There's so many different ways to get the password in the mount.cifs.c
sources that I wouldn't be surprised if one path works fine while
another path fails this way.
For those who can test this, it would be nice to test mount -t cifs vs
calling mount.cifs directly, and it'd be worth testing the PASSWD
environment variable, the PASSWD_FD environment variable, the
PASSWD_FILE environment variable, the --pass and --password and -p
command line options, the systemd-ask-password prompt, the getpass()
password prompt, the credentials file.
The kernel sources also appears to log unknown options only if "sloppy" isn't
being used:
if (!sloppy && invalid) {
pr_err("CIFS: Unknown mount option \"%s\"\n", invalid);
goto cifs_parse_mount_err;
}
so be sure to test with and without sloppy to make sure you're testing the
right thing.
Thanks
** Also affects: linux (Ubuntu)
Importance: Undecided
Status: New
** Information type changed from Public to Public Security
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1069915
Title:
unable to mount CIFS share with comma in password
Status in cifs-utils package in Ubuntu:
Confirmed
Status in linux package in Ubuntu:
New
Bug description:
Since the update to Quantal I am unable to mount CIFS shares with a
comma in the password:
root@lama ~ # PASSWD=",password" mount -t cifs //cifs.example.org target -o
username=user,domain=dom,uid=4711,gid=12345
mount error(22): Invalid argument
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
32 root@lama ~ # dmesg | tail -1
[17848.954253] CIFS: Unknown mount option "password"
The same thing happens with a credential file and the password prompt.
This looks like a parser regression:
mount.cifs(8) explains:
Note that a password which contains the delimiter character (i.e. a
comma ´,´) will fail to be parsed correctly on the command line.
However, the same password defined in the PASSWD environment
variable or via a credentials file (see below) or entered at the
password prompt will be read correctly.
This is pretty evil, as it exposes parts of the password through
dmesg.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cifs-utils/+bug/1069915/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
