[linux-cifs-client] Re: [PATCH] CIFS: make sec=none force
an anonymous mount
Shirish S Pargaonkar
shirishp at us.ibm.com
Fri May 4 02:48:10 GMT 2007
Jeff Layton <jlayton at poochiereds.net> wrote on 05/03/2007 02:40:13 PM:
> On Thu, May 03, 2007 at 02:13:26PM -0500, Shirish S Pargaonkar wrote:
> >
> >
> > linux-cifs-client-bounces+shirishp=us.ibm.com at lists.samba.org wrote on
> > 05/03/2007 01:43:21 PM:
> >
> > > On Thu, May 03, 2007 at 02:32:33PM -0400, Jeff Layton wrote:
> > > > We had a customer report that attempting to make CIFS mount with a
null
> > > > username (i.e. doing an anonymous mount) doesn't work. Looking
through
> > the
> > > > code, it looks like CIFS expects a NULL username from userspace in
> > order
> > > > to trigger an anonymous mount. The mount.cifs code doesn't seem to
ever
> > > > pass a null username to the kernel, however.
> > > >
> > > > It looks also like the kernel can take a sec=none option, but it
only
> > seems
> > > > to look at it if the username is already NULL. This seems redundant
and
> > > > effectively makes sec=none useless.
> > > >
> > > > The following patch makes sec=none force an anonymous mount. I've
> > briefly
> > > > tested it and it seems to work. I suppose we could alternately do
some
> > > > stuff in userspace to make mount.cifs force a null username
> > > instead, but this
> > > > seems more straightforward to me.
> > >
> > > Looks useful. In case you have some spare time at your hand it would
> > > be really nice to convert cifs option parsing to the lib/parser.c
code
> > > and move all validation of the arguments into one place, so it's
easily
> > > understanable and better to maintain.
> > >
> > > _______________________________________________
> > > linux-cifs-client mailing list
> > > linux-cifs-client at lists.samba.org
> > > https://lists.samba.org/mailman/listinfo/linux-cifs-client
> >
> > Jeff,
> >
> > That will work. I had proposed this fix, instead
> >
> > diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
> > index cf40e24..7075210 100644
> > --- a/fs/cifs/connect.c
> > +++ b/fs/cifs/connect.c
> > @@ -960,6 +960,7 @@ #ifdef CONFIG_CIFS_WEAK_PW_HASH
> > #endif
> > } else if (strnicmp(value, "none", 4) == 0) {
> > vol->nullauth = 1;
> > + vol->username = NULL;
> > } else {
> > cERROR(1,("bad security option: %s",
> > value));
> > return 1;
> >
> > Regards,
> >
> > Shirish
>
> Thanks Shirish...
>
> My concern with that patch is that if the sec= option is parsed before
the
> user= option, then vol->username might get filled out anyway and the
mount
> won't be anonymous. Is there something that enforces a certain order to
the
> options that I'm not aware of?
>
> -- Jeff
>
Jeff,
I think you are right. There is nothing that enforces the order of options
as far as I know, nothing of that sort is mentioned in mount.cifs man
pages.
So it is better to take the precaution you have in the code.
Although the man pages of mount.cifs says
sec
none attempt to connection as a null user (no name)
if somebody specifies option user/username after sec=none, it will be
considered.
Regards,
Shirish
-------------- next part --------------
HTML attachment scrubbed and removed
More information about the linux-cifs-client
mailing list