• Sachin Prabhu's avatar
    cifs: Create dedicated keyring for spnego operations · b74cb9a8
    Sachin Prabhu authored
    The session key is the default keyring set for request_key operations.
    This session key is revoked when the user owning the session logs out.
    Any long running daemon processes started by this session ends up with
    revoked session keyring which prevents these processes from using the
    request_key mechanism from obtaining the krb5 keys.
    
    The problem has been reported by a large number of autofs users. The
    problem is also seen with multiuser mounts where the share may be used
    by processes run by a user who has since logged out. A reproducer using
    automount is available on the Red Hat bz.
    
    The patch creates a new keyring which is used to cache cifs spnego
    upcalls.
    
    Red Hat bz: 1267754
    Signed-off-by: default avatarSachin Prabhu <sprabhu@redhat.com>
    Reported-by: default avatarScott Mayhew <smayhew@redhat.com>
    Reviewed-by: default avatarShirish Pargaonkar <shirishpargaonkar@gmail.com>
    CC: Stable <stable@vger.kernel.org>
    Signed-off-by: default avatarSteve French <smfrench@gmail.com>
    b74cb9a8
cifsfs.c 35.7 KB