From patchwork Sat Apr 24 11:57:51 2010
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Jeff Layton <jlayton@redhat.com>
X-Patchwork-Id: 50897
Return-Path: <linux-cifs-client-bounces@lists.samba.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from lists.samba.org (fn.samba.org [216.83.154.106])
	by ozlabs.org (Postfix) with ESMTP id E410DB7D2D
	for <incoming@patchwork.ozlabs.org>;
	Sat, 24 Apr 2010 22:06:13 +1000 (EST)
Received: from fn.samba.org (localhost [127.0.0.1])
	by lists.samba.org (Postfix) with ESMTP id 44822AD1DA;
	Sat, 24 Apr 2010 06:06:16 -0600 (MDT)
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on fn.samba.org
X-Spam-Level: 
X-Spam-Status: No, score=-3.4 required=3.8 tests=AWL, BAYES_00, NO_MORE_FUNN,
	SPF_PASS autolearn=no version=3.2.5
X-Original-To: linux-cifs-client@lists.samba.org
Delivered-To: linux-cifs-client@lists.samba.org
Received: from cdptpa-omtalb.mail.rr.com (cdptpa-omtalb.mail.rr.com
	[75.180.132.122])
	by lists.samba.org (Postfix) with ESMTP id E39CAAD1D9
	for <linux-cifs-client@lists.samba.org>;
	Sat, 24 Apr 2010 06:06:08 -0600 (MDT)
X-Authority-Analysis: v=1.1 cv=MoTY9QBVwAhcB2GH59FwCsmLFwRIhosZyZPAEaxcLvM=
	c=1 sm=0 a=xsQCtD5dwGEA:10
	a=ld/erqUjW76FpBUqCqkKeA==:17
	a=20KFwNOVAAAA:8 a=3qe710Jm2rxQdNK61rgA:9
	a=Pa21AFfe0nw12oFBjHuL8QZwQnkA:4 a=jEp0ucaQiEUA:10
	a=ld/erqUjW76FpBUqCqkKeA==:117
X-Cloudmark-Score: 0
X-Originating-IP: 71.70.153.3
Received: from [71.70.153.3] ([71.70.153.3:36336] helo=mail.poochiereds.net)
	by cdptpa-oedge04.mail.rr.com (envelope-from
	<jlayton@poochiereds.net>) (ecelerity 2.2.2.39 r()) with ESMTP
	id 74/A7-23257-DAED2DB4; Sat, 24 Apr 2010 12:06:05 +0000
Received: by mail.poochiereds.net (Postfix, from userid 4447)
	id 254D458097; Sat, 24 Apr 2010 07:57:53 -0400 (EDT)
From: Jeff Layton <jlayton@redhat.com>
To: smfrench@gmail.com
Date: Sat, 24 Apr 2010 07:57:51 -0400
Message-Id: <1272110272-20686-11-git-send-email-jlayton@redhat.com>
X-Mailer: git-send-email 1.6.6.1
In-Reply-To: <1272110272-20686-1-git-send-email-jlayton@redhat.com>
References: <1272110272-20686-1-git-send-email-jlayton@redhat.com>
Cc: linux-cifs-client@lists.samba.org
Subject: [linux-cifs-client] [PATCH 10/11] cifs: clean up cifs_find_smb_ses
X-BeenThere: linux-cifs-client@lists.samba.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: The Linux CIFS VFS client <linux-cifs-client.lists.samba.org>
List-Unsubscribe: <https://lists.samba.org/mailman/options/linux-cifs-client>,
	<mailto:linux-cifs-client-request@lists.samba.org?subject=unsubscribe>
List-Archive: <http://lists.samba.org/pipermail/linux-cifs-client>
List-Post: <mailto:linux-cifs-client@lists.samba.org>
List-Help: <mailto:linux-cifs-client-request@lists.samba.org?subject=help>
List-Subscribe: <https://lists.samba.org/mailman/listinfo/linux-cifs-client>,
	<mailto:linux-cifs-client-request@lists.samba.org?subject=subscribe>
MIME-Version: 1.0
Sender: linux-cifs-client-bounces@lists.samba.org
Errors-To: linux-cifs-client-bounces@lists.samba.org

Do a better job of matching sessions by authtype. Matching by username
for an anonymous or Kerberos session is incorrect. We need different
criteria for different security types. Also, in the case where we do
match by username, we also need to match by password. That ensures
that someone else doesn't "borrow" an existing session without needing
to know the password.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
---
 fs/cifs/cifsglob.h |    2 +-
 fs/cifs/connect.c  |   27 +++++++++++++++++++++++----
 2 files changed, 24 insertions(+), 5 deletions(-)

diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h
index 1ececf4..eae6033 100644
--- a/fs/cifs/cifsglob.h
+++ b/fs/cifs/cifsglob.h
@@ -34,7 +34,7 @@
 #define MAX_SHARE_SIZE  64	/* used to be 20, this should still be enough */
 #define MAX_USERNAME_SIZE 32	/* 32 is to allow for 15 char names + null
 				   termination then *2 for unicode versions */
-#define MAX_PASSWORD_SIZE 16
+#define MAX_PASSWORD_SIZE 128
 
 #define CIFS_MIN_RCV_POOL 4
 
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
index c5cbe7d..137a0d1 100644
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -1732,7 +1732,7 @@ out_err:
 }
 
 static struct cifsSesInfo *
-cifs_find_smb_ses(struct TCP_Server_Info *server, char *username)
+cifs_find_smb_ses(struct TCP_Server_Info *server, struct smb_vol *vol)
 {
 	struct list_head *tmp;
 	struct cifsSesInfo *ses;
@@ -1740,9 +1740,28 @@ cifs_find_smb_ses(struct TCP_Server_Info *server, char *username)
 	write_lock(&cifs_tcp_ses_lock);
 	list_for_each(tmp, &server->smb_ses_list) {
 		ses = list_entry(tmp, struct cifsSesInfo, smb_ses_list);
-		if (strncmp(ses->userName, username, MAX_USERNAME_SIZE))
-			continue;
 
+		switch(vol->sectype) {
+		case Anonymous:
+			/* match any other anonymous session */
+			if (ses->secType != Anonymous)
+				continue;
+			break;
+		case Kerberos:
+			if (ses->secType != Kerberos)
+				continue;
+			if (vol->linux_uid != ses->linux_uid)
+				continue;
+			break;
+		default:
+			/* anything else takes username/password */
+			if (strncmp(ses->userName, vol->username,
+				    MAX_USERNAME_SIZE))
+				continue;
+			if (strncmp(ses->password, vol->password,
+				    MAX_PASSWORD_SIZE));
+				continue;
+		}
 		++ses->ses_count;
 		write_unlock(&cifs_tcp_ses_lock);
 		return ses;
@@ -1784,7 +1803,7 @@ cifs_get_smb_ses(struct TCP_Server_Info *server, struct smb_vol *volume_info)
 
 	xid = GetXid();
 
-	ses = cifs_find_smb_ses(server, volume_info->username);
+	ses = cifs_find_smb_ses(server, volume_info);
 	if (ses) {
 		cFYI(1, "Existing smb sess found (status=%d)", ses->status);