diff options
| author | Jeff Layton <jlayton@redhat.com> | 2013-05-26 07:00:58 -0400 |
|---|---|---|
| committer | Steve French <smfrench@gmail.com> | 2013-06-24 02:56:41 -0400 |
| commit | 9ddec561313b9c73d6f58a1910d37ea9d965d101 (patch) | |
| tree | 1519e804b17f195e53ee191a8b6496c01c8668bf /fs/cifs/smb2pdu.c | |
| parent | 2190eca1d07956cf81a9ed974ecd98a427e54817 (diff) | |
cifs: move handling of signed connections into separate function
Move the sanity checks for signed connections into a separate function.
SMB2's was a cut-and-paste job from CIFS code, so we can make them use
the same function.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Reviewed-by: Pavel Shilovsky <piastry@etersoft.ru>
Signed-off-by: Steve French <smfrench@gmail.com>
Diffstat (limited to 'fs/cifs/smb2pdu.c')
| -rw-r--r-- | fs/cifs/smb2pdu.c | 33 |
1 files changed, 4 insertions, 29 deletions
diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c index 3af66aa18d3b..ebb97b484ab1 100644 --- a/fs/cifs/smb2pdu.c +++ b/fs/cifs/smb2pdu.c | |||
| @@ -423,36 +423,11 @@ SMB2_negotiate(const unsigned int xid, struct cifs_ses *ses) | |||
| 423 | } | 423 | } |
| 424 | 424 | ||
| 425 | cifs_dbg(FYI, "sec_flags 0x%x\n", sec_flags); | 425 | cifs_dbg(FYI, "sec_flags 0x%x\n", sec_flags); |
| 426 | if ((sec_flags & CIFSSEC_MUST_SIGN) == CIFSSEC_MUST_SIGN) { | 426 | rc = cifs_enable_signing(server, sec_flags); |
| 427 | cifs_dbg(FYI, "Signing required\n"); | ||
| 428 | if (!(server->sec_mode & (SMB2_NEGOTIATE_SIGNING_REQUIRED | | ||
| 429 | SMB2_NEGOTIATE_SIGNING_ENABLED))) { | ||
| 430 | cifs_dbg(VFS, "signing required but server lacks support\n"); | ||
| 431 | rc = -EOPNOTSUPP; | ||
| 432 | goto neg_exit; | ||
| 433 | } | ||
| 434 | server->sec_mode |= SECMODE_SIGN_REQUIRED; | ||
| 435 | } else if (sec_flags & CIFSSEC_MAY_SIGN) { | ||
| 436 | cifs_dbg(FYI, "Signing optional\n"); | ||
| 437 | if (server->sec_mode & SMB2_NEGOTIATE_SIGNING_REQUIRED) { | ||
| 438 | cifs_dbg(FYI, "Server requires signing\n"); | ||
| 439 | server->sec_mode |= SECMODE_SIGN_REQUIRED; | ||
| 440 | } else { | ||
| 441 | server->sec_mode &= | ||
| 442 | ~(SECMODE_SIGN_ENABLED | SECMODE_SIGN_REQUIRED); | ||
| 443 | } | ||
| 444 | } else { | ||
| 445 | cifs_dbg(FYI, "Signing disabled\n"); | ||
| 446 | if (server->sec_mode & SMB2_NEGOTIATE_SIGNING_REQUIRED) { | ||
| 447 | cifs_dbg(VFS, "Server requires packet signing to be enabled in /proc/fs/cifs/SecurityFlags\n"); | ||
| 448 | rc = -EOPNOTSUPP; | ||
| 449 | goto neg_exit; | ||
| 450 | } | ||
| 451 | server->sec_mode &= | ||
| 452 | ~(SECMODE_SIGN_ENABLED | SECMODE_SIGN_REQUIRED); | ||
| 453 | } | ||
| 454 | |||
| 455 | #ifdef CONFIG_SMB2_ASN1 /* BB REMOVEME when updated asn1.c ready */ | 427 | #ifdef CONFIG_SMB2_ASN1 /* BB REMOVEME when updated asn1.c ready */ |
| 428 | if (rc) | ||
| 429 | goto neg_exit; | ||
| 430 | |||
| 456 | rc = decode_neg_token_init(security_blob, blob_length, | 431 | rc = decode_neg_token_init(security_blob, blob_length, |
| 457 | &server->sec_type); | 432 | &server->sec_type); |
| 458 | if (rc == 1) | 433 | if (rc == 1) |