[linux-cifs-client] [PATCH] [CIFS] only use krb5 session key from first SMB session on socket

Jeff Layton jlayton at redhat.com
Tue Dec 18 14:27:15 GMT 2007


On Tue, 18 Dec 2007 14:22:16 +0000
simo <idra at samba.org> wrote:

> 
> On Tue, 2007-12-18 at 16:40 +0300, Q (Igor Mammedov) wrote:
> > Jeff Layton wrote:
> > > Currently, any new kerberos SMB session overwrites the server's
> > > session key. The session key should only be set by the first SMB
> > > session set up on the socket.
> > 
> > It could be better don't do upcall at all in this case?
> 
> It's just the signing key that is shared on the same TCP connection,
> we still need to authenticate different users in a multi-user setup.
> 

I thought that was probably the case.

> I guess we may avoid doing a new session setup and just skip to the
> tree connect if the same user already has an open session. But I
> guess this is just optimization.
> 

I think the code already does that. cifs_find_tcp_session looks for
an existing TCP session that it can share, as well as an existing SMB
session. If it finds the latter, then it skips the session setup.

-- 
Jeff Layton <jlayton at redhat.com>


More information about the linux-cifs-client mailing list