cifs: Create dedicated keyring for spnego operations
The session key is the default keyring set for request_key operations. This session key is revoked when the user owning the session logs out. Any long running daemon processes started by this session ends up with revoked session keyring which prevents these processes from using the request_key mechanism from obtaining the krb5 keys. The problem has been reported by a large number of autofs users. The problem is also seen with multiuser mounts where the share may be used by processes run by a user who has since logged out. A reproducer using automount is available on the Red Hat bz. The patch creates a new keyring which is used to cache cifs spnego upcalls. Red Hat bz: 1267754 Signed-off-by: Sachin Prabhu <sprabhu@redhat.com> Reported-by: Scott Mayhew <smayhew@redhat.com> Reviewed-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com> CC: Stable <stable@vger.kernel.org> Signed-off-by: Steve French <smfrench@gmail.com>
This commit is contained in:
Sachin Prabhu
committed by
Steve French
Steve French
parent
03b979dd03
commit
b74cb9a802
@@ -1303,7 +1303,7 @@ init_cifs(void)
|
||||
goto out_destroy_mids;
|
||||
|
||||
#ifdef CONFIG_CIFS_UPCALL
|
||||
rc = register_key_type(&cifs_spnego_key_type);
|
||||
rc = init_cifs_spnego();
|
||||
if (rc)
|
||||
goto out_destroy_request_bufs;
|
||||
#endif /* CONFIG_CIFS_UPCALL */
|
||||
@@ -1326,7 +1326,7 @@ out_init_cifs_idmap:
|
||||
out_register_key_type:
|
||||
#endif
|
||||
#ifdef CONFIG_CIFS_UPCALL
|
||||
unregister_key_type(&cifs_spnego_key_type);
|
||||
exit_cifs_spnego();
|
||||
out_destroy_request_bufs:
|
||||
#endif
|
||||
cifs_destroy_request_bufs();
|
||||
|
||||
Reference in New Issue
Block a user