mount_smbfs

Daisuke Aoyama aoyama at peach.ne.jp
Fri Jan 23 18:07:08 UTC 2015 

Hello,

> On Jan 16, 2015, at 19:53, Dan Raymond <draymond at foxvalley.net> wrote:
>>
>> Any reason why mount_smbfs is missing?
>>
>> # ls -la /sbin/mount*
>> -r-xr-xr-x  1 root  wheel  20628 Nov 24 05:30 /sbin/mount
>> -r-xr-xr-x  1 root  wheel  10156 Nov 24 05:30 /sbin/mount_cd9660
>> -r-xr-xr-x  1 root  wheel  14324 Nov 24 05:30 /sbin/mount_fusefs
>> -r-xr-xr-x  2 root  wheel  12200 Nov 24 05:30 /sbin/mount_mfs
>> -r-xr-xr-x  1 root  wheel  10896 Nov 24 05:30 /sbin/mount_msdosfs
>> -r-xr-xr-x  2 root  wheel  21164 Nov 24 05:30 /sbin/mount_nfs
>> -r-xr-xr-x  1 root  wheel   7200 Nov 24 05:30 /sbin/mount_nullfs
>> -r-xr-xr-x  2 root  wheel  21164 Nov 24 05:30 /sbin/mount_oldnfs
>> -r-xr-xr-x  1 root  wheel   8772 Nov 24 05:30 /sbin/mount_udf
>> -r-xr-xr-x  1 root  wheel   7852 Nov 24 05:30 /sbin/mount_unionfs
>
> Probably because no one tested it on arm.  Does it work for you if you build it manually?

I've tested mount_smbfs. It seems a word alignment bug similar C++ exception I wrote few days 
ago.
http://lists.freebsd.org/pipermail/freebsd-arm/2015-January/009998.html

Because of this, you will send bogus name to SMB sever like:

# mount_smbfs -I 172.18.0.241 -E UTF-8:UTF-8 //aoyama at nas4free/hast /smb
a bug somewhere in the nb_name* code
a bug somewhere in the nb_name* code

I don't know this crash the server.

/usr/src/contrib/smbfs/lib/smb/nb_name.c:
----------------------------------------------------------------------
call nb_name_encode() with snb->snb_name (malloced aligned buffer)

     92         error = nb_snballoc(nmlen, &snb);
     93         if (error)
     94                 return error;
     95         if (nmlen != nb_name_encode(np, snb->snb_name))
     96                 printf("a bug somewhere in the nb_name* code\n");

buffer used as u_short* but cp is odd address due to L.165.

    162         u_char *cp = dst;  // dst = snb->snb_name

    165         *cp++ = NB_ENCNAMELEN; // cp is odd address after this
    166         name = np->nn_name;
    167         if (name[0] == '*' && name[1] == 0) {
    168                 *(u_short*)cp = NBENCODE('*');  // BUG!! write odd address with 16bit 
width access

    173                         *(u_short*)cp = NBENCODE(toupper(*name)); // same

    179                 *(u_short*)cp = NBENCODE(np->nn_type); // same

    182         *cp = 0;
----------------------------------------------------------------------
So, we need byte access here, too :D
Quick hack patch is attached.

How to use this patch:
----------------------------------------------------------------------
If you don't have source tree, check out with your kernel version specified by "-r".
# uname -v
FreeBSD 11.0-CURRENT #0 r277169M: Wed Jan 14 22:06:07 JST 2015 
aoyama at fbs11.local:/usr/local/src/crochet-freebsd/work/obj/arm.armv6/usr/src/sys/RPI-B-test22
# svnlite checkout -r 277169 svn://svn.FreeBSD.org/base/head /usr/src

Apply the patch
# cd /usr/src
# patch < /path/to/nb_name.c.patch

Build the patched library and required files
# cd /usr/src/lib/libsmb
# make && make install

# cd /usr/src/sys/modules/smbfs
# make && make install

# cd /usr/src/usr.sbin/mount_smbfs
# make && make install

Now you have mount_smbfs. Try to connect SMB server:

# mkdir /smb
# mount_smbfs -I 172.18.0.241 -E UTF-8:UTF-8 //aoyama at nas4free/hast /smb
Password:

# df -h
Filesystem                Size    Used   Avail Capacity  Mounted on
/dev/mmcsd0s3a             28G    6.2G     20G    24%    /
devfs                     1.0K    1.0K      0B   100%    /dev
/dev/mmcsd0s1              19M    7.1M     12M    37%    /boot/msdos
tmpfs                      64M    4.0K     64M     0%    /tmp
tmpfs                     8.0M    4.0K    8.0M     0%    /var/tmp
//AOYAMA at NAS4FREE/HAST    992M    322M    669M    32%    /smb

It works! In server side, you can see the client machine name like this:

nas4free-testb: ~ # smbstatus -d0 -b

Samba version 4.1.16
PID     Username      Group         Machine
-------------------------------------------------------------------
3946      aoyama        admin         raspberry-pi (ipv4:172.18.0.148:56979)

nas4free-testb: ~ # ifconfig carp0
carp0: flags=49<UP,LOOPBACK,RUNNING> metric 0 mtu 1500
        inet 172.18.0.241 netmask 0xffff0000
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
        carp: MASTER vhid 1 advbase 1 advskew 100
----------------------------------------------------------------------

Try it yourself.
-- 
Daisuke Aoyama
  
-------------- next part --------------
A non-text attachment was scrubbed...
Name: nb_name.c.patch
Type: application/octet-stream
Size: 1420 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-arm/attachments/20150124/0ffabe27/attachment.obj>

More information about the freebsd-arm mailing list