Fusesmb [was: Community Meeting updates]

Jeff Wishnie jeff at inveneo.org
Sat Jul 19 19:17:49 UTC 2008 

I've played with the fusesmb hack and it has several issues.

The biggest being that it doesn't take care of the most common need  
for SMB network browsing:
- They typically poorly administered Windows file sharing network

In this scenario, various Windows servers and desktops share  
individual folders with different sets of credentials. That is, they  
are _not_ centrally maintained in ActiveDirectory.

As a result, users generally have to know different uname/password  
pairs per share.

E.g.
- to access the 'accounting' share you enter 'accounting/some-passwd'
- to access the 'engineering' share, you enter 'engineer/some-other- 
passwd'

The fusesmb restriction that all connections to SMB servers are made  
as the currently-loged-in user with a password saved in a clear-text  
file means you can _only_ access shares explicitly set-up to be  
readable by that user. Which, in my experience, is rarely how Windows  
networks are set-up.


The Fusesmb solution just doesn't really help much for practical  
applications.

That said, I _really_ need a good solution to SMB file-share browsing/ 
mounting for XFCE.

I was thinking an interesting approach might be to use a couple  
cooperating processes and D-Bus much the way NetworkManager works.

The idea in brief:

- Implement a headless (no UI) SMB mounting daemon to listen for SMB  
mount requests over D-Bus
- Implement a GTK based UI daemon to gather credentials for the  
mounting daemon when needed

I'm not exactly sure how to get browsing to work (probably some VFS  
extension or Thunar Plug-in), but here is how a simple scenario of  
mounting a known location could work:

Imagine a Desktop Icon that runs a small utility to message the SMB  
mounting daemon to mount a share. Something like:
"mountsmb //aserver/ashare"

2. User dbl-clicks icon

3. command sends d-bus message to mounting daemon

4. Mounting daemon attempts to mount share to standard location (e.g. / 
media/network/<share name>)

5. If no-passwd mount fails (likely), mounting daemon sends a 'mount  
failed' d-bus

6. GTK app listening for mount-failed requests, receives message, and  
display dialog to gather uname/pwd for the share

7. GTK app sends a mount message back to dbus, now containing uname/pwd

8. Mounting daemon receives new mount request w/credentials and  
successfully mounts share

9. Mounting daemon sends dbus 'mount success' message

10. GTK app receives 'mount success' message and opens Thunar viewer  
displaying /media/network/<share name>

I think with the functionality available in the Samba libraries this  
would be fairly easy to implement, and to extend to do nice things  
like store credentials in the gnome-keyring for repeat mounts.

The main advantages I see of this approach:
1. it keeps Thunar from having to know anything about network  
filesystems (one of their design goals)
2. It supports users connecting to shares with arbitrary sets of  
credentials
3. All credentials can be stored in gnome-keyring, rather than out in  
the public
4. pretty straight forward implementation

What I'm not clear on is how to integrate with either VFS or Thunar  
via plugin-API to create a special 'network' folder that would display  
the results of an SMB Browse (to show all net-local servers) and then  
kick off a mount when a share is selected.

Any thoughts on this approach?

- Jeff


------------------------
CTO, Inveneo Inc.
web:   http://www.inveneo.org
phone: +1-415-901-1969 x 1270
mobile:  +1-415-377-3715
email: jeff at inveneo.org
aim/yahoo/msn/gtalk/skype: jwishnie





On Jul 15, 2008, at 2:09 AM, Chris Francy wrote:

> On Mon, Jul 14, 2008 at 8:59 AM, Vincent <mailinglists at vinnl.nl>  
> wrote:
>> For those who don't know, a quick overview can be read at [1], the  
>> meetin log can be read at [2].
>> [1] https://wiki.ubuntu.com/Xubuntu/Meetings/Archive/Minutes/2008-07-12
>> [2] https://wiki.ubuntu.com/MeetingLogs/Xubuntu_2008-07-12
>
>> [16:11] <cody-somerville> Who has tried that fusesmb hack?
>> [16:13] <cody-somerville> Might we could do is have fusesmb mount  
>> on login configured with their credentials, etc. etc.
>> [16:12] <cody-somerville> j1mc, although I couldn't write to share  
>> but I dunno if that was fusesmb or how the share's configuration
>
> I have used the fusesmb for network browsing.
>
> Installing by default worries me a bit.  With fusesmb you have to
> store the unencrypted smb passwords in a text file for it to work.
>
> On the system where I use fusesmb I have dm-crypt setup for all my
> filesystems.  So having my passwords unencrypted in the filesystem
> isn't as big of an issue since the entire partition is encrypted.   I
> don't think most people use whole-disk encryption though.  So it seems
> like users should be warned/reminded about the possibility that anyone
> with a livecd could steal there authentication credentials.
>
> -- 
> xubuntu-devel mailing list
> xubuntu-devel at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/xubuntu-devel

More information about the xubuntu-devel mailing list