diff -Nru gvfs-1.20.3/debian/changelog gvfs-1.20.3/debian/changelog --- gvfs-1.20.3/debian/changelog 2015-04-28 20:32:03.000000000 +0200 +++ gvfs-1.20.3/debian/changelog 2015-08-05 10:08:47.000000000 +0200 @@ -1,3 +1,9 @@ +gvfs (1.20.3-0ubuntu1.2) trusty; urgency=medium + + * smb: anonymous login as fallback, not default (LP: #1464645) + + -- Dariusz Gadomski Wed, 05 Aug 2015 10:08:11 +0200 + gvfs (1.20.3-0ubuntu1.1) trusty; urgency=medium * debian/patches/avoid-endless-looping.patch: picked from upstream. diff -Nru gvfs-1.20.3/debian/control gvfs-1.20.3/debian/control --- gvfs-1.20.3/debian/control 2015-04-28 20:34:43.000000000 +0200 +++ gvfs-1.20.3/debian/control 2015-08-05 10:11:10.000000000 +0200 @@ -7,7 +7,7 @@ Priority: optional Maintainer: Ubuntu Developers XSBC-Original-Maintainer: Debian GNOME Maintainers -Uploaders: Andreas Henriksson , Debian GNOME Maintainers , Laurent Bigonville , Martin Pitt , Sjoerd Simons +Uploaders: Andreas Henriksson , Debian GNOME Maintainers , Laurent Bigonville , Martin Pitt Build-Depends: debhelper (>= 8.1.3), autotools-dev, cdbs (>= 0.4.93), diff -Nru gvfs-1.20.3/debian/patches/series gvfs-1.20.3/debian/patches/series --- gvfs-1.20.3/debian/patches/series 2015-04-28 20:31:36.000000000 +0200 +++ gvfs-1.20.3/debian/patches/series 2015-08-05 10:09:35.000000000 +0200 @@ -6,3 +6,4 @@ handle-inactive-vfs.patch ref-jobs-in-thread.patch avoid-endless-looping.patch +smb-handle-anonymous.patch diff -Nru gvfs-1.20.3/debian/patches/smb-handle-anonymous.patch gvfs-1.20.3/debian/patches/smb-handle-anonymous.patch --- gvfs-1.20.3/debian/patches/smb-handle-anonymous.patch 1970-01-01 01:00:00.000000000 +0100 +++ gvfs-1.20.3/debian/patches/smb-handle-anonymous.patch 2015-08-05 10:10:50.000000000 +0200 @@ -0,0 +1,129 @@ +Description: smb: Handle the anonymous flag when calling AskPassword + Previously, the smb backend would try logging in anonymously first if a + user is not specified making it difficult to mount a share as a specific + user from Nautilus. Instead, only try an anonymous login if the + anonymous flag is TRUE after calling AskPassword. + . + gvfs (1.20.3-0ubuntu1.2) trusty; urgency=medium + . + * smb: anonymous login as fallback, not default (LP: #1464645) + +Origin: upstream, https://git.gnome.org/browse/gvfs/commit/?id=a0aec32 +Bug: https://bugzilla.gnome.org/show_bug.cgi?id=742169 +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1464645 + +--- gvfs-1.20.3.orig/daemon/gvfsbackendsmb.c ++++ gvfs-1.20.3/daemon/gvfsbackendsmb.c +@@ -84,6 +84,7 @@ struct _GVfsBackendSmb + int mount_try; + gboolean mount_try_again; + gboolean mount_cancelled; ++ gboolean use_anonymous; + + gboolean password_in_keyring; + GPasswordSave password_save; +@@ -176,7 +177,7 @@ auth_callback (SMBCCTX *context, + { + GVfsBackendSmb *backend; + char *ask_password, *ask_user, *ask_domain; +- gboolean handled, abort; ++ gboolean handled, abort, anonymous = FALSE; + + backend = smbc_getOptionUserData (context); + +@@ -213,9 +214,16 @@ auth_callback (SMBCCTX *context, + backend->user == NULL && + backend->domain == NULL) + { +- /* Try again if kerberos login + anonymous fallback fails */ ++ /* Try again if kerberos login fails */ + backend->mount_try_again = TRUE; +- DEBUG ("auth_callback - anonymous pass\n"); ++ DEBUG ("auth_callback - kerberos pass\n"); ++ } ++ else if (backend->use_anonymous) ++ { ++ /* Try again if anonymous login fails */ ++ backend->use_anonymous = FALSE; ++ backend->mount_try_again = TRUE; ++ DEBUG ("auth_callback - anonymous login pass\n"); + } + else + { +@@ -254,6 +262,8 @@ auth_callback (SMBCCTX *context, + flags |= G_ASK_PASSWORD_NEED_DOMAIN; + if (backend->user == NULL) + flags |= G_ASK_PASSWORD_NEED_USERNAME; ++ if (backend->user == NULL && backend->domain == NULL) ++ flags |= G_ASK_PASSWORD_ANONYMOUS_SUPPORTED; + + DEBUG ("auth_callback - asking for password...\n"); + +@@ -269,7 +279,7 @@ auth_callback (SMBCCTX *context, + &ask_password, + &ask_user, + &ask_domain, +- NULL, ++ &anonymous, + &(backend->password_save)); + g_free (message); + if (!handled) +@@ -287,11 +297,19 @@ auth_callback (SMBCCTX *context, + /* Try again if this fails */ + backend->mount_try_again = TRUE; + +- strncpy (password_out, ask_password, pwmaxlen); +- if (ask_user && *ask_user) +- strncpy (username_out, ask_user, unmaxlen); +- if (ask_domain && *ask_domain) +- strncpy (domain_out, ask_domain, domainmaxlen); ++ if (anonymous) ++ { ++ backend->use_anonymous = TRUE; ++ backend->password_save = FALSE; ++ } ++ else ++ { ++ strncpy (password_out, ask_password, pwmaxlen); ++ if (ask_user && *ask_user) ++ strncpy (username_out, ask_user, unmaxlen); ++ if (ask_domain && *ask_domain) ++ strncpy (domain_out, ask_domain, domainmaxlen); ++ } + + out: + g_free (ask_password); +@@ -555,8 +573,7 @@ do_mount (GVfsBackend *backend, + smbc_setOptionUseKerberos (smb_context, 1); + smbc_setOptionFallbackAfterKerberos (smb_context, + op_backend->user != NULL); +- smbc_setOptionNoAutoAnonymousLogin (smb_context, +- op_backend->user != NULL); ++ smbc_setOptionNoAutoAnonymousLogin (smb_context, TRUE); + + + #if 0 +@@ -640,15 +657,20 @@ do_mount (GVfsBackend *backend, + } + + /* The first round is Kerberos-only. Only if this fails do we enable +- * NTLMSSP fallback (turning off anonymous fallback, which we've +- * already tried and failed with). ++ * NTLMSSP fallback. + */ + if (op_backend->mount_try == 0) + { + DEBUG ("do_mount - after anon, enabling NTLMSSP fallback\n"); + smbc_setOptionFallbackAfterKerberos (op_backend->smb_context, 1); +- smbc_setOptionNoAutoAnonymousLogin (op_backend->smb_context, 1); + } ++ ++ /* If the AskPassword reply requested anonymous login, enable the ++ * anonymous fallback and try again. ++ */ ++ smbc_setOptionNoAutoAnonymousLogin (op_backend->smb_context, ++ !op_backend->use_anonymous); ++ + op_backend->mount_try ++; + } + while (op_backend->mount_try_again);