diff options
Diffstat (limited to 'fs')
-rw-r--r-- | fs/cifs/README | 5 | ||||
-rw-r--r-- | fs/cifs/cifsglob.h | 1 | ||||
-rw-r--r-- | fs/cifs/connect.c | 25 |
3 files changed, 23 insertions, 8 deletions
diff --git a/fs/cifs/README b/fs/cifs/README index 621aa1a85971..2bd6fe556f88 100644 --- a/fs/cifs/README +++ b/fs/cifs/README | |||
@@ -483,6 +483,11 @@ A partial list of the supported mount options follows: | |||
483 | sign Must use packet signing (helps avoid unwanted data modification | 483 | sign Must use packet signing (helps avoid unwanted data modification |
484 | by intermediate systems in the route). Note that signing | 484 | by intermediate systems in the route). Note that signing |
485 | does not work with lanman or plaintext authentication. | 485 | does not work with lanman or plaintext authentication. |
486 | seal Must seal (encrypt) all data on this mounted share before | ||
487 | sending on the network. Requires support for Unix Extensions. | ||
488 | Note that this differs from the sign mount option in that it | ||
489 | causes encryption of data sent over this mounted share but other | ||
490 | shares mounted to the same server are unaffected. | ||
486 | sec Security mode. Allowed values are: | 491 | sec Security mode. Allowed values are: |
487 | none attempt to connection as a null user (no name) | 492 | none attempt to connection as a null user (no name) |
488 | krb5 Use Kerberos version 5 authentication | 493 | krb5 Use Kerberos version 5 authentication |
diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h index b7d9f698e63e..08914053242b 100644 --- a/fs/cifs/cifsglob.h +++ b/fs/cifs/cifsglob.h | |||
@@ -281,6 +281,7 @@ struct cifsTconInfo { | |||
281 | bool ipc:1; /* set if connection to IPC$ eg for RPC/PIPES */ | 281 | bool ipc:1; /* set if connection to IPC$ eg for RPC/PIPES */ |
282 | bool retry:1; | 282 | bool retry:1; |
283 | bool nocase:1; | 283 | bool nocase:1; |
284 | bool seal:1; /* transport encryption for this mounted share */ | ||
284 | bool unix_ext:1; /* if false disable Linux extensions to CIFS protocol | 285 | bool unix_ext:1; /* if false disable Linux extensions to CIFS protocol |
285 | for this mount even if server would support */ | 286 | for this mount even if server would support */ |
286 | /* BB add field for back pointer to sb struct(s)? */ | 287 | /* BB add field for back pointer to sb struct(s)? */ |
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c index c397fcfd9f1a..023434f72c15 100644 --- a/fs/cifs/connect.c +++ b/fs/cifs/connect.c | |||
@@ -60,7 +60,7 @@ struct smb_vol { | |||
60 | char *domainname; | 60 | char *domainname; |
61 | char *UNC; | 61 | char *UNC; |
62 | char *UNCip; | 62 | char *UNCip; |
63 | char *in6_addr; /* ipv6 address as human readable form of in6_addr */ | 63 | char *in6_addr; /* ipv6 address as human readable form of in6_addr */ |
64 | char *iocharset; /* local code page for mapping to and from Unicode */ | 64 | char *iocharset; /* local code page for mapping to and from Unicode */ |
65 | char source_rfc1001_name[16]; /* netbios name of client */ | 65 | char source_rfc1001_name[16]; /* netbios name of client */ |
66 | char target_rfc1001_name[16]; /* netbios name of server for Win9x/ME */ | 66 | char target_rfc1001_name[16]; /* netbios name of server for Win9x/ME */ |
@@ -82,13 +82,14 @@ struct smb_vol { | |||
82 | bool no_xattr:1; /* set if xattr (EA) support should be disabled*/ | 82 | bool no_xattr:1; /* set if xattr (EA) support should be disabled*/ |
83 | bool server_ino:1; /* use inode numbers from server ie UniqueId */ | 83 | bool server_ino:1; /* use inode numbers from server ie UniqueId */ |
84 | bool direct_io:1; | 84 | bool direct_io:1; |
85 | bool remap:1; /* set to remap seven reserved chars in filenames */ | 85 | bool remap:1; /* set to remap seven reserved chars in filenames */ |
86 | bool posix_paths:1; /* unset to not ask for posix pathnames. */ | 86 | bool posix_paths:1; /* unset to not ask for posix pathnames. */ |
87 | bool no_linux_ext:1; | 87 | bool no_linux_ext:1; |
88 | bool sfu_emul:1; | 88 | bool sfu_emul:1; |
89 | bool nullauth:1; /* attempt to authenticate with null user */ | 89 | bool nullauth:1; /* attempt to authenticate with null user */ |
90 | unsigned nocase; /* request case insensitive filenames */ | 90 | bool nocase:1; /* request case insensitive filenames */ |
91 | unsigned nobrl; /* disable sending byte range locks to srv */ | 91 | bool nobrl:1; /* disable sending byte range locks to srv */ |
92 | bool seal:1; /* request transport encryption on share */ | ||
92 | unsigned int rsize; | 93 | unsigned int rsize; |
93 | unsigned int wsize; | 94 | unsigned int wsize; |
94 | unsigned int sockopt; | 95 | unsigned int sockopt; |
@@ -1273,8 +1274,12 @@ cifs_parse_mount_options(char *options, const char *devname, | |||
1273 | vol->no_psx_acl = 1; | 1274 | vol->no_psx_acl = 1; |
1274 | } else if (strnicmp(data, "sign", 4) == 0) { | 1275 | } else if (strnicmp(data, "sign", 4) == 0) { |
1275 | vol->secFlg |= CIFSSEC_MUST_SIGN; | 1276 | vol->secFlg |= CIFSSEC_MUST_SIGN; |
1276 | /* } else if (strnicmp(data, "seal",4) == 0) { | 1277 | } else if (strnicmp(data, "seal", 4) == 0) { |
1277 | vol->secFlg |= CIFSSEC_MUST_SEAL; */ | 1278 | /* we do not do the following in secFlags because seal |
1279 | is a per tree connection (mount) not a per socket | ||
1280 | or per-smb connection option in the protocol */ | ||
1281 | /* vol->secFlg |= CIFSSEC_MUST_SEAL; */ | ||
1282 | vol->seal = 1; | ||
1278 | } else if (strnicmp(data, "direct", 6) == 0) { | 1283 | } else if (strnicmp(data, "direct", 6) == 0) { |
1279 | vol->direct_io = 1; | 1284 | vol->direct_io = 1; |
1280 | } else if (strnicmp(data, "forcedirectio", 13) == 0) { | 1285 | } else if (strnicmp(data, "forcedirectio", 13) == 0) { |
@@ -2126,6 +2131,9 @@ cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb, | |||
2126 | for the retry flag is used */ | 2131 | for the retry flag is used */ |
2127 | tcon->retry = volume_info.retry; | 2132 | tcon->retry = volume_info.retry; |
2128 | tcon->nocase = volume_info.nocase; | 2133 | tcon->nocase = volume_info.nocase; |
2134 | if (tcon->seal != volume_info.seal) | ||
2135 | cERROR(1, ("transport encryption setting " | ||
2136 | "conflicts with existing tid")); | ||
2129 | } else { | 2137 | } else { |
2130 | tcon = tconInfoAlloc(); | 2138 | tcon = tconInfoAlloc(); |
2131 | if (tcon == NULL) | 2139 | if (tcon == NULL) |
@@ -2159,6 +2167,7 @@ cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb, | |||
2159 | atomic_inc(&pSesInfo->inUse); | 2167 | atomic_inc(&pSesInfo->inUse); |
2160 | tcon->retry = volume_info.retry; | 2168 | tcon->retry = volume_info.retry; |
2161 | tcon->nocase = volume_info.nocase; | 2169 | tcon->nocase = volume_info.nocase; |
2170 | tcon->seal = volume_info.seal; | ||
2162 | } | 2171 | } |
2163 | } | 2172 | } |
2164 | } | 2173 | } |