[linux-cifs-client] [PATCH 00/11] cifs: overhaul of auth selection code (try #2)

Jeff Layton jlayton at redhat.com
Sat Apr 24 05:57:41 MDT 2010


This is a respin of the auth selection overhaul series that I posted
around a week ago. The main difference is that this set has been respun
so that it applies on top of the cFYI/cERROR macro change that Steve
committed recently. There's also a bugfix in the auth selection code
that caused NTLMv2 authentication to be preferred rather than NTLM
auth as it is today.

These patches essentially lay the groundwork for the coming patchset to
do multiuser mounts. The patches in that set will require these. It
starts with some smaller patches to clean up and reorganize the code.

The main changes come in the last half. Those overhaul how the client
decides what auth scheme to use. There should be few behavioral changes
but it does try to be a little smarter about not failing mounts just
because the server requires signing and it wasn't requested. The client
will just autoenable signing if the global_secflags allow it.

This patchset also has the client try to make a smarter decision about
matching existing sessions. Currently it doesn not check the password
supplied against existing sessions, so it's possible for someone to
"borrow" a session even when they don't know the password. It also has
the code try to be more intelligent about matching krb5 sessions.

The last patch is intended as a way to start separating the different
effects that the "uid=" option has. The idea there is to try and make
an intelligent decision at a given time about what uid actually owns
the credentials cache.

Comments welcome.

Jeff Layton (11):
  cifs: track local_nls in volume info
  cifs: move SMB session creation code into separate function
  cifs: move tcon find/create into separate function
  cifs: rename "extended_security" to "global_secflags"
  cifs: save the dialect chosen by server
  cifs: eliminate "first_time" parm to CIFS_SessSetup
  cifs: break negotiate protocol calls out of cifs_setup_session
  cifs: have decode_negTokenInit set flags in server struct
  cifs: allow mixed secTypes on a socket
  cifs: clean up cifs_find_smb_ses
  cifs: add separate cred_uid field to sesInfo

 fs/cifs/asn1.c        |   30 +--
 fs/cifs/cifs_debug.c  |   14 +-
 fs/cifs/cifs_spnego.c |    7 +-
 fs/cifs/cifsencrypt.c |    2 +-
 fs/cifs/cifsfs.c      |    2 +-
 fs/cifs/cifsglob.h    |   42 ++--
 fs/cifs/cifspdu.h     |    2 +
 fs/cifs/cifsproto.h   |    7 +-
 fs/cifs/cifssmb.c     |  139 ++----------
 fs/cifs/connect.c     |  635 +++++++++++++++++++++++++++++++++----------------
 fs/cifs/file.c        |   12 +-
 fs/cifs/misc.c        |    6 +-
 fs/cifs/sess.c        |   57 +++--
 fs/cifs/transport.c   |   12 +-
 14 files changed, 535 insertions(+), 432 deletions(-)



More information about the linux-cifs-client mailing list