[linux-cifs-client] [PATCH] Test the password field as well as the username field when looking for a session to reuse.
Alex Zeffertt
alex.zeffertt at eu.citrix.com
Thu Apr 22 02:26:45 MDT 2010
Jeff Layton wrote:
> Alex Zeffertt <alex.zeffertt at eu.citrix.com> wrote:
>
>> Hi all,
>>
>> I have found a problem with the reusing of existing sessions. The kernel only
>> tests the username but not the password when deciding whether to reuse an
>> existing session. As a result it is possible for mount.cifs to succeed even if
>> the password is incorrect, provided that there is an existing session between
>> the client and server for that user.
>>
>> Please could you consider the attached patch which addresses this issue.
>>
>> Regards,
>>
>> Alex Zeffertt
>
> Yes, I would consider that a good change.
>
> In fact, I've already incorporated such a change in the auth selection
> overhaul patch series that I posted on Friday:
>
> http://lists.samba.org/archive/linux-cifs-client/2010-April/005839.html
>
> I'd probably prefer to do this in the context of that patchset rather
> than as a standalone thing, unless anyone has objections.
>
That's fine by me. Great minds think alike and all that :-)
Alex
More information about the linux-cifs-client
mailing list