aboutsummaryrefslogtreecommitdiffstats
path: root/fs
diff options
context:
space:
mode:
authorJeff <jlayton@redhat.com>2007-07-06 17:10:07 -0400
committerSteve French <sfrench@us.ibm.com>2007-07-06 17:10:07 -0400
commit38c10a1ddb24b9fa9f25b6c21d0390a9723ae6d6 (patch)
treeaa6dbc101c0c3a308c778fa5d7708c21b86499ee /fs
parentd38d8c74c7cdfae910f9cd0ac5e1b7ba2d8a2fb2 (diff)
[CIFS] Mount should fail if server signing off but client mount option requires it
Currently, if mount with a signing-enabled sec= option (e.g. sec=ntlmi), the kernel does a warning printk if the server doesn't support signing, and then proceeds without signatures. This is probably OK for people that think to look at the ring buffer, but seems wrong to me. If someone explicitly requests signing, we should error out if that request can't be satisfied. They can then reattempt the mount without signing if that's ok. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
Diffstat (limited to 'fs')
-rw-r--r--fs/cifs/CHANGES1
-rw-r--r--fs/cifs/cifssmb.c3
2 files changed, 3 insertions, 1 deletions
diff --git a/fs/cifs/CHANGES b/fs/cifs/CHANGES
index b4d388d2b524..258130eea9e7 100644
--- a/fs/cifs/CHANGES
+++ b/fs/cifs/CHANGES
@@ -12,6 +12,7 @@ to match what documentation said. Support for very large reads, over 127K,
12available to some newer servers (such as Samba 3.0.26 and later but 12available to some newer servers (such as Samba 3.0.26 and later but
13note that it also requires setting CIFSMaxBufSize at module install 13note that it also requires setting CIFSMaxBufSize at module install
14time to a larger value which may hurt performance in some cases). 14time to a larger value which may hurt performance in some cases).
15Make sign option force signing (or fail if server does not support it).
15 16
16Version 1.48 17Version 1.48
17------------ 18------------
diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c
index 4a2458e78784..b4916eb6fd43 100644
--- a/fs/cifs/cifssmb.c
+++ b/fs/cifs/cifssmb.c
@@ -645,11 +645,12 @@ signing_check:
645 ~(SECMODE_SIGN_ENABLED | SECMODE_SIGN_REQUIRED); 645 ~(SECMODE_SIGN_ENABLED | SECMODE_SIGN_REQUIRED);
646 } else if ((secFlags & CIFSSEC_MUST_SIGN) == CIFSSEC_MUST_SIGN) { 646 } else if ((secFlags & CIFSSEC_MUST_SIGN) == CIFSSEC_MUST_SIGN) {
647 /* signing required */ 647 /* signing required */
648 cFYI(1, ("Must sign - segFlags 0x%x", secFlags)); 648 cFYI(1, ("Must sign - secFlags 0x%x", secFlags));
649 if ((server->secMode & 649 if ((server->secMode &
650 (SECMODE_SIGN_ENABLED | SECMODE_SIGN_REQUIRED)) == 0) { 650 (SECMODE_SIGN_ENABLED | SECMODE_SIGN_REQUIRED)) == 0) {
651 cERROR(1, 651 cERROR(1,
652 ("signing required but server lacks support")); 652 ("signing required but server lacks support"));
653 rc = -EOPNOTSUPP;
653 } else 654 } else
654 server->secMode |= SECMODE_SIGN_REQUIRED; 655 server->secMode |= SECMODE_SIGN_REQUIRED;
655 } else { 656 } else {