrath of
Tridge :) and he is right because you shouldn't duplicate that work.

This could perhaps be fixed by improving mount <-> mount.smbfs
communication, but better by replacing smbmount with smbconnect
("net connect").

smbconnect is just smbmount without the mounting and daemon code. It
patches mount to get the "Password:" prompt for people that needs that and
to not write passwords from the commandline into /etc/mtab. It patches
smbfs to make it call a userspace program for its connections.

But a 'net connect' that connects and places that connection somewhere
(ioctl, /dev, /proc ...) would work just as well. The only request from
the smbfs side is to have some control over which capabilities are sent in
the negotiation.
(eg. smbfs knows if it supports large files, libsmb does not.)

For future DFS support smbconnect allows the dfs directories to be mounted
as new mounts, without having to keep the connection code in the kernel.


[1] - Just search the samba list for people that do that, and the trouble
      they run into when it only sort of works.
      If you want to upset the autofs maintainer, ask him about samba
      1.9.x/2.0.[01234] mount syntax :)
-------------- next part --------------
--- samba-3.0-alpha17.orig/source/client/smbmount.c	Mon Mar 18 04:17:03 2002
+++ samba-3.0-alpha17/source/client/smbmount.c	Mon Apr  1 12:32:19 2002
@@ -44,6 +44,7 @@
 static BOOL have_ip;
 static int smb_port = 0;
 static BOOL got_pass;
+static BOOL use_kerberos;
 static uid_t mount_uid;
 static gid_t mount_gid;
 static int mount_ro;
@@ -152,9 +153,7 @@
 		return NULL;
-	/* SPNEGO doesn't work till we get NTSTATUS error support */
-	c->use_spnego = False;
+	c->use_kerberos = use_kerberos;
 	if (!cli_session_request(c, &calling, &called)) {
 		char *p;
 		DEBUG(0,("%d: session request to %s failed (%s)\n", 
@@ -189,15 +188,14 @@
 	/* This should be right for current smbfs. Future versions will support
 	  large files as well as unicode and oplocks. */
 	c->capabilities &= ~(CAP_UNICODE | CAP_LARGE_FILES | CAP_NT_SMBS |
-	c->force_dos_errors = True;
 	if (!cli_session_setup(c, username, 
 			       password, strlen(password),
 			       password, strlen(password),
 			       workgroup)) {
 		/* if a password was not supplied then try again with a
 			null username */
-		if (password[0] || !username[0] ||
+		if (password[0] || !username[0] || use_kerberos ||
 				!cli_session_setup(c, "", "", 0, "", 0, workgroup)) {
 			DEBUG(0,("%d: session setup failed: %s\n",
 				sys_getpid(), cli_errstr(c)));
@@ -659,6 +657,7 @@
       iocharset=<arg>                 Linux charset (iso8859-1, utf8)\n\
       codepage=<arg>                  server codepage (cp850)\n\
       ttl=<arg>                       dircache time to live\n\
+      krb                             authenticate using kerberos\n\
       guest                           don't prompt for a password\n\
       ro                              mount read-only\n\
       rw                              mount read-write\n\
@@ -778,6 +777,9 @@
 			} else if(!strcmp(opts, "guest")) {
 				*password = '\0';
 				got_pass = True;
+			} else if(!strcmp(opts, "krb")) {
+				use_kerberos = True;
+				got_pass = True;
 			} else if(!strcmp(opts, "rw")) {
 				mount_ro = 0;
 			} else if(!strcmp(opts, "ro")) {

More information about the samba-technical mailing list