diff options
Diffstat (limited to 'fs/cifs/cifssmb.c')
| -rw-r--r-- | fs/cifs/cifssmb.c | 32 |
1 files changed, 21 insertions, 11 deletions
diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c index 57419a176688..4a2458e78784 100644 --- a/fs/cifs/cifssmb.c +++ b/fs/cifs/cifssmb.c | |||
| @@ -426,11 +426,11 @@ CIFSSMBNegotiate(unsigned int xid, struct cifsSesInfo *ses) | |||
| 426 | 426 | ||
| 427 | /* if any of auth flags (ie not sign or seal) are overriden use them */ | 427 | /* if any of auth flags (ie not sign or seal) are overriden use them */ |
| 428 | if(ses->overrideSecFlg & (~(CIFSSEC_MUST_SIGN | CIFSSEC_MUST_SEAL))) | 428 | if(ses->overrideSecFlg & (~(CIFSSEC_MUST_SIGN | CIFSSEC_MUST_SEAL))) |
| 429 | secFlags = ses->overrideSecFlg; | 429 | secFlags = ses->overrideSecFlg; /* BB FIXME fix sign flags? */ |
| 430 | else /* if override flags set only sign/seal OR them with global auth */ | 430 | else /* if override flags set only sign/seal OR them with global auth */ |
| 431 | secFlags = extended_security | ses->overrideSecFlg; | 431 | secFlags = extended_security | ses->overrideSecFlg; |
| 432 | 432 | ||
| 433 | cFYI(1,("secFlags 0x%x",secFlags)); | 433 | cFYI(1, ("secFlags 0x%x", secFlags)); |
| 434 | 434 | ||
| 435 | pSMB->hdr.Mid = GetNextMid(server); | 435 | pSMB->hdr.Mid = GetNextMid(server); |
| 436 | pSMB->hdr.Flags2 |= (SMBFLG2_UNICODE | SMBFLG2_ERR_STATUS); | 436 | pSMB->hdr.Flags2 |= (SMBFLG2_UNICODE | SMBFLG2_ERR_STATUS); |
| @@ -633,22 +633,32 @@ CIFSSMBNegotiate(unsigned int xid, struct cifsSesInfo *ses) | |||
| 633 | #ifdef CONFIG_CIFS_WEAK_PW_HASH | 633 | #ifdef CONFIG_CIFS_WEAK_PW_HASH |
| 634 | signing_check: | 634 | signing_check: |
| 635 | #endif | 635 | #endif |
| 636 | if(sign_CIFS_PDUs == FALSE) { | 636 | if ((secFlags & CIFSSEC_MAY_SIGN) == 0) { |
| 637 | /* MUST_SIGN already includes the MAY_SIGN FLAG | ||
| 638 | so if this is zero it means that signing is disabled */ | ||
| 639 | cFYI(1, ("Signing disabled")); | ||
| 637 | if(server->secMode & SECMODE_SIGN_REQUIRED) | 640 | if(server->secMode & SECMODE_SIGN_REQUIRED) |
| 638 | cERROR(1,("Server requires " | 641 | cERROR(1, ("Server requires " |
| 639 | "/proc/fs/cifs/PacketSigningEnabled to be on")); | 642 | "/proc/fs/cifs/PacketSigningEnabled " |
| 643 | "to be on")); | ||
| 640 | server->secMode &= | 644 | server->secMode &= |
| 641 | ~(SECMODE_SIGN_ENABLED | SECMODE_SIGN_REQUIRED); | 645 | ~(SECMODE_SIGN_ENABLED | SECMODE_SIGN_REQUIRED); |
| 642 | } else if(sign_CIFS_PDUs == 1) { | 646 | } else if ((secFlags & CIFSSEC_MUST_SIGN) == CIFSSEC_MUST_SIGN) { |
| 647 | /* signing required */ | ||
| 648 | cFYI(1, ("Must sign - segFlags 0x%x", secFlags)); | ||
| 649 | if ((server->secMode & | ||
| 650 | (SECMODE_SIGN_ENABLED | SECMODE_SIGN_REQUIRED)) == 0) { | ||
| 651 | cERROR(1, | ||
| 652 | ("signing required but server lacks support")); | ||
| 653 | } else | ||
| 654 | server->secMode |= SECMODE_SIGN_REQUIRED; | ||
| 655 | } else { | ||
| 656 | /* signing optional ie CIFSSEC_MAY_SIGN */ | ||
| 643 | if((server->secMode & SECMODE_SIGN_REQUIRED) == 0) | 657 | if((server->secMode & SECMODE_SIGN_REQUIRED) == 0) |
| 644 | server->secMode &= | 658 | server->secMode &= |
| 645 | ~(SECMODE_SIGN_ENABLED | SECMODE_SIGN_REQUIRED); | 659 | ~(SECMODE_SIGN_ENABLED | SECMODE_SIGN_REQUIRED); |
| 646 | } else if(sign_CIFS_PDUs == 2) { | ||
| 647 | if((server->secMode & | ||
| 648 | (SECMODE_SIGN_ENABLED | SECMODE_SIGN_REQUIRED)) == 0) { | ||
| 649 | cERROR(1,("signing required but server lacks support")); | ||
| 650 | } | ||
| 651 | } | 660 | } |
| 661 | |||
| 652 | neg_err_exit: | 662 | neg_err_exit: |
| 653 | cifs_buf_release(pSMB); | 663 | cifs_buf_release(pSMB); |
| 654 | 664 | ||