[linux-cifs-client] [PATCH] Test the password field as well as the username field when looking for a session to reuse.
Jeff Layton
jlayton at samba.org
Wed Apr 21 11:28:45 MDT 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wed, 21 Apr 2010 16:09:05 +0100
Alex Zeffertt <alex.zeffertt at eu.citrix.com> wrote:
> Hi all,
>
> I have found a problem with the reusing of existing sessions. The kernel only
> tests the username but not the password when deciding whether to reuse an
> existing session. As a result it is possible for mount.cifs to succeed even if
> the password is incorrect, provided that there is an existing session between
> the client and server for that user.
>
> Please could you consider the attached patch which addresses this issue.
>
> Regards,
>
> Alex Zeffertt
Yes, I would consider that a good change.
In fact, I've already incorporated such a change in the auth selection
overhaul patch series that I posted on Friday:
http://lists.samba.org/archive/linux-cifs-client/2010-April/005839.html
I'd probably prefer to do this in the context of that patchset rather
than as a standalone thing, unless anyone has objections.
- --
Jeff Layton <jlayton at samba.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
iEYEARECAAYFAkvPNdAACgkQyP0gxQMdzIADGQCfYLTDeA3ecplQN2bl5Kqc4k5q
U58AnjIdQwt+tdRP9ikX+gBV6K6m0QVM
=luxz
-----END PGP SIGNATURE-----
More information about the linux-cifs-client
mailing list