Hi, I've collected all recent SMB issues in gvfs/Nautilus and made a quick summary. Some of the issues were discussed with gicmo and seb128 last week. I wanted to open a discussion on the major design issues before we start implementing something. (Some bugs listed here may be Fedora-only bugs, I haven't started filing their counterparts in Gnome bugzilla yet). Authentication in gvfs-smb-browse and gvfs-smb http://bugzilla.gnome.org/show_bug.cgi?id=524485 https://bugzilla.redhat.com/show_bug.cgi?id=446822 - judging from the number of bugs filed after final Fedora 9 release, people are having problems accessing their SMB shares. The big issue here is that list of shares differs with different username. So we need to allow user choose username (and domain) before exploring the server. Anonymous login should not be default anymore. - UI-wise there are several possibilities: 1. Present user the password dialog (with gnome-keyring integration of course) having an anonymous option there. Check the attachment for illustration. One way or another this is rather annoying, when browsing several servers in short time. 2. Use anonymous login by default (if possible, otherwise show login dialog) and display cluebar in Nautilus (similar to the one in n-c-b) allowing user to switch user. 3. Integrate a menu item somewhere (popup menu over the SMB server icon) allowing to set/switch user. - anyway credentials used to browse the server should be used too when mounting the particular share - but here we have an issue with two separate gvfs backends having need to communicate between each other. If possible, I want to avoid code duplication in both backends. - other thing to care about: don't show any prompt dialogs when having valid kerberos tickets, but of course allow fallback to password entry when krb login fails (this is something libsmbclient does transparently). Mountspec issues - duplicate mount icons on desktop https://bugzilla.redhat.com/show_bug.cgi?id=443049 https://bugzilla.redhat.com/show_bug.cgi?id=448008 https://bugzilla.redhat.com/show_bug.cgi?id=443038 - ok, we're setting real username and domain after successful mount now, but: - "gvfs-mount -l" output is wrong, should list URIs containing username and domain (if set). Now it only returns server/share, while is naturally possible to have one share mounted under different usernames. --> modify client/smburi.c - we have username, domain, server and share parameters available to be set into mountspec. However username and domain shouldn't be set unless we really need them. At the moment, non-anonymous mounts have both username and domain set which confuses Nautilus. This causes troubles when user gvfs-mount's smb://server/share but gvfs-ls can't find this location mounted then because it has username and domain set in mountspec. - the domain problem: libsmbclient accepts any domain string and still usually connects to the share. Sometimes even in ADS domain (weird). We need to detect when domain is really required to be set in order to connect to a server. Domain name doesn't get propagated to backend http://bugzilla.gnome.org/show_bug.cgi?id=533083 - domain is used correctly during login and is set to mountspec. To be closed when the previous described issue is resolved. Kerberos authentication issues http://bugzilla.gnome.org/show_bug.cgi?id=524498 https://bugzilla.redhat.com/show_bug.cgi?id=445119 - as stated in the bug, we need to supply libsmbclient a fake username. Keep this in mind when making changes to authentication system in the backend. - good manual about setting up samba + kerberos: https://help.ubuntu.com/community/Samba/Kerberos "Cannot mount smb share when its subdirs are accessible but its root not" http://bugzilla.gnome.org/show_bug.cgi?id=529277 - patch needs to be redone. Basically, we always try to mount the share root which clearly fails here. Caching will need to be modified too. > smbc_stat(smb://server.dom.ain/DynStor) >> smbc errno NT_STATUS_ACCESS_DENIED -> 13 - the reporter confirmed mounting by path works: > uri = create_smb_uri (op_backend->server, op_backend->share, "bar"); - the best way here would be to mount the share root and when it fails, try mounting the path specified. We're doing two pass stat/login anyway, which the first one is anonymous try, this will add yet another try. - hard to reproduce though - anybody has a sample smb.conf for this? - other way crossing my mind - now we do smbc_stat() only on the share reporting successful mount when no error. However getting listing can fail. Wouldn't be better to try listing of the mounted root and return successful mount only when listing succeeds? Active smb mounts don't get properly resumed after suspend https://bugzilla.redhat.com/show_bug.cgi?id=444496 - general gvfs issue, connection gets broken. Backends should be able to re-establish their connections, using credentials from mountspec - need a testing laptop to reproduce this Issues when opening 40GB file from a gvfs-fuse-daemon mount - crashing https://bugzilla.redhat.com/show_bug.cgi?id=448081 - testing needed, perhaps already fixed by recent fuse-daemon patches in trunk. - we should test large file handling (> 4GB) across various samba servers (incl. Windows), otherwise I don't see any reason to fail. DFS Issues - to be tested: set up a distributed file system network running several Windows Servers and try to access a DFS share -- Tomas Bzatek
Attachment:
Screenshot-Enter Password.png
Description: PNG image
