aboutsummaryrefslogtreecommitdiffstats
path: root/fs/cifs
diff options
context:
space:
mode:
Diffstat (limited to 'fs/cifs')
-rw-r--r--fs/cifs/cifs_debug.c92
-rw-r--r--fs/cifs/cifssmb.c32
2 files changed, 29 insertions, 95 deletions
diff --git a/fs/cifs/cifs_debug.c b/fs/cifs/cifs_debug.c
index ebd13358cca6..42fafa144f40 100644
--- a/fs/cifs/cifs_debug.c
+++ b/fs/cifs/cifs_debug.c
@@ -901,90 +901,14 @@ security_flags_write(struct file *file, const char __user *buffer,
901 } 901 }
902 /* flags look ok - update the global security flags for cifs module */ 902 /* flags look ok - update the global security flags for cifs module */
903 extended_security = flags; 903 extended_security = flags;
904 if (extended_security & CIFSSEC_MUST_SIGN) {
905 /* requiring signing implies signing is allowed */
906 extended_security |= CIFSSEC_MAY_SIGN;
907 cFYI(1, ("packet signing now required"));
908 } else if ((extended_security & CIFSSEC_MAY_SIGN) == 0) {
909 cFYI(1, ("packet signing disabled"));
910 }
911 /* BB should we turn on MAY flags for other MUST options? */
904 return count; 912 return count;
905} 913}
906
907/* static int
908ntlmv2_enabled_read(char *page, char **start, off_t off,
909 int count, int *eof, void *data)
910{
911 int len;
912
913 len = sprintf(page, "%d\n", ntlmv2_support);
914
915 len -= off;
916 *start = page + off;
917
918 if (len > count)
919 len = count;
920 else
921 *eof = 1;
922
923 if (len < 0)
924 len = 0;
925
926 return len;
927}
928static int
929ntlmv2_enabled_write(struct file *file, const char __user *buffer,
930 unsigned long count, void *data)
931{
932 char c;
933 int rc;
934
935 rc = get_user(c, buffer);
936 if (rc)
937 return rc;
938 if (c == '0' || c == 'n' || c == 'N')
939 ntlmv2_support = 0;
940 else if (c == '1' || c == 'y' || c == 'Y')
941 ntlmv2_support = 1;
942 else if (c == '2')
943 ntlmv2_support = 2;
944
945 return count;
946}
947
948static int
949packet_signing_enabled_read(char *page, char **start, off_t off,
950 int count, int *eof, void *data)
951{
952 int len;
953
954 len = sprintf(page, "%d\n", sign_CIFS_PDUs);
955
956 len -= off;
957 *start = page + off;
958
959 if (len > count)
960 len = count;
961 else
962 *eof = 1;
963
964 if (len < 0)
965 len = 0;
966
967 return len;
968}
969static int
970packet_signing_enabled_write(struct file *file, const char __user *buffer,
971 unsigned long count, void *data)
972{
973 char c;
974 int rc;
975
976 rc = get_user(c, buffer);
977 if (rc)
978 return rc;
979 if (c == '0' || c == 'n' || c == 'N')
980 sign_CIFS_PDUs = 0;
981 else if (c == '1' || c == 'y' || c == 'Y')
982 sign_CIFS_PDUs = 1;
983 else if (c == '2')
984 sign_CIFS_PDUs = 2;
985
986 return count;
987} */
988
989
990#endif 914#endif
diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c
index 57419a176688..4a2458e78784 100644
--- a/fs/cifs/cifssmb.c
+++ b/fs/cifs/cifssmb.c
@@ -426,11 +426,11 @@ CIFSSMBNegotiate(unsigned int xid, struct cifsSesInfo *ses)
426 426
427 /* if any of auth flags (ie not sign or seal) are overriden use them */ 427 /* if any of auth flags (ie not sign or seal) are overriden use them */
428 if(ses->overrideSecFlg & (~(CIFSSEC_MUST_SIGN | CIFSSEC_MUST_SEAL))) 428 if(ses->overrideSecFlg & (~(CIFSSEC_MUST_SIGN | CIFSSEC_MUST_SEAL)))
429 secFlags = ses->overrideSecFlg; 429 secFlags = ses->overrideSecFlg; /* BB FIXME fix sign flags? */
430 else /* if override flags set only sign/seal OR them with global auth */ 430 else /* if override flags set only sign/seal OR them with global auth */
431 secFlags = extended_security | ses->overrideSecFlg; 431 secFlags = extended_security | ses->overrideSecFlg;
432 432
433 cFYI(1,("secFlags 0x%x",secFlags)); 433 cFYI(1, ("secFlags 0x%x", secFlags));
434 434
435 pSMB->hdr.Mid = GetNextMid(server); 435 pSMB->hdr.Mid = GetNextMid(server);
436 pSMB->hdr.Flags2 |= (SMBFLG2_UNICODE | SMBFLG2_ERR_STATUS); 436 pSMB->hdr.Flags2 |= (SMBFLG2_UNICODE | SMBFLG2_ERR_STATUS);
@@ -633,22 +633,32 @@ CIFSSMBNegotiate(unsigned int xid, struct cifsSesInfo *ses)
633#ifdef CONFIG_CIFS_WEAK_PW_HASH 633#ifdef CONFIG_CIFS_WEAK_PW_HASH
634signing_check: 634signing_check:
635#endif 635#endif
636 if(sign_CIFS_PDUs == FALSE) { 636 if ((secFlags & CIFSSEC_MAY_SIGN) == 0) {
637 /* MUST_SIGN already includes the MAY_SIGN FLAG
638 so if this is zero it means that signing is disabled */
639 cFYI(1, ("Signing disabled"));
637 if(server->secMode & SECMODE_SIGN_REQUIRED) 640 if(server->secMode & SECMODE_SIGN_REQUIRED)
638 cERROR(1,("Server requires " 641 cERROR(1, ("Server requires "
639 "/proc/fs/cifs/PacketSigningEnabled to be on")); 642 "/proc/fs/cifs/PacketSigningEnabled "
643 "to be on"));
640 server->secMode &= 644 server->secMode &=
641 ~(SECMODE_SIGN_ENABLED | SECMODE_SIGN_REQUIRED); 645 ~(SECMODE_SIGN_ENABLED | SECMODE_SIGN_REQUIRED);
642 } else if(sign_CIFS_PDUs == 1) { 646 } else if ((secFlags & CIFSSEC_MUST_SIGN) == CIFSSEC_MUST_SIGN) {
647 /* signing required */
648 cFYI(1, ("Must sign - segFlags 0x%x", secFlags));
649 if ((server->secMode &
650 (SECMODE_SIGN_ENABLED | SECMODE_SIGN_REQUIRED)) == 0) {
651 cERROR(1,
652 ("signing required but server lacks support"));
653 } else
654 server->secMode |= SECMODE_SIGN_REQUIRED;
655 } else {
656 /* signing optional ie CIFSSEC_MAY_SIGN */
643 if((server->secMode & SECMODE_SIGN_REQUIRED) == 0) 657 if((server->secMode & SECMODE_SIGN_REQUIRED) == 0)
644 server->secMode &= 658 server->secMode &=
645 ~(SECMODE_SIGN_ENABLED | SECMODE_SIGN_REQUIRED); 659 ~(SECMODE_SIGN_ENABLED | SECMODE_SIGN_REQUIRED);
646 } else if(sign_CIFS_PDUs == 2) {
647 if((server->secMode &
648 (SECMODE_SIGN_ENABLED | SECMODE_SIGN_REQUIRED)) == 0) {
649 cERROR(1,("signing required but server lacks support"));
650 }
651 } 660 }
661
652neg_err_exit: 662neg_err_exit:
653 cifs_buf_release(pSMB); 663 cifs_buf_release(pSMB);
654 664