aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSteve French <sfrench@us.ibm.com>2011-05-26 14:38:54 -0400
committerSteve French <sfrench@us.ibm.com>2011-05-26 14:38:54 -0400
commit6848b7334b24b47aa3d0e70342ff839ffa95d5fa (patch)
tree6e28dfc52d0625569293b02969416315af3046f6
parentfa2989f4473413a86890066aa3a5676a53b541e4 (diff)
[CIFS] When mandatory encryption on share, fail mount
When mandatory encryption is configured in samba server on a share (smb.conf parameter "smb encrypt = mandatory") the server will hang up the tcp session when we try to send the first frame after the tree connect if it is not a QueryFSUnixInfo, this causes cifs mount to hang (it must be killed with ctl-c). Move the QueryFSUnixInfo call earlier in the mount sequence, and check whether the SetFSUnixInfo fails due to mandatory encryption so we can return a sensible error (EACCES) on mount. In a future patch (for 2.6.40) we will support mandatory encryption. CC: Stable <stable@kernel.org> Reviewed-by: Pavel Shilovsky <piastry@etersoft.ru> Signed-off-by: Steve French <sfrench@us.ibm.com>
-rw-r--r--fs/cifs/connect.c31
1 files changed, 22 insertions, 9 deletions
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
index 2e7a79cd2b93..581654fb174d 100644
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -2530,7 +2530,7 @@ void reset_cifs_unix_caps(int xid, struct cifsTconInfo *tcon,
2530 2530
2531 if (!CIFSSMBQFSUnixInfo(xid, tcon)) { 2531 if (!CIFSSMBQFSUnixInfo(xid, tcon)) {
2532 __u64 cap = le64_to_cpu(tcon->fsUnixInfo.Capability); 2532 __u64 cap = le64_to_cpu(tcon->fsUnixInfo.Capability);
2533 2533 cFYI(1, "unix caps which server supports %lld", cap);
2534 /* check for reconnect case in which we do not 2534 /* check for reconnect case in which we do not
2535 want to change the mount behavior if we can avoid it */ 2535 want to change the mount behavior if we can avoid it */
2536 if (vol_info == NULL) { 2536 if (vol_info == NULL) {
@@ -2548,6 +2548,9 @@ void reset_cifs_unix_caps(int xid, struct cifsTconInfo *tcon,
2548 } 2548 }
2549 } 2549 }
2550 2550
2551 if (cap & CIFS_UNIX_TRANSPORT_ENCRYPTION_MANDATORY_CAP)
2552 cERROR(1, "per-share encryption not supported yet");
2553
2551 cap &= CIFS_UNIX_CAP_MASK; 2554 cap &= CIFS_UNIX_CAP_MASK;
2552 if (vol_info && vol_info->no_psx_acl) 2555 if (vol_info && vol_info->no_psx_acl)
2553 cap &= ~CIFS_UNIX_POSIX_ACL_CAP; 2556 cap &= ~CIFS_UNIX_POSIX_ACL_CAP;
@@ -2596,6 +2599,10 @@ void reset_cifs_unix_caps(int xid, struct cifsTconInfo *tcon,
2596 cFYI(1, "very large read cap"); 2599 cFYI(1, "very large read cap");
2597 if (cap & CIFS_UNIX_LARGE_WRITE_CAP) 2600 if (cap & CIFS_UNIX_LARGE_WRITE_CAP)
2598 cFYI(1, "very large write cap"); 2601 cFYI(1, "very large write cap");
2602 if (cap & CIFS_UNIX_TRANSPORT_ENCRYPTION_CAP)
2603 cFYI(1, "transport encryption cap");
2604 if (cap & CIFS_UNIX_TRANSPORT_ENCRYPTION_MANDATORY_CAP)
2605 cFYI(1, "mandatory transport encryption cap");
2599#endif /* CIFS_DEBUG2 */ 2606#endif /* CIFS_DEBUG2 */
2600 if (CIFSSMBSetFSUnixInfo(xid, tcon, cap)) { 2607 if (CIFSSMBSetFSUnixInfo(xid, tcon, cap)) {
2601 if (vol_info == NULL) { 2608 if (vol_info == NULL) {
@@ -3022,20 +3029,26 @@ try_mount_again:
3022 goto remote_path_check; 3029 goto remote_path_check;
3023 } 3030 }
3024 3031
3025 /* do not care if following two calls succeed - informational */
3026 if (!tcon->ipc) {
3027 CIFSSMBQFSDeviceInfo(xid, tcon);
3028 CIFSSMBQFSAttributeInfo(xid, tcon);
3029 }
3030
3031 /* tell server which Unix caps we support */ 3032 /* tell server which Unix caps we support */
3032 if (tcon->ses->capabilities & CAP_UNIX) 3033 if (tcon->ses->capabilities & CAP_UNIX) {
3033 /* reset of caps checks mount to see if unix extensions 3034 /* reset of caps checks mount to see if unix extensions
3034 disabled for just this mount */ 3035 disabled for just this mount */
3035 reset_cifs_unix_caps(xid, tcon, sb, volume_info); 3036 reset_cifs_unix_caps(xid, tcon, sb, volume_info);
3036 else 3037 if ((tcon->ses->server->tcpStatus == CifsNeedReconnect) &&
3038 (le64_to_cpu(tcon->fsUnixInfo.Capability) &
3039 CIFS_UNIX_TRANSPORT_ENCRYPTION_MANDATORY_CAP)) {
3040 rc = -EACCES;
3041 goto mount_fail_check;
3042 }
3043 } else
3037 tcon->unix_ext = 0; /* server does not support them */ 3044 tcon->unix_ext = 0; /* server does not support them */
3038 3045
3046 /* do not care if following two calls succeed - informational */
3047 if (!tcon->ipc) {
3048 CIFSSMBQFSDeviceInfo(xid, tcon);
3049 CIFSSMBQFSAttributeInfo(xid, tcon);
3050 }
3051
3039 /* convert forward to back slashes in prepath here if needed */ 3052 /* convert forward to back slashes in prepath here if needed */
3040 if ((cifs_sb->mnt_cifs_flags & CIFS_MOUNT_POSIX_PATHS) == 0) 3053 if ((cifs_sb->mnt_cifs_flags & CIFS_MOUNT_POSIX_PATHS) == 0)
3041 convert_delimiter(cifs_sb->prepath, CIFS_DIR_SEP(cifs_sb)); 3054 convert_delimiter(cifs_sb->prepath, CIFS_DIR_SEP(cifs_sb));