aboutsummaryrefslogtreecommitdiffstats
path: root/fs/cifs/connect.c
diff options
context:
space:
mode:
authorJeff Layton <jlayton@redhat.com>2010-07-06 20:43:02 -0400
committerSteve French <sfrench@us.ibm.com>2010-08-02 08:40:35 -0400
commitdaf5b0b6f3f6d7b15c2600426cc6c60a0e155218 (patch)
tree9c6210671c489d493f02dd7ca1eb6799c21fd195 /fs/cifs/connect.c
parent4515148ef72bfda4ce3c8754149711d9972867ce (diff)
cifs: match secType when searching for existing tcp session
The secType is a per-tcp session entity, but the current routine doesn't verify that it is acceptible when attempting to match an existing TCP session. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
Diffstat (limited to 'fs/cifs/connect.c')
-rw-r--r--fs/cifs/connect.c55
1 files changed, 53 insertions, 2 deletions
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
index 65e760b9428f..b24e4cea4e3c 100644
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -1412,8 +1412,56 @@ match_address(struct TCP_Server_Info *server, struct sockaddr *addr)
1412 return true; 1412 return true;
1413} 1413}
1414 1414
1415static bool
1416match_security(struct TCP_Server_Info *server, struct smb_vol *vol)
1417{
1418 unsigned int secFlags;
1419
1420 if (vol->secFlg & (~(CIFSSEC_MUST_SIGN | CIFSSEC_MUST_SEAL)))
1421 secFlags = vol->secFlg;
1422 else
1423 secFlags = global_secflags | vol->secFlg;
1424
1425 switch (server->secType) {
1426 case LANMAN:
1427 if (!(secFlags & (CIFSSEC_MAY_LANMAN|CIFSSEC_MAY_PLNTXT)))
1428 return false;
1429 break;
1430 case NTLMv2:
1431 if (!(secFlags & CIFSSEC_MAY_NTLMV2))
1432 return false;
1433 break;
1434 case NTLM:
1435 if (!(secFlags & CIFSSEC_MAY_NTLM))
1436 return false;
1437 break;
1438 case Kerberos:
1439 if (!(secFlags & CIFSSEC_MAY_KRB5))
1440 return false;
1441 break;
1442 case RawNTLMSSP:
1443 if (!(secFlags & CIFSSEC_MAY_NTLMSSP))
1444 return false;
1445 break;
1446 default:
1447 /* shouldn't happen */
1448 return false;
1449 }
1450
1451 /* now check if signing mode is acceptible */
1452 if ((secFlags & CIFSSEC_MAY_SIGN) == 0 &&
1453 (server->secMode & SECMODE_SIGN_REQUIRED))
1454 return false;
1455 else if (((secFlags & CIFSSEC_MUST_SIGN) == CIFSSEC_MUST_SIGN) &&
1456 (server->secMode &
1457 (SECMODE_SIGN_ENABLED|SECMODE_SIGN_REQUIRED)) == 0)
1458 return false;
1459
1460 return true;
1461}
1462
1415static struct TCP_Server_Info * 1463static struct TCP_Server_Info *
1416cifs_find_tcp_session(struct sockaddr *addr) 1464cifs_find_tcp_session(struct sockaddr *addr, struct smb_vol *vol)
1417{ 1465{
1418 struct TCP_Server_Info *server; 1466 struct TCP_Server_Info *server;
1419 1467
@@ -1431,6 +1479,9 @@ cifs_find_tcp_session(struct sockaddr *addr)
1431 if (!match_address(server, addr)) 1479 if (!match_address(server, addr))
1432 continue; 1480 continue;
1433 1481
1482 if (!match_security(server, vol))
1483 continue;
1484
1434 ++server->srv_count; 1485 ++server->srv_count;
1435 write_unlock(&cifs_tcp_ses_lock); 1486 write_unlock(&cifs_tcp_ses_lock);
1436 cFYI(1, "Existing tcp session with server found"); 1487 cFYI(1, "Existing tcp session with server found");
@@ -1501,7 +1552,7 @@ cifs_get_tcp_session(struct smb_vol *volume_info)
1501 } 1552 }
1502 1553
1503 /* see if we already have a matching tcp_ses */ 1554 /* see if we already have a matching tcp_ses */
1504 tcp_ses = cifs_find_tcp_session((struct sockaddr *)&addr); 1555 tcp_ses = cifs_find_tcp_session((struct sockaddr *)&addr, volume_info);
1505 if (tcp_ses) 1556 if (tcp_ses)
1506 return tcp_ses; 1557 return tcp_ses;
1507 1558