[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-3606-gf760dd3

Tue, 12 Aug 2008 11:37:38 -0700 

The branch, v3-3-test has been updated
       via  f760dd3f3128c846cdeab16cc52bbb5189427955 (commit)
      from  257b0401ee675b6b7eddf2b46a0f8115940e6640 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test


- Log -----------------------------------------------------------------
commit f760dd3f3128c846cdeab16cc52bbb5189427955
Author: Jeff Layton <[EMAIL PROTECTED]>
Date:   Tue Aug 12 14:32:54 2008 -0400

    cifs.upcall: negatively instantiate keys on error
    
    When a request-key upcall exits without instantiating a key, the kernel
    will negatively instantiate the key with a 60s timeout. Older kernels,
    however seem to also link that key into the session keyring. This
    behavior can interefere with subsequent mount attempts until the
    key times out. The next request_key() call will get this negative key
    even if the upcall would have worked the second time.
    
    Fix this by having cifs.upcall negatively instantiate the key itself
    with a 1s timeout and don't attach it to the session keyring.
    
    Signed-off-by: Jeff Layton <[EMAIL PROTECTED]>

-----------------------------------------------------------------------

Summary of changes:
 source/client/cifs.upcall.c |   12 ++++++++++--
 1 files changed, 10 insertions(+), 2 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/client/cifs.upcall.c b/source/client/cifs.upcall.c
index 5a2a22a..aa5eb57 100644
--- a/source/client/cifs.upcall.c
+++ b/source/client/cifs.upcall.c
@@ -213,7 +213,7 @@ int main(const int argc, char *const argv[])
        DATA_BLOB secblob = data_blob_null;
        DATA_BLOB sess_key = data_blob_null;
        secType_t sectype;
-       key_serial_t key;
+       key_serial_t key = 0;
        size_t datalen;
        long rc = 1;
        uid_t uid;
@@ -250,6 +250,7 @@ int main(const int argc, char *const argv[])
        errno = 0;
        key = strtol(argv[optind], NULL, 10);
        if (errno != 0) {
+               key = 0;
                syslog(LOG_WARNING, "Invalid key format: %s", strerror(errno));
                goto out;
        }
@@ -361,7 +362,14 @@ int main(const int argc, char *const argv[])
        /* BB: maybe we need use timeout for key: for example no more then
         * ticket lifietime? */
        /* keyctl_set_timeout( key, 60); */
-      out:
+out:
+       /*
+        * on error, negatively instantiate the key ourselves so that we can
+        * make sure the kernel doesn't hang it off of a searchable keyring
+        * and interfere with the next attempt to instantiate the key.
+        */
+       if (rc != 0  && key == 0)
+               keyctl_negate(key, 1, KEY_REQKEY_DEFL_DEFAULT);
        data_blob_free(&secblob);
        data_blob_free(&sess_key);
        SAFE_FREE(hostname);


-- 
Samba Shared Repository

Reply via email to