[PATCH 2/4] [cifs-utils] Accept empty domains on the command line

Tue Nov 22 13:03:15 UTC 2016

Hi Jeff,

Before explaining how the kernel behaves differently in the two cases,
I think it's worth stressing that the userspace tool should not make
any assumption about the input for the kernel module, unless
explicitly stated in the documentation.
The kernel accepts:
1. no domain on the command line
2. domain=
3. domain=""
mount.cifs should pass them down and let the kernel complain if not happy.

Leaving this philosophical motivation aside, if the kernel receives no domain
option at all, then a default one is passed (I'm sending a patch for the kernel
as well, because I don't think the default is right).
If you passed domain="" then the default is not used and an empty
domain is sent to the server. In that case the credentials are matched
against a local domain (at least in one of our server configurations) and
login succeeds.
Unfortunately, before this patch, passing domain="" is ignored and nothing
is passed down, hence the kernel picks the primary domain advertized
by the server that doesn't have those credentials and login fails.

It can be worked around with domain="." or any other non existing domain
but it's not elegant and doesn't match the windows command line client,
that does allow an empty domain to be sent.

Germano

From: Jeff Layton
Sent: Friday, 18 November, 21:46
Subject: Re: [PATCH 2/4] [cifs-utils] Accept empty domains on the command line
To: Germano Percossi, sfrench at samba.org
Cc: samba-technical at lists.samba.org

On Fri, 2016-11-18 at 18:54 +0000, Germano Percossi wrote: > If we do not allow empty domains on the command line > we are preventing the kernel module from taking different actions > if the domain has not been specified at all or just > passed empty. > > In fact, with this fix the cifs module behaves differently > once an empty domain is passed: the find_domain_name > function is not invoked when an empty domain is passed. > > It is possible to pass both 'domain=' or 'domain=""' even > though the kernel module will accept the former only when > associated with the sloppy option. > Umm...ok. So what's the meaningful difference then? How does the client behave differently between the two cases? > Signed-off-by: Germano Percossi > --- > mount.cifs.c | 15 ++++++++++++--- > 1 file changed, 12 insertions(+), 3 deletions(-) > > diff --git a/mount.cifs.c b/mount.cifs.c > index ebb4260..88a3618 100644 > --- a/mount.cifs.c > +++ b/mount.cifs.c > @@ -189,6 +189,7 @@ struct parsed_mount_info { > unsigned int nomtab:1; > unsigned int verboseflag:1; > unsigned int nofail:1; > + unsigned int got_domain:1; > }; > > static const char *thisprogram; > @@ -904,9 +905,14 @@ parse_options(const char *data, struct parsed_mount_info *parsed_info) > > /* dom || workgroup */ > case OPT_DOM: > - if (!value || !*value) { > - fprintf(stderr, "CIFS: invalid domain name\n"); > - return EX_USAGE; > + if (!value) { > + /* > + * An empty domain has been passed > + */ > + /* not necessary but better safe than.. */ > + parsed_info->domain[0] = '\0'; > + parsed_info->got_domain = 1; > + goto nocopy; > } > if (strnlen(value, sizeof(parsed_info->domain)) >= > sizeof(parsed_info->domain)) { > @@ -1812,6 +1818,9 @@ assemble_mountinfo(struct parsed_mount_info *parsed_info, > sizeof(parsed_info->options)); > strlcat(parsed_info->options, parsed_info->domain, > sizeof(parsed_info->options)); > + } else if (parsed_info->got_domain) { > + strlcat(parsed_info->options, ",domain=", > + sizeof(parsed_info->options)); > } > > assemble_exit: