diff options
author | Jeff Layton <jlayton@redhat.com> | 2010-07-06 20:43:02 -0400 |
---|---|---|
committer | Steve French <sfrench@us.ibm.com> | 2010-08-02 08:40:35 -0400 |
commit | daf5b0b6f3f6d7b15c2600426cc6c60a0e155218 (patch) | |
tree | 9c6210671c489d493f02dd7ca1eb6799c21fd195 /fs/cifs | |
parent | 4515148ef72bfda4ce3c8754149711d9972867ce (diff) |
cifs: match secType when searching for existing tcp session
The secType is a per-tcp session entity, but the current routine doesn't
verify that it is acceptible when attempting to match an existing TCP
session.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
Diffstat (limited to 'fs/cifs')
-rw-r--r-- | fs/cifs/cifsglob.h | 3 | ||||
-rw-r--r-- | fs/cifs/connect.c | 55 |
2 files changed, 54 insertions, 4 deletions
diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h index 06b48998db94..8fb1d10b8742 100644 --- a/fs/cifs/cifsglob.h +++ b/fs/cifs/cifsglob.h | |||
@@ -83,8 +83,7 @@ enum statusEnum { | |||
83 | }; | 83 | }; |
84 | 84 | ||
85 | enum securityEnum { | 85 | enum securityEnum { |
86 | PLAINTXT = 0, /* Legacy with Plaintext passwords */ | 86 | LANMAN = 0, /* Legacy LANMAN auth */ |
87 | LANMAN, /* Legacy LANMAN auth */ | ||
88 | NTLM, /* Legacy NTLM012 auth with NTLM hash */ | 87 | NTLM, /* Legacy NTLM012 auth with NTLM hash */ |
89 | NTLMv2, /* Legacy NTLM auth with NTLMv2 hash */ | 88 | NTLMv2, /* Legacy NTLM auth with NTLMv2 hash */ |
90 | RawNTLMSSP, /* NTLMSSP without SPNEGO, NTLMv2 hash */ | 89 | RawNTLMSSP, /* NTLMSSP without SPNEGO, NTLMv2 hash */ |
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c index 65e760b9428f..b24e4cea4e3c 100644 --- a/fs/cifs/connect.c +++ b/fs/cifs/connect.c | |||
@@ -1412,8 +1412,56 @@ match_address(struct TCP_Server_Info *server, struct sockaddr *addr) | |||
1412 | return true; | 1412 | return true; |
1413 | } | 1413 | } |
1414 | 1414 | ||
1415 | static bool | ||
1416 | match_security(struct TCP_Server_Info *server, struct smb_vol *vol) | ||
1417 | { | ||
1418 | unsigned int secFlags; | ||
1419 | |||
1420 | if (vol->secFlg & (~(CIFSSEC_MUST_SIGN | CIFSSEC_MUST_SEAL))) | ||
1421 | secFlags = vol->secFlg; | ||
1422 | else | ||
1423 | secFlags = global_secflags | vol->secFlg; | ||
1424 | |||
1425 | switch (server->secType) { | ||
1426 | case LANMAN: | ||
1427 | if (!(secFlags & (CIFSSEC_MAY_LANMAN|CIFSSEC_MAY_PLNTXT))) | ||
1428 | return false; | ||
1429 | break; | ||
1430 | case NTLMv2: | ||
1431 | if (!(secFlags & CIFSSEC_MAY_NTLMV2)) | ||
1432 | return false; | ||
1433 | break; | ||
1434 | case NTLM: | ||
1435 | if (!(secFlags & CIFSSEC_MAY_NTLM)) | ||
1436 | return false; | ||
1437 | break; | ||
1438 | case Kerberos: | ||
1439 | if (!(secFlags & CIFSSEC_MAY_KRB5)) | ||
1440 | return false; | ||
1441 | break; | ||
1442 | case RawNTLMSSP: | ||
1443 | if (!(secFlags & CIFSSEC_MAY_NTLMSSP)) | ||
1444 | return false; | ||
1445 | break; | ||
1446 | default: | ||
1447 | /* shouldn't happen */ | ||
1448 | return false; | ||
1449 | } | ||
1450 | |||
1451 | /* now check if signing mode is acceptible */ | ||
1452 | if ((secFlags & CIFSSEC_MAY_SIGN) == 0 && | ||
1453 | (server->secMode & SECMODE_SIGN_REQUIRED)) | ||
1454 | return false; | ||
1455 | else if (((secFlags & CIFSSEC_MUST_SIGN) == CIFSSEC_MUST_SIGN) && | ||
1456 | (server->secMode & | ||
1457 | (SECMODE_SIGN_ENABLED|SECMODE_SIGN_REQUIRED)) == 0) | ||
1458 | return false; | ||
1459 | |||
1460 | return true; | ||
1461 | } | ||
1462 | |||
1415 | static struct TCP_Server_Info * | 1463 | static struct TCP_Server_Info * |
1416 | cifs_find_tcp_session(struct sockaddr *addr) | 1464 | cifs_find_tcp_session(struct sockaddr *addr, struct smb_vol *vol) |
1417 | { | 1465 | { |
1418 | struct TCP_Server_Info *server; | 1466 | struct TCP_Server_Info *server; |
1419 | 1467 | ||
@@ -1431,6 +1479,9 @@ cifs_find_tcp_session(struct sockaddr *addr) | |||
1431 | if (!match_address(server, addr)) | 1479 | if (!match_address(server, addr)) |
1432 | continue; | 1480 | continue; |
1433 | 1481 | ||
1482 | if (!match_security(server, vol)) | ||
1483 | continue; | ||
1484 | |||
1434 | ++server->srv_count; | 1485 | ++server->srv_count; |
1435 | write_unlock(&cifs_tcp_ses_lock); | 1486 | write_unlock(&cifs_tcp_ses_lock); |
1436 | cFYI(1, "Existing tcp session with server found"); | 1487 | cFYI(1, "Existing tcp session with server found"); |
@@ -1501,7 +1552,7 @@ cifs_get_tcp_session(struct smb_vol *volume_info) | |||
1501 | } | 1552 | } |
1502 | 1553 | ||
1503 | /* see if we already have a matching tcp_ses */ | 1554 | /* see if we already have a matching tcp_ses */ |
1504 | tcp_ses = cifs_find_tcp_session((struct sockaddr *)&addr); | 1555 | tcp_ses = cifs_find_tcp_session((struct sockaddr *)&addr, volume_info); |
1505 | if (tcp_ses) | 1556 | if (tcp_ses) |
1506 | return tcp_ses; | 1557 | return tcp_ses; |
1507 | 1558 | ||