| Message ID | 20250311182359.3012730-1-henrique.carvalho@suse.com (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | [v2] smb: client: Fix match_session bug preventing session reuse | expand |
updated cifs-2.6.git for-next with this newer version of the patch On Tue, Mar 11, 2025 at 1:25 PM Henrique Carvalho <henrique.carvalho@suse.com> wrote: > > Fix a bug in match_session() that can causes the session to not be > reused in some cases. > > Reproduction steps: > > mount.cifs //server/share /mnt/a -o credentials=creds > mount.cifs //server/share /mnt/b -o credentials=creds,sec=ntlmssp > cat /proc/fs/cifs/DebugData | grep SessionId | wc -l > > mount.cifs //server/share /mnt/b -o credentials=creds,sec=ntlmssp > mount.cifs //server/share /mnt/a -o credentials=creds > cat /proc/fs/cifs/DebugData | grep SessionId | wc -l > > Reviewed-by: Enzo Matsumiya <ematsumiya@suse.de> > Signed-off-by: Henrique Carvalho <henrique.carvalho@suse.com> > --- > V1 -> V2: fix git message, fix krb5 case pointed by Enzo, add IAKerb to > switch > > fs/smb/client/connect.c | 16 ++++++++++++---- > 1 file changed, 12 insertions(+), 4 deletions(-) > > diff --git a/fs/smb/client/connect.c b/fs/smb/client/connect.c > index f917de020dd5..73f93a35eedd 100644 > --- a/fs/smb/client/connect.c > +++ b/fs/smb/client/connect.c > @@ -1825,9 +1825,8 @@ static int match_session(struct cifs_ses *ses, > struct smb3_fs_context *ctx, > bool match_super) > { > - if (ctx->sectype != Unspecified && > - ctx->sectype != ses->sectype) > - return 0; > + struct TCP_Server_Info *server = ses->server; > + enum securityEnum ctx_sec, ses_sec; > > if (!match_super && ctx->dfs_root_ses != ses->dfs_root_ses) > return 0; > @@ -1839,11 +1838,20 @@ static int match_session(struct cifs_ses *ses, > if (ses->chan_max < ctx->max_channels) > return 0; > > - switch (ses->sectype) { > + ctx_sec = server->ops->select_sectype(server, ctx->sectype); > + ses_sec = server->ops->select_sectype(server, ses->sectype); > + > + if (ctx_sec != ses_sec) > + return 0; > + > + switch (ctx_sec) { > + case IAKerb: > case Kerberos: > if (!uid_eq(ctx->cred_uid, ses->cred_uid)) > return 0; > break; > + case NTLMv2: > + case RawNTLMSSP: > default: > /* NULL username means anonymous session */ > if (ses->user_name == NULL) { > -- > 2.47.0 > >
diff --git a/fs/smb/client/connect.c b/fs/smb/client/connect.c index f917de020dd5..73f93a35eedd 100644 --- a/fs/smb/client/connect.c +++ b/fs/smb/client/connect.c @@ -1825,9 +1825,8 @@ static int match_session(struct cifs_ses *ses, struct smb3_fs_context *ctx, bool match_super) { - if (ctx->sectype != Unspecified && - ctx->sectype != ses->sectype) - return 0; + struct TCP_Server_Info *server = ses->server; + enum securityEnum ctx_sec, ses_sec; if (!match_super && ctx->dfs_root_ses != ses->dfs_root_ses) return 0; @@ -1839,11 +1838,20 @@ static int match_session(struct cifs_ses *ses, if (ses->chan_max < ctx->max_channels) return 0; - switch (ses->sectype) { + ctx_sec = server->ops->select_sectype(server, ctx->sectype); + ses_sec = server->ops->select_sectype(server, ses->sectype); + + if (ctx_sec != ses_sec) + return 0; + + switch (ctx_sec) { + case IAKerb: case Kerberos: if (!uid_eq(ctx->cred_uid, ses->cred_uid)) return 0; break; + case NTLMv2: + case RawNTLMSSP: default: /* NULL username means anonymous session */ if (ses->user_name == NULL) {