Commit 00e485b0 authored by Jeff Layton's avatar Jeff Layton Committed by Steve French

cifs: store password in tcon

cifs: store password in tcon

Each tcon has its own password for share-level security. Store it in
the tcon and wipe it clean and free it when freeing the tcon. When
doing the tree connect with share-level security, use the tcon password
instead of the session password.
Signed-off-by: default avatarJeff Layton <jlayton@redhat.com>
Signed-off-by: default avatarSteve French <sfrench@us.ibm.com>
parent 4e53a3fb
...@@ -242,6 +242,7 @@ struct cifsTconInfo { ...@@ -242,6 +242,7 @@ struct cifsTconInfo {
struct cifsSesInfo *ses; /* pointer to session associated with */ struct cifsSesInfo *ses; /* pointer to session associated with */
char treeName[MAX_TREE_SIZE + 1]; /* UNC name of resource in ASCII */ char treeName[MAX_TREE_SIZE + 1]; /* UNC name of resource in ASCII */
char *nativeFileSystem; char *nativeFileSystem;
char *password; /* for share-level security */
__u16 tid; /* The 2 byte tree id */ __u16 tid; /* The 2 byte tree id */
__u16 Flags; /* optional support bits */ __u16 Flags; /* optional support bits */
enum statusEnum tidStatus; enum statusEnum tidStatus;
......
...@@ -2282,9 +2282,12 @@ cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb, ...@@ -2282,9 +2282,12 @@ cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb,
/* volume_info->password freed at unmount */ /* volume_info->password freed at unmount */
if (volume_info->password) { if (volume_info->password) {
pSesInfo->password = volume_info->password; pSesInfo->password = kstrdup(volume_info->password,
/* set to NULL to prevent freeing on exit */ GFP_KERNEL);
volume_info->password = NULL; if (!pSesInfo->password) {
rc = -ENOMEM;
goto mount_fail_check;
}
} }
if (volume_info->username) if (volume_info->username)
strncpy(pSesInfo->userName, volume_info->username, strncpy(pSesInfo->userName, volume_info->username,
...@@ -2324,7 +2327,16 @@ cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb, ...@@ -2324,7 +2327,16 @@ cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb,
rc = -ENOMEM; rc = -ENOMEM;
goto mount_fail_check; goto mount_fail_check;
} }
tcon->ses = pSesInfo; tcon->ses = pSesInfo;
if (volume_info->password) {
tcon->password = kstrdup(volume_info->password,
GFP_KERNEL);
if (!tcon->password) {
rc = -ENOMEM;
goto mount_fail_check;
}
}
/* check for null share name ie connect to dfs root */ /* check for null share name ie connect to dfs root */
if ((strchr(volume_info->UNC + 3, '\\') == NULL) if ((strchr(volume_info->UNC + 3, '\\') == NULL)
...@@ -3532,15 +3544,14 @@ CIFSTCon(unsigned int xid, struct cifsSesInfo *ses, ...@@ -3532,15 +3544,14 @@ CIFSTCon(unsigned int xid, struct cifsSesInfo *ses,
NTLMv2 password here) */ NTLMv2 password here) */
#ifdef CONFIG_CIFS_WEAK_PW_HASH #ifdef CONFIG_CIFS_WEAK_PW_HASH
if ((extended_security & CIFSSEC_MAY_LANMAN) && if ((extended_security & CIFSSEC_MAY_LANMAN) &&
(ses->server->secType == LANMAN)) (ses->server->secType == LANMAN))
calc_lanman_hash(ses->password, ses->server->cryptKey, calc_lanman_hash(tcon->password, ses->server->cryptKey,
ses->server->secMode & ses->server->secMode &
SECMODE_PW_ENCRYPT ? true : false, SECMODE_PW_ENCRYPT ? true : false,
bcc_ptr); bcc_ptr);
else else
#endif /* CIFS_WEAK_PW_HASH */ #endif /* CIFS_WEAK_PW_HASH */
SMBNTencrypt(ses->password, SMBNTencrypt(tcon->password, ses->server->cryptKey,
ses->server->cryptKey,
bcc_ptr); bcc_ptr);
bcc_ptr += CIFS_SESS_KEY_SIZE; bcc_ptr += CIFS_SESS_KEY_SIZE;
......
...@@ -132,6 +132,10 @@ tconInfoFree(struct cifsTconInfo *buf_to_free) ...@@ -132,6 +132,10 @@ tconInfoFree(struct cifsTconInfo *buf_to_free)
} }
atomic_dec(&tconInfoAllocCount); atomic_dec(&tconInfoAllocCount);
kfree(buf_to_free->nativeFileSystem); kfree(buf_to_free->nativeFileSystem);
if (buf_to_free->password) {
memset(buf_to_free->password, 0, strlen(buf_to_free->password));
kfree(buf_to_free->password);
}
kfree(buf_to_free); kfree(buf_to_free);
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment