1 files changed, 17 insertions, 23 deletions
diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c
index 1609699e7bec..ad8ef10de0bd 100644
--- a/fs/cifs/smb2pdu.c
+++ b/fs/cifs/smb2pdu.c
@@ -119,8 +119,7 @@ smb2_hdr_assemble(struct smb2_hdr *hdr, __le16 smb2_cmd /* command */ ,
        /* BB how does SMB2 do case sensitive? */
        /* if (tcon->nocase)
                hdr->Flags |= SMBFLG_CASELESS; */
-        if (tcon->ses && tcon->ses->server &&
+        if (tcon->ses && tcon->ses->server && tcon->ses->server->sign)
-            (tcon->ses->server->sec_mode & SECMODE_SIGN_REQUIRED))
                hdr->Flags |= SMB2_FLAGS_SIGNED;
 out:
        pdu->StructureSize2 = cpu_to_le16(parmsize);
@@ -330,7 +329,6 @@ SMB2_negotiate(const unsigned int xid, struct cifs_ses *ses)
        int resp_buftype;
        struct TCP_Server_Info *server = ses->server;
        unsigned int sec_flags;
-        u16 temp = 0;
        int blob_offset, blob_length;
        char *security_blob;
        int flags = CIFS_NEG_OP;
@@ -362,12 +360,12 @@ SMB2_negotiate(const unsigned int xid, struct cifs_ses *ses)
        inc_rfc1001_len(req, 2);
        /* only one of SMB2 signing flags may be set in SMB2 request */
-        if ((sec_flags & CIFSSEC_MUST_SIGN) == CIFSSEC_MUST_SIGN)
+        if (ses->sign)
-                temp = SMB2_NEGOTIATE_SIGNING_REQUIRED;
+                req->SecurityMode = SMB2_NEGOTIATE_SIGNING_REQUIRED;
-        else if (sec_flags & CIFSSEC_MAY_SIGN) /* MAY_SIGN is a single flag */
+        else if (global_secflags & CIFSSEC_MAY_SIGN)
-                temp = SMB2_NEGOTIATE_SIGNING_ENABLED;
+                req->SecurityMode = SMB2_NEGOTIATE_SIGNING_ENABLED;
+        else
-        req->SecurityMode = cpu_to_le16(temp);
+                req->SecurityMode = 0;
        req->Capabilities = cpu_to_le32(ses->server->vals->req_capabilities);
@@ -424,8 +422,7 @@ SMB2_negotiate(const unsigned int xid, struct cifs_ses *ses)
                goto neg_exit;
        }
-        cifs_dbg(FYI, "sec_flags 0x%x\n", sec_flags);
+        rc = cifs_enable_signing(server, ses->sign);
-        rc = cifs_enable_signing(server, sec_flags);
 #ifdef CONFIG_SMB2_ASN1  /* BB REMOVEME when updated asn1.c ready */
        if (rc)
                goto neg_exit;
@@ -457,7 +454,6 @@ SMB2_sess_setup(const unsigned int xid, struct cifs_ses *ses,
        __le32 phase = NtLmNegotiate; /* NTLMSSP, if needed, is multistage */
        struct TCP_Server_Info *server = ses->server;
        unsigned int sec_flags;
-        u8 temp = 0;
        u16 blob_length = 0;
        char *security_blob;
        char *ntlmssp_blob = NULL;
@@ -502,14 +498,13 @@ ssetup_ntlmssp_authenticate:
        req->hdr.CreditRequest = cpu_to_le16(3);
        /* only one of SMB2 signing flags may be set in SMB2 request */
-        if ((sec_flags & CIFSSEC_MUST_SIGN) == CIFSSEC_MUST_SIGN)
+        if (server->sign)
-                temp = SMB2_NEGOTIATE_SIGNING_REQUIRED;
+                req->SecurityMode = SMB2_NEGOTIATE_SIGNING_REQUIRED;
-        else if (ses->server->sec_mode & SMB2_NEGOTIATE_SIGNING_REQUIRED)
+        else if (global_secflags & CIFSSEC_MAY_SIGN) /* one flag unlike MUST_ */
-                temp = SMB2_NEGOTIATE_SIGNING_REQUIRED;
+                req->SecurityMode = SMB2_NEGOTIATE_SIGNING_ENABLED;
-        else if (sec_flags & CIFSSEC_MAY_SIGN) /* MAY_SIGN is a single flag */
+        else
-                temp = SMB2_NEGOTIATE_SIGNING_ENABLED;
+                req->SecurityMode = 0;
-        req->SecurityMode = temp;
        req->Capabilities = 0;
        req->Channel = 0; /* MBZ */
@@ -652,7 +647,7 @@ SMB2_logoff(const unsigned int xid, struct cifs_ses *ses)
         /* since no tcon, smb2_init can not do this, so do here */
        req->hdr.SessionId = ses->Suid;
-        if (server->sec_mode & SECMODE_SIGN_REQUIRED)
+        if (server->sign)
                req->hdr.Flags |= SMB2_FLAGS_SIGNED;
        rc = SendReceiveNoRsp(xid, ses, (char *) &req->hdr, 0);
@@ -1357,8 +1352,7 @@ smb2_readv_callback(struct mid_q_entry *mid)
        case MID_RESPONSE_RECEIVED:
                credits_received = le16_to_cpu(buf->CreditRequest);
                /* result already set, check signature */
-                if (server->sec_mode &
+                if (server->sign) {
-                    (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED)) {
                        int rc;
                        rc = smb2_verify_signature(&rqst, server);

diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c index 1609699e7bec..ad8ef10de0bd 100644 --- a/fs/cifs/smb2pdu.c +++ b/fs/cifs/smb2pdu.c
@@ -119,8 +119,7 @@ smb2_hdr_assemble(struct smb2_hdr hdr, __le16 smb2_cmd / command */ ,
119	/* BB how does SMB2 do case sensitive? */	119	/* BB how does SMB2 do case sensitive? */
120	/* if (tcon->nocase)	120	/* if (tcon->nocase)
121	hdr->Flags \|= SMBFLG_CASELESS; */	121	hdr->Flags \|= SMBFLG_CASELESS; */
122	if (tcon->ses && tcon->ses->server &&	122	if (tcon->ses && tcon->ses->server && tcon->ses->server->sign)
123	(tcon->ses->server->sec_mode & SECMODE_SIGN_REQUIRED))
124	hdr->Flags \|= SMB2_FLAGS_SIGNED;	123	hdr->Flags \|= SMB2_FLAGS_SIGNED;
125	out:	124	out:
126	pdu->StructureSize2 = cpu_to_le16(parmsize);	125	pdu->StructureSize2 = cpu_to_le16(parmsize);
@@ -330,7 +329,6 @@ SMB2_negotiate(const unsigned int xid, struct cifs_ses *ses)
330	int resp_buftype;	329	int resp_buftype;
331	struct TCP_Server_Info *server = ses->server;	330	struct TCP_Server_Info *server = ses->server;
332	unsigned int sec_flags;	331	unsigned int sec_flags;
333	u16 temp = 0;
334	int blob_offset, blob_length;	332	int blob_offset, blob_length;
335	char *security_blob;	333	char *security_blob;
336	int flags = CIFS_NEG_OP;	334	int flags = CIFS_NEG_OP;
@@ -362,12 +360,12 @@ SMB2_negotiate(const unsigned int xid, struct cifs_ses *ses)
362	inc_rfc1001_len(req, 2);	360	inc_rfc1001_len(req, 2);
363		361
364	/* only one of SMB2 signing flags may be set in SMB2 request */	362	/* only one of SMB2 signing flags may be set in SMB2 request */
365	if ((sec_flags & CIFSSEC_MUST_SIGN) == CIFSSEC_MUST_SIGN)	363	if (ses->sign)
366	temp = SMB2_NEGOTIATE_SIGNING_REQUIRED;	364	req->SecurityMode = SMB2_NEGOTIATE_SIGNING_REQUIRED;
367	else if (sec_flags & CIFSSEC_MAY_SIGN) /* MAY_SIGN is a single flag */	365	else if (global_secflags & CIFSSEC_MAY_SIGN)
368	temp = SMB2_NEGOTIATE_SIGNING_ENABLED;	366	req->SecurityMode = SMB2_NEGOTIATE_SIGNING_ENABLED;
369		367	else
370	req->SecurityMode = cpu_to_le16(temp);	368	req->SecurityMode = 0;
371		369
372	req->Capabilities = cpu_to_le32(ses->server->vals->req_capabilities);	370	req->Capabilities = cpu_to_le32(ses->server->vals->req_capabilities);
373		371
@@ -424,8 +422,7 @@ SMB2_negotiate(const unsigned int xid, struct cifs_ses *ses)
424	goto neg_exit;	422	goto neg_exit;
425	}	423	}
426		424
427	cifs_dbg(FYI, "sec_flags 0x%x\n", sec_flags);	425	rc = cifs_enable_signing(server, ses->sign);
428	rc = cifs_enable_signing(server, sec_flags);
429	#ifdef CONFIG_SMB2_ASN1 /* BB REMOVEME when updated asn1.c ready */	426	#ifdef CONFIG_SMB2_ASN1 /* BB REMOVEME when updated asn1.c ready */
430	if (rc)	427	if (rc)
431	goto neg_exit;	428	goto neg_exit;
@@ -457,7 +454,6 @@ SMB2_sess_setup(const unsigned int xid, struct cifs_ses *ses,
457	__le32 phase = NtLmNegotiate; /* NTLMSSP, if needed, is multistage */	454	__le32 phase = NtLmNegotiate; /* NTLMSSP, if needed, is multistage */
458	struct TCP_Server_Info *server = ses->server;	455	struct TCP_Server_Info *server = ses->server;
459	unsigned int sec_flags;	456	unsigned int sec_flags;
460	u8 temp = 0;
461	u16 blob_length = 0;	457	u16 blob_length = 0;
462	char *security_blob;	458	char *security_blob;
463	char *ntlmssp_blob = NULL;	459	char *ntlmssp_blob = NULL;
@@ -502,14 +498,13 @@ ssetup_ntlmssp_authenticate:
502	req->hdr.CreditRequest = cpu_to_le16(3);	498	req->hdr.CreditRequest = cpu_to_le16(3);
503		499
504	/* only one of SMB2 signing flags may be set in SMB2 request */	500	/* only one of SMB2 signing flags may be set in SMB2 request */
505	if ((sec_flags & CIFSSEC_MUST_SIGN) == CIFSSEC_MUST_SIGN)	501	if (server->sign)
506	temp = SMB2_NEGOTIATE_SIGNING_REQUIRED;	502	req->SecurityMode = SMB2_NEGOTIATE_SIGNING_REQUIRED;
507	else if (ses->server->sec_mode & SMB2_NEGOTIATE_SIGNING_REQUIRED)	503	else if (global_secflags & CIFSSEC_MAY_SIGN) /* one flag unlike MUST_ */
508	temp = SMB2_NEGOTIATE_SIGNING_REQUIRED;	504	req->SecurityMode = SMB2_NEGOTIATE_SIGNING_ENABLED;
509	else if (sec_flags & CIFSSEC_MAY_SIGN) /* MAY_SIGN is a single flag */	505	else
510	temp = SMB2_NEGOTIATE_SIGNING_ENABLED;	506	req->SecurityMode = 0;
511		507
512	req->SecurityMode = temp;
513	req->Capabilities = 0;	508	req->Capabilities = 0;
514	req->Channel = 0; /* MBZ */	509	req->Channel = 0; /* MBZ */
515		510
@@ -652,7 +647,7 @@ SMB2_logoff(const unsigned int xid, struct cifs_ses *ses)
652		647
653	/* since no tcon, smb2_init can not do this, so do here */	648	/* since no tcon, smb2_init can not do this, so do here */
654	req->hdr.SessionId = ses->Suid;	649	req->hdr.SessionId = ses->Suid;
655	if (server->sec_mode & SECMODE_SIGN_REQUIRED)	650	if (server->sign)
656	req->hdr.Flags \|= SMB2_FLAGS_SIGNED;	651	req->hdr.Flags \|= SMB2_FLAGS_SIGNED;
657		652
658	rc = SendReceiveNoRsp(xid, ses, (char *) &req->hdr, 0);	653	rc = SendReceiveNoRsp(xid, ses, (char *) &req->hdr, 0);
@@ -1357,8 +1352,7 @@ smb2_readv_callback(struct mid_q_entry *mid)
1357	case MID_RESPONSE_RECEIVED:	1352	case MID_RESPONSE_RECEIVED:
1358	credits_received = le16_to_cpu(buf->CreditRequest);	1353	credits_received = le16_to_cpu(buf->CreditRequest);
1359	/* result already set, check signature */	1354	/* result already set, check signature */
1360	if (server->sec_mode &	1355	if (server->sign) {
1361	(SECMODE_SIGN_REQUIRED \| SECMODE_SIGN_ENABLED)) {
1362	int rc;	1356	int rc;
1363		1357
1364	rc = smb2_verify_signature(&rqst, server);	1358	rc = smb2_verify_signature(&rqst, server);