diff options
author | Steve French <sfrench@us.ibm.com> | 2011-05-26 14:38:54 -0400 |
---|---|---|
committer | Steve French <sfrench@us.ibm.com> | 2011-05-26 14:38:54 -0400 |
commit | 6848b7334b24b47aa3d0e70342ff839ffa95d5fa (patch) | |
tree | 6e28dfc52d0625569293b02969416315af3046f6 | |
parent | fa2989f4473413a86890066aa3a5676a53b541e4 (diff) |
[CIFS] When mandatory encryption on share, fail mount
When mandatory encryption is configured in samba server on a
share (smb.conf parameter "smb encrypt = mandatory") the
server will hang up the tcp session when we try to send
the first frame after the tree connect if it is not a
QueryFSUnixInfo, this causes cifs mount to hang (it must
be killed with ctl-c). Move the QueryFSUnixInfo call
earlier in the mount sequence, and check whether the SetFSUnixInfo
fails due to mandatory encryption so we can return a sensible
error (EACCES) on mount.
In a future patch (for 2.6.40) we will support mandatory
encryption.
CC: Stable <stable@kernel.org>
Reviewed-by: Pavel Shilovsky <piastry@etersoft.ru>
Signed-off-by: Steve French <sfrench@us.ibm.com>
-rw-r--r-- | fs/cifs/connect.c | 31 |
1 files changed, 22 insertions, 9 deletions
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c index 2e7a79cd2b93..581654fb174d 100644 --- a/fs/cifs/connect.c +++ b/fs/cifs/connect.c | |||
@@ -2530,7 +2530,7 @@ void reset_cifs_unix_caps(int xid, struct cifsTconInfo *tcon, | |||
2530 | 2530 | ||
2531 | if (!CIFSSMBQFSUnixInfo(xid, tcon)) { | 2531 | if (!CIFSSMBQFSUnixInfo(xid, tcon)) { |
2532 | __u64 cap = le64_to_cpu(tcon->fsUnixInfo.Capability); | 2532 | __u64 cap = le64_to_cpu(tcon->fsUnixInfo.Capability); |
2533 | 2533 | cFYI(1, "unix caps which server supports %lld", cap); | |
2534 | /* check for reconnect case in which we do not | 2534 | /* check for reconnect case in which we do not |
2535 | want to change the mount behavior if we can avoid it */ | 2535 | want to change the mount behavior if we can avoid it */ |
2536 | if (vol_info == NULL) { | 2536 | if (vol_info == NULL) { |
@@ -2548,6 +2548,9 @@ void reset_cifs_unix_caps(int xid, struct cifsTconInfo *tcon, | |||
2548 | } | 2548 | } |
2549 | } | 2549 | } |
2550 | 2550 | ||
2551 | if (cap & CIFS_UNIX_TRANSPORT_ENCRYPTION_MANDATORY_CAP) | ||
2552 | cERROR(1, "per-share encryption not supported yet"); | ||
2553 | |||
2551 | cap &= CIFS_UNIX_CAP_MASK; | 2554 | cap &= CIFS_UNIX_CAP_MASK; |
2552 | if (vol_info && vol_info->no_psx_acl) | 2555 | if (vol_info && vol_info->no_psx_acl) |
2553 | cap &= ~CIFS_UNIX_POSIX_ACL_CAP; | 2556 | cap &= ~CIFS_UNIX_POSIX_ACL_CAP; |
@@ -2596,6 +2599,10 @@ void reset_cifs_unix_caps(int xid, struct cifsTconInfo *tcon, | |||
2596 | cFYI(1, "very large read cap"); | 2599 | cFYI(1, "very large read cap"); |
2597 | if (cap & CIFS_UNIX_LARGE_WRITE_CAP) | 2600 | if (cap & CIFS_UNIX_LARGE_WRITE_CAP) |
2598 | cFYI(1, "very large write cap"); | 2601 | cFYI(1, "very large write cap"); |
2602 | if (cap & CIFS_UNIX_TRANSPORT_ENCRYPTION_CAP) | ||
2603 | cFYI(1, "transport encryption cap"); | ||
2604 | if (cap & CIFS_UNIX_TRANSPORT_ENCRYPTION_MANDATORY_CAP) | ||
2605 | cFYI(1, "mandatory transport encryption cap"); | ||
2599 | #endif /* CIFS_DEBUG2 */ | 2606 | #endif /* CIFS_DEBUG2 */ |
2600 | if (CIFSSMBSetFSUnixInfo(xid, tcon, cap)) { | 2607 | if (CIFSSMBSetFSUnixInfo(xid, tcon, cap)) { |
2601 | if (vol_info == NULL) { | 2608 | if (vol_info == NULL) { |
@@ -3022,20 +3029,26 @@ try_mount_again: | |||
3022 | goto remote_path_check; | 3029 | goto remote_path_check; |
3023 | } | 3030 | } |
3024 | 3031 | ||
3025 | /* do not care if following two calls succeed - informational */ | ||
3026 | if (!tcon->ipc) { | ||
3027 | CIFSSMBQFSDeviceInfo(xid, tcon); | ||
3028 | CIFSSMBQFSAttributeInfo(xid, tcon); | ||
3029 | } | ||
3030 | |||
3031 | /* tell server which Unix caps we support */ | 3032 | /* tell server which Unix caps we support */ |
3032 | if (tcon->ses->capabilities & CAP_UNIX) | 3033 | if (tcon->ses->capabilities & CAP_UNIX) { |
3033 | /* reset of caps checks mount to see if unix extensions | 3034 | /* reset of caps checks mount to see if unix extensions |
3034 | disabled for just this mount */ | 3035 | disabled for just this mount */ |
3035 | reset_cifs_unix_caps(xid, tcon, sb, volume_info); | 3036 | reset_cifs_unix_caps(xid, tcon, sb, volume_info); |
3036 | else | 3037 | if ((tcon->ses->server->tcpStatus == CifsNeedReconnect) && |
3038 | (le64_to_cpu(tcon->fsUnixInfo.Capability) & | ||
3039 | CIFS_UNIX_TRANSPORT_ENCRYPTION_MANDATORY_CAP)) { | ||
3040 | rc = -EACCES; | ||
3041 | goto mount_fail_check; | ||
3042 | } | ||
3043 | } else | ||
3037 | tcon->unix_ext = 0; /* server does not support them */ | 3044 | tcon->unix_ext = 0; /* server does not support them */ |
3038 | 3045 | ||
3046 | /* do not care if following two calls succeed - informational */ | ||
3047 | if (!tcon->ipc) { | ||
3048 | CIFSSMBQFSDeviceInfo(xid, tcon); | ||
3049 | CIFSSMBQFSAttributeInfo(xid, tcon); | ||
3050 | } | ||
3051 | |||
3039 | /* convert forward to back slashes in prepath here if needed */ | 3052 | /* convert forward to back slashes in prepath here if needed */ |
3040 | if ((cifs_sb->mnt_cifs_flags & CIFS_MOUNT_POSIX_PATHS) == 0) | 3053 | if ((cifs_sb->mnt_cifs_flags & CIFS_MOUNT_POSIX_PATHS) == 0) |
3041 | convert_delimiter(cifs_sb->prepath, CIFS_DIR_SEP(cifs_sb)); | 3054 | convert_delimiter(cifs_sb->prepath, CIFS_DIR_SEP(cifs_sb)); |