aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSteve French <sfrench@us.ibm.com>2007-06-28 14:41:42 -0400
committerSteve French <sfrench@us.ibm.com>2007-06-28 14:41:42 -0400
commit762e5ab77c803c819e45d054518a98efb70b0f60 (patch)
tree09139edbbad69e50d13a26cb54d73adc5184bdc7
parent467a8f8d480190a98cec3e4362c51c2a27157115 (diff)
[CIFS] Fix sign mount option and sign proc config setting
We were checking the wrong (old) global variable to determine whether to override server and force signing on the SMB connection. Acked-by: Dave Kleikamp <shaggy@austin.ibm.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
-rw-r--r--fs/cifs/cifs_debug.c92
-rw-r--r--fs/cifs/cifssmb.c32
2 files changed, 29 insertions, 95 deletions
diff --git a/fs/cifs/cifs_debug.c b/fs/cifs/cifs_debug.c
index ebd13358cca6..42fafa144f40 100644
--- a/fs/cifs/cifs_debug.c
+++ b/fs/cifs/cifs_debug.c
@@ -901,90 +901,14 @@ security_flags_write(struct file *file, const char __user *buffer,
901 } 901 }
902 /* flags look ok - update the global security flags for cifs module */ 902 /* flags look ok - update the global security flags for cifs module */
903 extended_security = flags; 903 extended_security = flags;
904 if (extended_security & CIFSSEC_MUST_SIGN) {
905 /* requiring signing implies signing is allowed */
906 extended_security |= CIFSSEC_MAY_SIGN;
907 cFYI(1, ("packet signing now required"));
908 } else if ((extended_security & CIFSSEC_MAY_SIGN) == 0) {
909 cFYI(1, ("packet signing disabled"));
910 }
911 /* BB should we turn on MAY flags for other MUST options? */
904 return count; 912 return count;
905} 913}
906
907/* static int
908ntlmv2_enabled_read(char *page, char **start, off_t off,
909 int count, int *eof, void *data)
910{
911 int len;
912
913 len = sprintf(page, "%d\n", ntlmv2_support);
914
915 len -= off;
916 *start = page + off;
917
918 if (len > count)
919 len = count;
920 else
921 *eof = 1;
922
923 if (len < 0)
924 len = 0;
925
926 return len;
927}
928static int
929ntlmv2_enabled_write(struct file *file, const char __user *buffer,
930 unsigned long count, void *data)
931{
932 char c;
933 int rc;
934
935 rc = get_user(c, buffer);
936 if (rc)
937 return rc;
938 if (c == '0' || c == 'n' || c == 'N')
939 ntlmv2_support = 0;
940 else if (c == '1' || c == 'y' || c == 'Y')
941 ntlmv2_support = 1;
942 else if (c == '2')
943 ntlmv2_support = 2;
944
945 return count;
946}
947
948static int
949packet_signing_enabled_read(char *page, char **start, off_t off,
950 int count, int *eof, void *data)
951{
952 int len;
953
954 len = sprintf(page, "%d\n", sign_CIFS_PDUs);
955
956 len -= off;
957 *start = page + off;
958
959 if (len > count)
960 len = count;
961 else
962 *eof = 1;
963
964 if (len < 0)
965 len = 0;
966
967 return len;
968}
969static int
970packet_signing_enabled_write(struct file *file, const char __user *buffer,
971 unsigned long count, void *data)
972{
973 char c;
974 int rc;
975
976 rc = get_user(c, buffer);
977 if (rc)
978 return rc;
979 if (c == '0' || c == 'n' || c == 'N')
980 sign_CIFS_PDUs = 0;
981 else if (c == '1' || c == 'y' || c == 'Y')
982 sign_CIFS_PDUs = 1;
983 else if (c == '2')
984 sign_CIFS_PDUs = 2;
985
986 return count;
987} */
988
989
990#endif 914#endif
diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c
index 57419a176688..4a2458e78784 100644
--- a/fs/cifs/cifssmb.c
+++ b/fs/cifs/cifssmb.c
@@ -426,11 +426,11 @@ CIFSSMBNegotiate(unsigned int xid, struct cifsSesInfo *ses)
426 426
427 /* if any of auth flags (ie not sign or seal) are overriden use them */ 427 /* if any of auth flags (ie not sign or seal) are overriden use them */
428 if(ses->overrideSecFlg & (~(CIFSSEC_MUST_SIGN | CIFSSEC_MUST_SEAL))) 428 if(ses->overrideSecFlg & (~(CIFSSEC_MUST_SIGN | CIFSSEC_MUST_SEAL)))
429 secFlags = ses->overrideSecFlg; 429 secFlags = ses->overrideSecFlg; /* BB FIXME fix sign flags? */
430 else /* if override flags set only sign/seal OR them with global auth */ 430 else /* if override flags set only sign/seal OR them with global auth */
431 secFlags = extended_security | ses->overrideSecFlg; 431 secFlags = extended_security | ses->overrideSecFlg;
432 432
433 cFYI(1,("secFlags 0x%x",secFlags)); 433 cFYI(1, ("secFlags 0x%x", secFlags));
434 434
435 pSMB->hdr.Mid = GetNextMid(server); 435 pSMB->hdr.Mid = GetNextMid(server);
436 pSMB->hdr.Flags2 |= (SMBFLG2_UNICODE | SMBFLG2_ERR_STATUS); 436 pSMB->hdr.Flags2 |= (SMBFLG2_UNICODE | SMBFLG2_ERR_STATUS);
@@ -633,22 +633,32 @@ CIFSSMBNegotiate(unsigned int xid, struct cifsSesInfo *ses)
633#ifdef CONFIG_CIFS_WEAK_PW_HASH 633#ifdef CONFIG_CIFS_WEAK_PW_HASH
634signing_check: 634signing_check:
635#endif 635#endif
636 if(sign_CIFS_PDUs == FALSE) { 636 if ((secFlags & CIFSSEC_MAY_SIGN) == 0) {
637 /* MUST_SIGN already includes the MAY_SIGN FLAG
638 so if this is zero it means that signing is disabled */
639 cFYI(1, ("Signing disabled"));
637 if(server->secMode & SECMODE_SIGN_REQUIRED) 640 if(server->secMode & SECMODE_SIGN_REQUIRED)
638 cERROR(1,("Server requires " 641 cERROR(1, ("Server requires "
639 "/proc/fs/cifs/PacketSigningEnabled to be on")); 642 "/proc/fs/cifs/PacketSigningEnabled "
643 "to be on"));
640 server->secMode &= 644 server->secMode &=
641 ~(SECMODE_SIGN_ENABLED | SECMODE_SIGN_REQUIRED); 645 ~(SECMODE_SIGN_ENABLED | SECMODE_SIGN_REQUIRED);
642 } else if(sign_CIFS_PDUs == 1) { 646 } else if ((secFlags & CIFSSEC_MUST_SIGN) == CIFSSEC_MUST_SIGN) {
647 /* signing required */
648 cFYI(1, ("Must sign - segFlags 0x%x", secFlags));
649 if ((server->secMode &
650 (SECMODE_SIGN_ENABLED | SECMODE_SIGN_REQUIRED)) == 0) {
651 cERROR(1,
652 ("signing required but server lacks support"));
653 } else
654 server->secMode |= SECMODE_SIGN_REQUIRED;
655 } else {
656 /* signing optional ie CIFSSEC_MAY_SIGN */
643 if((server->secMode & SECMODE_SIGN_REQUIRED) == 0) 657 if((server->secMode & SECMODE_SIGN_REQUIRED) == 0)
644 server->secMode &= 658 server->secMode &=
645 ~(SECMODE_SIGN_ENABLED | SECMODE_SIGN_REQUIRED); 659 ~(SECMODE_SIGN_ENABLED | SECMODE_SIGN_REQUIRED);
646 } else if(sign_CIFS_PDUs == 2) {
647 if((server->secMode &
648 (SECMODE_SIGN_ENABLED | SECMODE_SIGN_REQUIRED)) == 0) {
649 cERROR(1,("signing required but server lacks support"));
650 }
651 } 660 }
661
652neg_err_exit: 662neg_err_exit:
653 cifs_buf_release(pSMB); 663 cifs_buf_release(pSMB);
654 664