move sectype to the cifs_ses instead of TCP_Server_Info

Now that we track what sort of NEGOTIATE response was received, stop mandating that every session on a socket use the same type of auth. Push that decision out into the session setup code, and make the sectype a per-session property. This should allow us to mix multiple sectypes on a socket as long as they are compatible with the NEGOTIATE response. With this too, we can now eliminate the ses->secFlg field since that info is redundant and harder to work with than a securityEnum. Signed-off-by: Jeff Layton <jlayton@redhat.com> Acked-by: Pavel Shilovsky <piastry@etersoft.ru> Signed-off-by: Steve French <smfrench@gmail.com>
author: Jeff Layton <jlayton@redhat.com> 2013-06-12 20:52:14 -0400
committer: Steve French <smfrench@gmail.com> 2013-06-24 02:56:44 -0400
commit: 3f618223dc0bdcbc8d510350e78ee2195ff93768 (patch)
tree: 07b910ab18112557f897f2192d073f97553e1055 /fs/cifs/smb2pdu.c
parent: 38d77c50b4f4e3ea1687e119871364f1c8d2f531 (diff)
1 files changed, 2 insertions, 19 deletions
diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c
index ad8ef10de0bd..fd2ea4271282 100644
--- a/fs/cifs/smb2pdu.c
+++ b/fs/cifs/smb2pdu.c
@@ -328,7 +328,6 @@ SMB2_negotiate(const unsigned int xid, struct cifs_ses *ses)
        int rc = 0;
        int resp_buftype;
        struct TCP_Server_Info *server = ses->server;
-        unsigned int sec_flags;
        int blob_offset, blob_length;
        char *security_blob;
        int flags = CIFS_NEG_OP;
@@ -344,14 +343,6 @@ SMB2_negotiate(const unsigned int xid, struct cifs_ses *ses)
        if (rc)
                return rc;
-        /* if any of auth flags (ie not sign or seal) are overriden use them */
-        if (ses->overrideSecFlg & (~(CIFSSEC_MUST_SIGN | CIFSSEC_MUST_SEAL)))
-                sec_flags = ses->overrideSecFlg;  /* BB FIXME fix sign flags?*/
-        else /* if override flags set only sign/seal OR them with global auth */
-                sec_flags = global_secflags | ses->overrideSecFlg;
-        cifs_dbg(FYI, "sec_flags 0x%x\n", sec_flags);
        req->hdr.SessionId = 0;
        req->Dialects[0] = cpu_to_le16(ses->server->vals->protocol_id);
@@ -453,7 +444,6 @@ SMB2_sess_setup(const unsigned int xid, struct cifs_ses *ses,
        int resp_buftype;
        __le32 phase = NtLmNegotiate; /* NTLMSSP, if needed, is multistage */
        struct TCP_Server_Info *server = ses->server;
-        unsigned int sec_flags;
        u16 blob_length = 0;
        char *security_blob;
        char *ntlmssp_blob = NULL;
@@ -474,7 +464,8 @@ SMB2_sess_setup(const unsigned int xid, struct cifs_ses *ses,
        if (!ses->ntlmssp)
                return -ENOMEM;
-        ses->server->secType = RawNTLMSSP;
+        /* FIXME: allow for other auth types besides NTLMSSP (e.g. krb5) */
+        ses->sectype = RawNTLMSSP;
 ssetup_ntlmssp_authenticate:
        if (phase == NtLmChallenge)
@@ -484,14 +475,6 @@ ssetup_ntlmssp_authenticate:
        if (rc)
                return rc;
-        /* if any of auth flags (ie not sign or seal) are overriden use them */
-        if (ses->overrideSecFlg & (~(CIFSSEC_MUST_SIGN | CIFSSEC_MUST_SEAL)))
-                sec_flags = ses->overrideSecFlg;  /* BB FIXME fix sign flags?*/
-        else /* if override flags set only sign/seal OR them with global auth */
-                sec_flags = global_secflags | ses->overrideSecFlg;
-        cifs_dbg(FYI, "sec_flags 0x%x\n", sec_flags);
        req->hdr.SessionId = 0; /* First session, not a reauthenticate */
        req->VcNumber = 0; /* MBZ */
        /* to enable echos and oplocks */
author	Jeff Layton <jlayton@redhat.com>	2013-06-12 20:52:14 -0400
committer	Steve French <smfrench@gmail.com>	2013-06-24 02:56:44 -0400
commit	3f618223dc0bdcbc8d510350e78ee2195ff93768 (patch)
tree	07b910ab18112557f897f2192d073f97553e1055 /fs/cifs/smb2pdu.c
parent	38d77c50b4f4e3ea1687e119871364f1c8d2f531 (diff)