diff options
| author | Jeff Layton <jlayton@samba.org> | 2012-08-07 11:11:26 -0400 |
|---|---|---|
| committer | Jeff Layton <jlayton@samba.org> | 2012-08-07 11:11:26 -0400 |
| commit | 569cfcb3a467dfdf967a36ed6f7896559edab2ba (patch) | |
| tree | 5208d6309002400a06c0ca0a851820f1df2697da /mount.cifs.c | |
| parent | 692842e34c1f2fcc84b6b64136f5e28dd7062f46 (diff) | |
| download | cifs-utils-569cfcb3a467dfdf967a36ed6f7896559edab2ba.tar.gz cifs-utils-569cfcb3a467dfdf967a36ed6f7896559edab2ba.tar.bz2 cifs-utils-569cfcb3a467dfdf967a36ed6f7896559edab2ba.zip | |
mount.cifs: deprecate the DOMAIN/username%password username syntax
mount.cifs has in the past allowed users to specify a username using
the above syntax, which would populate the domain and password fields
with the different pieces.
Unfortunately, there are cases where it is legit to have a '/' in a
username. krb5 SPNs generally contain a '/' and we have no clear way
to distinguish between the two.
I don't see any real value in keeping that syntax allowed. It's no
easier than specifying "pass=" and "domain=" on the command line. Ditto
for credential files.
Begin the transition away from that syntax by adding a warning message
that support for it will be removed in 5.9.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Diffstat (limited to 'mount.cifs.c')
| -rw-r--r-- | mount.cifs.c | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/mount.cifs.c b/mount.cifs.c index 330e528..ef5b43f 100644 --- a/mount.cifs.c +++ b/mount.cifs.c @@ -45,6 +45,7 @@ #include <libgen.h> #include <sys/mman.h> #include <sys/wait.h> +#include <stdbool.h> #ifdef HAVE_SYS_FSUID_H #include <sys/fsuid.h> #endif /* HAVE_SYS_FSUID_H */ @@ -320,15 +321,22 @@ static int set_password(struct parsed_mount_info *parsed_info, const char *src) * * ...obviously the only required component is "username". The source string * is modified in the process, but it should remain unchanged at the end. + * + * NOTE: the above syntax does not allow for usernames that have slashes in + * them, as some krb5 usernames do. Support for the above syntax will be + * removed in a later version of cifs-utils. Users should use separate options + * instead of overloading this info into the username. */ static int parse_username(char *rawuser, struct parsed_mount_info *parsed_info) { char *user, *password, slash; int rc = 0; + bool warn = false; /* everything after first % sign is a password */ password = strchr(rawuser, '%'); if (password) { + warn = true; rc = set_password(parsed_info, password + 1); if (rc) return rc; @@ -342,6 +350,7 @@ static int parse_username(char *rawuser, struct parsed_mount_info *parsed_info) /* everything before that slash is a domain */ if (user) { + warn = true; slash = *user; *user = '\0'; strlcpy(parsed_info->domain, rawuser, @@ -356,6 +365,11 @@ static int parse_username(char *rawuser, struct parsed_mount_info *parsed_info) if (password) *password = '%'; + if (warn) + fprintf(stderr, "WARNING: The DOMAIN/username%%password syntax " + "for usernames is deprecated and will be " + "removed in version 5.9 of cifs-utils.\n"); + return 0; } |