From patchwork Wed Apr 21 15:09:05 2010 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alex Zeffertt X-Patchwork-Id: 50660 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.samba.org (fn.samba.org [216.83.154.106]) by ozlabs.org (Postfix) with ESMTP id 5B828B7CF7 for ; Thu, 22 Apr 2010 01:18:45 +1000 (EST) Received: from fn.samba.org (localhost [127.0.0.1]) by lists.samba.org (Postfix) with ESMTP id EE775ACFD0; Wed, 21 Apr 2010 09:18:44 -0600 (MDT) X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on fn.samba.org X-Spam-Level: X-Spam-Status: No, score=-8.1 required=3.8 tests=BAYES_00, RCVD_IN_DNSWL_MED, SPF_HELO_PASS,SPF_PASS autolearn=ham version=3.2.5 X-Original-To: linux-cifs-client@lists.samba.org Delivered-To: linux-cifs-client@lists.samba.org X-Greylist: delayed 570 seconds by postgrey-1.32 at fn.samba.org; Wed, 21 Apr 2010 09:18:38 MDT Received: from SMTP.CITRIX.COM (smtp.citrix.com [66.165.176.89]) by lists.samba.org (Postfix) with ESMTP id EDA46AC374 for ; Wed, 21 Apr 2010 09:18:38 -0600 (MDT) X-IronPort-AV: E=Sophos;i="4.52,250,1270440000"; d="scan'208";a="8014273" Received: from ftlpmailmx02.citrite.net ([10.9.154.224]) by FTLPIPO01.CITRIX.COM with ESMTP/TLS/RC4-MD5; 21 Apr 2010 11:09:07 -0400 Received: from LONPMAILMX01.citrite.net (10.30.224.162) by FTLPMAILMX02.citrite.net (10.9.154.224) with Microsoft SMTP Server (TLS) id 8.1.393.1; Wed, 21 Apr 2010 11:09:07 -0400 Received: from [10.80.2.38] (10.80.2.38) by smtprelay.citrix.com (10.30.224.162) with Microsoft SMTP Server id 8.1.393.1; Wed, 21 Apr 2010 16:09:05 +0100 Message-ID: <4BCF1511.7060504@eu.citrix.com> Date: Wed, 21 Apr 2010 16:09:05 +0100 From: Alex Zeffertt User-Agent: Thunderbird 2.0.0.23 (X11/20090817) MIME-Version: 1.0 To: linux-cifs-client@lists.samba.org Subject: [linux-cifs-client] [PATCH] Test the password field as well as the username field when looking for a session to reuse. X-BeenThere: linux-cifs-client@lists.samba.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: The Linux CIFS VFS client List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-cifs-client-bounces@lists.samba.org Errors-To: linux-cifs-client-bounces@lists.samba.org Hi all, I have found a problem with the reusing of existing sessions. The kernel only tests the username but not the password when deciding whether to reuse an existing session. As a result it is possible for mount.cifs to succeed even if the password is incorrect, provided that there is an existing session between the client and server for that user. Please could you consider the attached patch which addresses this issue. Regards, Alex Zeffertt Test the password field as well as the username field when looking for a session to reuse. If this is not done then it will be possible to mount a CIFS share using an incorrect password, provided there is an existing session to the same server with the same user. Signed-off-by: Alex Zeffertt --- ./fs/cifs/connect.c.orig 2010-04-21 15:24:07.000000000 +0100 +++ ./fs/cifs/connect.c 2010-04-21 15:28:19.000000000 +0100 @@ -1587,7 +1587,7 @@ } static struct cifsSesInfo * -cifs_find_smb_ses(struct TCP_Server_Info *server, char *username) +cifs_find_smb_ses(struct TCP_Server_Info *server, char *username, char *password) { struct list_head *tmp; struct cifsSesInfo *ses; @@ -1597,6 +1597,17 @@ ses = list_entry(tmp, struct cifsSesInfo, smb_ses_list); if (strncmp(ses->userName, username, MAX_USERNAME_SIZE)) continue; + if (password) { + if (!ses->password) + continue; + if (strcmp(ses->password, password)) + continue; + } else { + if (ses->password) + continue; + } + + ++ses->ses_count; write_unlock(&cifs_tcp_ses_lock); @@ -2356,7 +2367,7 @@ goto out; } - pSesInfo = cifs_find_smb_ses(srvTcp, volume_info->username); + pSesInfo = cifs_find_smb_ses(srvTcp, volume_info->username, volume_info->password); if (pSesInfo) { cFYI(1, ("Existing smb sess found (status=%d)", pSesInfo->status));