summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/client/cifs.upcall.c12
1 files changed, 10 insertions, 2 deletions
diff --git a/source3/client/cifs.upcall.c b/source3/client/cifs.upcall.c
index 5a2a22a73c..aa5eb57310 100644
--- a/source3/client/cifs.upcall.c
+++ b/source3/client/cifs.upcall.c
@@ -213,7 +213,7 @@ int main(const int argc, char *const argv[])
DATA_BLOB secblob = data_blob_null;
DATA_BLOB sess_key = data_blob_null;
secType_t sectype;
- key_serial_t key;
+ key_serial_t key = 0;
size_t datalen;
long rc = 1;
uid_t uid;
@@ -250,6 +250,7 @@ int main(const int argc, char *const argv[])
errno = 0;
key = strtol(argv[optind], NULL, 10);
if (errno != 0) {
+ key = 0;
syslog(LOG_WARNING, "Invalid key format: %s", strerror(errno));
goto out;
}
@@ -361,7 +362,14 @@ int main(const int argc, char *const argv[])
/* BB: maybe we need use timeout for key: for example no more then
* ticket lifietime? */
/* keyctl_set_timeout( key, 60); */
- out:
+out:
+ /*
+ * on error, negatively instantiate the key ourselves so that we can
+ * make sure the kernel doesn't hang it off of a searchable keyring
+ * and interfere with the next attempt to instantiate the key.
+ */
+ if (rc != 0 && key == 0)
+ keyctl_negate(key, 1, KEY_REQKEY_DEFL_DEFAULT);
data_blob_free(&secblob);
data_blob_free(&sess_key);
SAFE_FREE(hostname);