Bionic desktop verification
With gvfs-backends from the release pocket:
ubuntu@bionic-desktop:~$ apt-cache policy gvfs-backends
gvfs-backends:
Installed: 1.36.1-0ubuntu1.3
Candidate: 1.36.1-0ubuntu1.3
Version table:
*** 1.36.1-0ubuntu1.3 500
500 http://br.archive.ubuntu.com/ubuntu bionic-updates/main amd64
Packages
I get an empty "windows network" tab in the desktop (see attached
screenshot empty-windows-network-before-test.png).
After updating to this package from proposed:
Version table:
*** 1.36.1-0ubuntu1.3.2 500
500 http://br.archive.ubuntu.com/ubuntu bionic-proposed/main amd64
Packages
And logging out and back in, I get a populated windows network tab (see
screenshot populated-windows-network-after-test.png).
I can then connect to the pub share on localhost (see screenshot
connecting-to-pub-after-test.png) and, once that is done, smbstatus shows this
output:
ubuntu@bionic-desktop:~$ sudo smbstatus
Samba version 4.7.6-Ubuntu
PID Username Group Machine
Protocol Version Encryption Signing
----------------------------------------------------------------------------------------------------------------------------------------
3771 nobody nogroup bionic-desktop (ipv4:192.168.122.213:56026)
NT1 - -
3874 ubuntu ubuntu 192.168.122.213 (ipv4:192.168.122.213:32800)
SMB3_11 - partial(AES-128-CMAC)
3807 nobody nogroup bionic-desktop (ipv4:192.168.122.213:56028)
NT1 - -
3762 nobody nogroup bionic-desktop (ipv4:192.168.122.213:56022)
NT1 - -
Service pid Machine Connected at Encryption
Signing
---------------------------------------------------------------------------------------------
IPC$ 3762 bionic-desktop Fri Jun 21 21:07:33 2019 UTC -
-
IPC$ 3807 bionic-desktop Fri Jun 21 21:08:09 2019 UTC -
-
IPC$ 3771 bionic-desktop Fri Jun 21 21:07:37 2019 UTC -
-
pub 3874 192.168.122.213 Fri Jun 21 21:08:30 2019 UTC -
-
No locked files
The connection to the pub share is using SMB3_11.
The connections using NT1 show why
https://bugs.launchpad.net/gvfs/+bug/1828107 is still relevant, but it's
a separate bug. See comment #55 for my reasoning. I think releasing this
update is a step in the right direction.
Bionic verification succeeded.
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gvfs in Ubuntu.
https://bugs.launchpad.net/bugs/1778322
Title:
gvfs-smb-browse can't browse samba/smb tree
Status in gvfs:
Unknown
Status in samba:
Unknown
Status in gvfs package in Ubuntu:
Fix Released
Status in samba package in Ubuntu:
Fix Released
Status in gvfs source package in Bionic:
Fix Committed
Status in samba source package in Bionic:
Fix Released
Status in gvfs source package in Cosmic:
Fix Committed
Status in samba source package in Cosmic:
Fix Released
Bug description:
[Impact]
The so called "browsing a windows network" made use of an SMB1 protocol
version feature. Recent versions of samba, including the one released with
bionic, default to a higher versions of the protocol which lacks this feature.
As a result, the "other locations -> windows network" tab in Nautilus is empty
even when there are windows or samba machines in the network.
Accessing such machines directly, via smb://<name-or-ip>/ type urls,
continues to work.
The fix is two-fold:
- introduce a new samba API call that can be used to set the protocol version
to use
- change applications to make use of this API call to set the protocol versio
to SMB1/NT1 just for the network browsing
gvfs was updated to make use of this api call, if detected at build
time. To complete this SRU, gvfs needs a no-change rebuild *after*
samba was accepted into proposed.
[Test case]
* Launch a bionic desktop vm. You can start with a server one, and then
install the "ubuntu-desktop" package. In the same command, also install the
packages we need for this test:
$ sudo apt update
$ sudo apt install ubuntu-desktop samba smbclient
* set a password for the ubuntu user, so you can login at the graphical
console
$ sudo passwd ubuntu
* set the same password for the ubuntu samba user:
sudo smbpasswd -a ubuntu
* add a simple [pub] share to samba:
$ printf "[pub]\n\tpath=/tmp\n\tguest ok = no\n" | sudo tee -a
/etc/samba/smb.conf
* reboot
$ sudo reboot
* login at the graphical console as the ubuntu user. Go through the
first-user-setup motions as you want.
* try to browse the windows network via "other locations -> windows
network". You will get an empty folder.
* update the samba and gvfs packages
* logout and login again on the gui, browse the windows network again. This
time it will show the "WORKGROUP" folder, and if you click through, you will
see yourself (your VM) and the [pub] share, among others.
* click on the "pub" share, select registered user and login with the
ubuntu credentials you created earlier with smbpasswd.
* in another terminal, run this command to confirm that the SMB protocol
version that was used to connect to [pub] was not just NT1/SMB1, but higher:
$ sudo smbstatus
...
8779 ubuntu ubuntu 192.168.122.94 (ipv4:192.168.122.94:60818)
SMB3_11 - partial(AES-128-CMAC)
Note "SMB3_11" above.
[Regression potential]
The samba update itself just introduces and exposes a new API call. It's up
to other applications to make use of that. gvfs was patched to detect this call
at build time and use it if it's detected.
Packages that are not rebuilt will not see the change, and packages that
*are* rebuilt will only see the change if they make use of it.
[Other Info]
This update introduces a specific runtime dependency between gvfs and
libsmbclient due to the new API call added to the latter. Any package that is
rebuilt with libsmbclient and makes use of that API call will get this specific
dependency. This is handled automatically by dh_mkshlibs.
To complete this SRU, gvfs will need a no-change rebuild after samba
was accepted into proposed.
Disco's gvfs is already using the new call, as can be seen in this build log
https://launchpadlibrarian.net/415424052/buildlog_ubuntu-disco-amd64.gvfs_1.40.0-1_BUILDING.txt.gz:
...
Dependency smbclient found: YES 0.5.0
Checking for function "smbc_setOptionProtocols" with dependency smbclient: YES
The smbc_setOptionProtocols() call is only used when the url is like
"smb:///", or the server cannot be resolved. The downgrade overrides
the setting in smb.conf, and is used just for this case: browsing the
network. When connecting to a machine, the url is like
"smb://<name>/", and then this function we are adding is not called.
I updated the test to actually click on the machine that shows up in
the network browsing, and then check with "smbstatus" which version of
the protocol was used when connecting to an actual share.
---
Nautilus should show smbtree and host on the smb network.
When inputing this command:
killall gvfsd-smb-browse && GVFS_DEBUG=1 /usr/lib/gvfs/gvfsd-smb-browse
You can see the error:
smb-network: Queued new job 0x55b19a2c9f40 (GVfsJobCreateMonitor)
smb-network: send_reply(0x55b19a2c9f40), failed=1 (Action not supported by
the processing engine)
smb-network: backend_dbus_handler org.gtk.vfs.Mount:QueryFilesystemInfo
(pid=5708)
smb-network: Queued new job 0x55b19a2e7820 (GVfsJobQueryFsInfo)
smb-network: send_reply(0x55b19a2e7820), failed=0 ()
smb-network: backend_dbus_handler org.gtk.vfs.Mount:Enumerate (pid=5708)
smb-network: Queued new job 0x55b19a2c30c0 (GVfsJobEnumerate)
smb-network: send_reply(0x55b19a2c30c0), failed=0 ()
Proposed solution:
Add gvfsbackendbrowse-switch-to-NT1.patch disscused on RedHat Bugzilla
[link]https://bugzilla.redhat.com/show_bug.cgi?id=1513394
which implements "change to NT1" in gvfs-smb-browse to browse smbtree to
aviod adding "max client protocol" = NT1" to smb.conf to switch all samba to
unsafe NT1 which most users are doing to correct this bug.
To manage notifications about this bug go to:
https://bugs.launchpad.net/gvfs/+bug/1778322/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
