[WIP PATCH] allow changing the password on remount in some cases

Steve French smfrench at gmail.com
Fri Feb 16 02:54:14 UTC 2024 

I lean toward allowing password change on remount if network disconnected
even if there are cases where harmless because it should be non confusing
if reconnect fails with new password where case of allowing password change
in mount when session active could be very confusing if it took hours for
reconnect to ever happen (user might not associate it with an remount hours
or days earlier)

On Thu, Feb 15, 2024, 17:52 Shyam Prasad N <nspmangalore at gmail.com> wrote:

> On Tue, Feb 13, 2024 at 12:23 PM Steve French <smfrench at gmail.com> wrote:
> >
> > cifs: Work-in-progress patch to allow changing password
> >  during remount
> >
> > There are cases where a session is disconnected but we can
> > not reconnect successfully since the user's password has changed
> > on the server (or expired) and this case currently can not be fixed
> > without unmount and mounting again which is not always realistic to do.
> > This patch allows remount to change the password when the session
> > is disconnected.
> >
> > This patch needs to be tested for cases where you have multiuser mounts
> > and to make sure that there are no cases where we are changing
> > passwords for a different user than the one for the master tcon's
> > session (cifs_sb->tcon->ses->username)
> >
> > Future patches should also allow us to setup the keyring (cifscreds)
> > to have an "alternate password" so we would be able to change
> > the password before the session drops (without the risk of races
> > between when the password changes and the disconnect occurs -
> > ie cases where the old password is still needed because the new
> > password has not fully rolled out to all servers yet).
> >
> > See attached patch
> >
> >
> > --
> > Thanks,
> >
> > Steve
>
> need_recon would also be true in other cases, for example when the
> network is temporarily disconnected. This patch will allow changing of
> password even then.
> We could setup a special flag when the server returns a
> STATUS_LOGON_FAILURE for SessionSetup. We can make the check for that
> flag and then allow password change on remount.
>
> Another option is to extend the multiuser keyring mechanism for single
> user use case as well, and use that for password update.
> Ideally, we should be able to setup multiple passwords in that keyring
> and iterate through them once to see if SessionSetup goes through.
> It'll be a bigger change than this though.
>
> --
> Regards,
> Shyam
>

More information about the samba-technical mailing list