aboutsummaryrefslogtreecommitdiffstats
path: root/fs/cifs
diff options
context:
space:
mode:
Diffstat (limited to 'fs/cifs')
-rw-r--r--fs/cifs/cifsglob.h2
-rw-r--r--fs/cifs/connect.c25
2 files changed, 27 insertions, 0 deletions
diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h
index 87d92e35e991..2f3a89a2c497 100644
--- a/fs/cifs/cifsglob.h
+++ b/fs/cifs/cifsglob.h
@@ -402,6 +402,8 @@ struct smb_vol {
402 umode_t file_mode; 402 umode_t file_mode;
403 umode_t dir_mode; 403 umode_t dir_mode;
404 unsigned secFlg; 404 unsigned secFlg;
405 enum securityEnum sectype; /* sectype requested via mnt opts */
406 bool sign; /* was signing requested via mnt opts? */
405 bool retry:1; 407 bool retry:1;
406 bool intr:1; 408 bool intr:1;
407 bool setuids:1; 409 bool setuids:1;
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
index 2a8b2107ad5f..f638b5e1a2d2 100644
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -1025,11 +1025,21 @@ static int cifs_parse_security_flavors(char *value,
1025 1025
1026 substring_t args[MAX_OPT_ARGS]; 1026 substring_t args[MAX_OPT_ARGS];
1027 1027
1028 /*
1029 * With mount options, the last one should win. Reset any existing
1030 * settings back to default.
1031 */
1032 vol->sectype = Unspecified;
1033 vol->sign = false;
1034
1028 switch (match_token(value, cifs_secflavor_tokens, args)) { 1035 switch (match_token(value, cifs_secflavor_tokens, args)) {
1029 case Opt_sec_krb5: 1036 case Opt_sec_krb5:
1037 vol->sectype = Kerberos;
1030 vol->secFlg |= CIFSSEC_MAY_KRB5 | CIFSSEC_MAY_SIGN; 1038 vol->secFlg |= CIFSSEC_MAY_KRB5 | CIFSSEC_MAY_SIGN;
1031 break; 1039 break;
1032 case Opt_sec_krb5i: 1040 case Opt_sec_krb5i:
1041 vol->sectype = Kerberos;
1042 vol->sign = true;
1033 vol->secFlg |= CIFSSEC_MAY_KRB5 | CIFSSEC_MUST_SIGN; 1043 vol->secFlg |= CIFSSEC_MAY_KRB5 | CIFSSEC_MUST_SIGN;
1034 break; 1044 break;
1035 case Opt_sec_krb5p: 1045 case Opt_sec_krb5p:
@@ -1037,26 +1047,36 @@ static int cifs_parse_security_flavors(char *value,
1037 cifs_dbg(VFS, "Krb5 cifs privacy not supported\n"); 1047 cifs_dbg(VFS, "Krb5 cifs privacy not supported\n");
1038 break; 1048 break;
1039 case Opt_sec_ntlmssp: 1049 case Opt_sec_ntlmssp:
1050 vol->sectype = RawNTLMSSP;
1040 vol->secFlg |= CIFSSEC_MAY_NTLMSSP; 1051 vol->secFlg |= CIFSSEC_MAY_NTLMSSP;
1041 break; 1052 break;
1042 case Opt_sec_ntlmsspi: 1053 case Opt_sec_ntlmsspi:
1054 vol->sectype = RawNTLMSSP;
1055 vol->sign = true;
1043 vol->secFlg |= CIFSSEC_MAY_NTLMSSP | CIFSSEC_MUST_SIGN; 1056 vol->secFlg |= CIFSSEC_MAY_NTLMSSP | CIFSSEC_MUST_SIGN;
1044 break; 1057 break;
1045 case Opt_ntlm: 1058 case Opt_ntlm:
1046 /* ntlm is default so can be turned off too */ 1059 /* ntlm is default so can be turned off too */
1060 vol->sectype = NTLM;
1047 vol->secFlg |= CIFSSEC_MAY_NTLM; 1061 vol->secFlg |= CIFSSEC_MAY_NTLM;
1048 break; 1062 break;
1049 case Opt_sec_ntlmi: 1063 case Opt_sec_ntlmi:
1064 vol->sectype = NTLM;
1065 vol->sign = true;
1050 vol->secFlg |= CIFSSEC_MAY_NTLM | CIFSSEC_MUST_SIGN; 1066 vol->secFlg |= CIFSSEC_MAY_NTLM | CIFSSEC_MUST_SIGN;
1051 break; 1067 break;
1052 case Opt_sec_ntlmv2: 1068 case Opt_sec_ntlmv2:
1069 vol->sectype = NTLMv2;
1053 vol->secFlg |= CIFSSEC_MAY_NTLMV2; 1070 vol->secFlg |= CIFSSEC_MAY_NTLMV2;
1054 break; 1071 break;
1055 case Opt_sec_ntlmv2i: 1072 case Opt_sec_ntlmv2i:
1073 vol->sectype = NTLMv2;
1074 vol->sign = true;
1056 vol->secFlg |= CIFSSEC_MAY_NTLMV2 | CIFSSEC_MUST_SIGN; 1075 vol->secFlg |= CIFSSEC_MAY_NTLMV2 | CIFSSEC_MUST_SIGN;
1057 break; 1076 break;
1058#ifdef CONFIG_CIFS_WEAK_PW_HASH 1077#ifdef CONFIG_CIFS_WEAK_PW_HASH
1059 case Opt_sec_lanman: 1078 case Opt_sec_lanman:
1079 vol->sectype = LANMAN;
1060 vol->secFlg |= CIFSSEC_MAY_LANMAN; 1080 vol->secFlg |= CIFSSEC_MAY_LANMAN;
1061 break; 1081 break;
1062#endif 1082#endif
@@ -1426,6 +1446,7 @@ cifs_parse_mount_options(const char *mountdata, const char *devname,
1426 break; 1446 break;
1427 case Opt_sign: 1447 case Opt_sign:
1428 vol->secFlg |= CIFSSEC_MUST_SIGN; 1448 vol->secFlg |= CIFSSEC_MUST_SIGN;
1449 vol->sign = true;
1429 break; 1450 break;
1430 case Opt_seal: 1451 case Opt_seal:
1431 /* we do not do the following in secFlags because seal 1452 /* we do not do the following in secFlags because seal
@@ -3894,6 +3915,10 @@ cifs_set_vol_auth(struct smb_vol *vol, struct cifs_ses *ses)
3894 case LANMAN: 3915 case LANMAN:
3895 vol->secFlg = CIFSSEC_MUST_LANMAN; 3916 vol->secFlg = CIFSSEC_MUST_LANMAN;
3896 break; 3917 break;
3918 default:
3919 /* should never happen */
3920 vol->secFlg = 0;
3921 break;
3897 } 3922 }
3898 3923
3899 return cifs_set_cifscreds(vol, ses); 3924 return cifs_set_cifscreds(vol, ses);
generated by cgit v1.2.2 (git 2.25.0) at 2025-04-14 08:20:51 -0400