[PATCH 2/4] [cifs-utils] Accept empty domains on the command line

Jeff Layton jlayton at samba.org
Sun Nov 27 11:26:30 UTC 2016

On Tue, 2016-11-22 at 13:03 +0000, Germano Percossi wrote:
> Hi Jeff,
> Before explaining how the kernel behaves differently in the two cases,
> I think it's worth stressing that the userspace tool should not make
> any assumption about the input for the kernel module, unless
> explicitly stated in the documentation.
> The kernel accepts: 
> 1. no domain on the command line 
> 2. domain= 
> 3. domain=""
> mount.cifs should pass them down and let the kernel complain if not happy.
> Leaving this philosophical motivation aside, if the kernel receives no domain
> option at all, then a default one is passed (I'm sending a patch for the kernel
> as well, because I don't think the default is right).
> If you passed domain="" then the default is not used and an empty
> domain is sent to the server. In that case the credentials are matched
> against a local domain (at least in one of our server configurations) and
> login succeeds.
> Unfortunately, before this patch, passing domain="" is ignored and nothing
> is passed down, hence the kernel picks the primary domain advertized
> by the server that doesn't have those credentials and login fails.
> It can be worked around with domain="." or any other non existing domain
> but it's not elegant and doesn't match the windows command line client,
> that does allow an empty domain to be sent.

Ok, I'm not so concerned with how the kernel behaves (as that I can just
look at myself), but more with how we expect users to use these. If
there is a subtle distinction between these three cases, then we should
document that so that it can be used properly.

The patches themselves look fine to me, and I agree that leaving the
option parsing mostly to the kernel is best. Parity with the windows
command line client is also a good thing. I'll plan to give these one
more look and merge them unless I find something wrong.

If you can send along a manpage patch to better flesh out the domain=
option then that would also be great.

Jeff Layton <jlayton at samba.org>

More information about the samba-technical mailing list