diff options
| -rw-r--r-- | fs/cifs/README | 5 | ||||
| -rw-r--r-- | fs/cifs/cifsglob.h | 1 | ||||
| -rw-r--r-- | fs/cifs/connect.c | 25 |
3 files changed, 23 insertions, 8 deletions
diff --git a/fs/cifs/README b/fs/cifs/README index 621aa1a85971..2bd6fe556f88 100644 --- a/fs/cifs/README +++ b/fs/cifs/README | |||
| @@ -483,6 +483,11 @@ A partial list of the supported mount options follows: | |||
| 483 | sign Must use packet signing (helps avoid unwanted data modification | 483 | sign Must use packet signing (helps avoid unwanted data modification |
| 484 | by intermediate systems in the route). Note that signing | 484 | by intermediate systems in the route). Note that signing |
| 485 | does not work with lanman or plaintext authentication. | 485 | does not work with lanman or plaintext authentication. |
| 486 | seal Must seal (encrypt) all data on this mounted share before | ||
| 487 | sending on the network. Requires support for Unix Extensions. | ||
| 488 | Note that this differs from the sign mount option in that it | ||
| 489 | causes encryption of data sent over this mounted share but other | ||
| 490 | shares mounted to the same server are unaffected. | ||
| 486 | sec Security mode. Allowed values are: | 491 | sec Security mode. Allowed values are: |
| 487 | none attempt to connection as a null user (no name) | 492 | none attempt to connection as a null user (no name) |
| 488 | krb5 Use Kerberos version 5 authentication | 493 | krb5 Use Kerberos version 5 authentication |
diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h index b7d9f698e63e..08914053242b 100644 --- a/fs/cifs/cifsglob.h +++ b/fs/cifs/cifsglob.h | |||
| @@ -281,6 +281,7 @@ struct cifsTconInfo { | |||
| 281 | bool ipc:1; /* set if connection to IPC$ eg for RPC/PIPES */ | 281 | bool ipc:1; /* set if connection to IPC$ eg for RPC/PIPES */ |
| 282 | bool retry:1; | 282 | bool retry:1; |
| 283 | bool nocase:1; | 283 | bool nocase:1; |
| 284 | bool seal:1; /* transport encryption for this mounted share */ | ||
| 284 | bool unix_ext:1; /* if false disable Linux extensions to CIFS protocol | 285 | bool unix_ext:1; /* if false disable Linux extensions to CIFS protocol |
| 285 | for this mount even if server would support */ | 286 | for this mount even if server would support */ |
| 286 | /* BB add field for back pointer to sb struct(s)? */ | 287 | /* BB add field for back pointer to sb struct(s)? */ |
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c index c397fcfd9f1a..023434f72c15 100644 --- a/fs/cifs/connect.c +++ b/fs/cifs/connect.c | |||
| @@ -60,7 +60,7 @@ struct smb_vol { | |||
| 60 | char *domainname; | 60 | char *domainname; |
| 61 | char *UNC; | 61 | char *UNC; |
| 62 | char *UNCip; | 62 | char *UNCip; |
| 63 | char *in6_addr; /* ipv6 address as human readable form of in6_addr */ | 63 | char *in6_addr; /* ipv6 address as human readable form of in6_addr */ |
| 64 | char *iocharset; /* local code page for mapping to and from Unicode */ | 64 | char *iocharset; /* local code page for mapping to and from Unicode */ |
| 65 | char source_rfc1001_name[16]; /* netbios name of client */ | 65 | char source_rfc1001_name[16]; /* netbios name of client */ |
| 66 | char target_rfc1001_name[16]; /* netbios name of server for Win9x/ME */ | 66 | char target_rfc1001_name[16]; /* netbios name of server for Win9x/ME */ |
| @@ -82,13 +82,14 @@ struct smb_vol { | |||
| 82 | bool no_xattr:1; /* set if xattr (EA) support should be disabled*/ | 82 | bool no_xattr:1; /* set if xattr (EA) support should be disabled*/ |
| 83 | bool server_ino:1; /* use inode numbers from server ie UniqueId */ | 83 | bool server_ino:1; /* use inode numbers from server ie UniqueId */ |
| 84 | bool direct_io:1; | 84 | bool direct_io:1; |
| 85 | bool remap:1; /* set to remap seven reserved chars in filenames */ | 85 | bool remap:1; /* set to remap seven reserved chars in filenames */ |
| 86 | bool posix_paths:1; /* unset to not ask for posix pathnames. */ | 86 | bool posix_paths:1; /* unset to not ask for posix pathnames. */ |
| 87 | bool no_linux_ext:1; | 87 | bool no_linux_ext:1; |
| 88 | bool sfu_emul:1; | 88 | bool sfu_emul:1; |
| 89 | bool nullauth:1; /* attempt to authenticate with null user */ | 89 | bool nullauth:1; /* attempt to authenticate with null user */ |
| 90 | unsigned nocase; /* request case insensitive filenames */ | 90 | bool nocase:1; /* request case insensitive filenames */ |
| 91 | unsigned nobrl; /* disable sending byte range locks to srv */ | 91 | bool nobrl:1; /* disable sending byte range locks to srv */ |
| 92 | bool seal:1; /* request transport encryption on share */ | ||
| 92 | unsigned int rsize; | 93 | unsigned int rsize; |
| 93 | unsigned int wsize; | 94 | unsigned int wsize; |
| 94 | unsigned int sockopt; | 95 | unsigned int sockopt; |
| @@ -1273,8 +1274,12 @@ cifs_parse_mount_options(char *options, const char *devname, | |||
| 1273 | vol->no_psx_acl = 1; | 1274 | vol->no_psx_acl = 1; |
| 1274 | } else if (strnicmp(data, "sign", 4) == 0) { | 1275 | } else if (strnicmp(data, "sign", 4) == 0) { |
| 1275 | vol->secFlg |= CIFSSEC_MUST_SIGN; | 1276 | vol->secFlg |= CIFSSEC_MUST_SIGN; |
| 1276 | /* } else if (strnicmp(data, "seal",4) == 0) { | 1277 | } else if (strnicmp(data, "seal", 4) == 0) { |
| 1277 | vol->secFlg |= CIFSSEC_MUST_SEAL; */ | 1278 | /* we do not do the following in secFlags because seal |
| 1279 | is a per tree connection (mount) not a per socket | ||
| 1280 | or per-smb connection option in the protocol */ | ||
| 1281 | /* vol->secFlg |= CIFSSEC_MUST_SEAL; */ | ||
| 1282 | vol->seal = 1; | ||
| 1278 | } else if (strnicmp(data, "direct", 6) == 0) { | 1283 | } else if (strnicmp(data, "direct", 6) == 0) { |
| 1279 | vol->direct_io = 1; | 1284 | vol->direct_io = 1; |
| 1280 | } else if (strnicmp(data, "forcedirectio", 13) == 0) { | 1285 | } else if (strnicmp(data, "forcedirectio", 13) == 0) { |
| @@ -2126,6 +2131,9 @@ cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb, | |||
| 2126 | for the retry flag is used */ | 2131 | for the retry flag is used */ |
| 2127 | tcon->retry = volume_info.retry; | 2132 | tcon->retry = volume_info.retry; |
| 2128 | tcon->nocase = volume_info.nocase; | 2133 | tcon->nocase = volume_info.nocase; |
| 2134 | if (tcon->seal != volume_info.seal) | ||
| 2135 | cERROR(1, ("transport encryption setting " | ||
| 2136 | "conflicts with existing tid")); | ||
| 2129 | } else { | 2137 | } else { |
| 2130 | tcon = tconInfoAlloc(); | 2138 | tcon = tconInfoAlloc(); |
| 2131 | if (tcon == NULL) | 2139 | if (tcon == NULL) |
| @@ -2159,6 +2167,7 @@ cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb, | |||
| 2159 | atomic_inc(&pSesInfo->inUse); | 2167 | atomic_inc(&pSesInfo->inUse); |
| 2160 | tcon->retry = volume_info.retry; | 2168 | tcon->retry = volume_info.retry; |
| 2161 | tcon->nocase = volume_info.nocase; | 2169 | tcon->nocase = volume_info.nocase; |
| 2170 | tcon->seal = volume_info.seal; | ||
| 2162 | } | 2171 | } |
| 2163 | } | 2172 | } |
| 2164 | } | 2173 | } |