[linux-cifs-client] Re: [PATCH] CIFS: make sec=none force an anonymous mount

Thu May 3 19:40:13 GMT 2007

On Thu, May 03, 2007 at 02:13:26PM -0500, Shirish S Pargaonkar wrote:
> 
> 
> linux-cifs-client-bounces+shirishp=us.ibm.com at lists.samba.org wrote on
> 05/03/2007 01:43:21 PM:
> 
> > On Thu, May 03, 2007 at 02:32:33PM -0400, Jeff Layton wrote:
> > > We had a customer report that attempting to make CIFS mount with a null
> > > username (i.e. doing an anonymous mount) doesn't work. Looking through
> the
> > > code, it looks like CIFS expects a NULL username from userspace in
> order
> > > to trigger an anonymous mount. The mount.cifs code doesn't seem to ever
> > > pass a null username to the kernel, however.
> > >
> > > It looks also like the kernel can take a sec=none option, but it only
> seems
> > > to look at it if the username is already NULL. This seems redundant and
> > > effectively makes sec=none useless.
> > >
> > > The following patch makes sec=none force an anonymous mount. I've
> briefly
> > > tested it and it seems to work. I suppose we could alternately do some
> > > stuff in userspace to make mount.cifs force a null username
> > instead, but this
> > > seems more straightforward to me.
> >
> > Looks useful.  In case you have some spare time at your hand it would
> > be really nice to convert cifs option parsing to the lib/parser.c code
> > and move all validation of the arguments into one place, so it's easily
> > understanable and better to maintain.
> >
> > _______________________________________________
> > linux-cifs-client mailing list
> > linux-cifs-client at lists.samba.org
> > https://lists.samba.org/mailman/listinfo/linux-cifs-client
> 
> Jeff,
> 
> That will work.  I had proposed this fix, instead
> 
> diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
> index cf40e24..7075210 100644
> --- a/fs/cifs/connect.c
> +++ b/fs/cifs/connect.c
> @@ -960,6 +960,7 @@ #ifdef CONFIG_CIFS_WEAK_PW_HASH
>  #endif
>                         } else if (strnicmp(value, "none", 4) == 0) {
>                                 vol->nullauth = 1;
> +                               vol->username = NULL;
>                          } else {
>                                  cERROR(1,("bad security option: %s",
> value));
>                                  return 1;
> 
> Regards,
> 
> Shirish

Thanks Shirish...

My concern with that patch is that if the sec= option is parsed before the
user= option, then vol->username might get filled out anyway and the mount
won't be anonymous. Is there something that enforces a certain order to the
options that I'm not aware of?

-- Jeff