[CIFS] Mount should fail if server signing off but client mount option requires it

Wed, 18 Jul 2007 19:01:05 -0700 

Gitweb:     
http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=38c10a1ddb24b9fa9f25b6c21d0390a9723ae6d6
Commit:     38c10a1ddb24b9fa9f25b6c21d0390a9723ae6d6
Parent:     d38d8c74c7cdfae910f9cd0ac5e1b7ba2d8a2fb2
Author:     Jeff <[EMAIL PROTECTED]>
AuthorDate: Fri Jul 6 21:10:07 2007 +0000
Committer:  Steve French <[EMAIL PROTECTED]>
CommitDate: Fri Jul 6 21:10:07 2007 +0000

    [CIFS] Mount should fail if server signing off but client mount option 
requires it
    
    Currently, if mount with a signing-enabled sec= option (e.g.
    sec=ntlmi), the kernel does a warning printk if the server doesn't
    support signing, and then proceeds without signatures.
    
    This is probably OK for people that think to look at the ring buffer,
    but seems wrong to me. If someone explicitly requests signing, we
    should error out if that request can't be satisfied. They can then
    reattempt the mount without signing if that's ok.
    
    Signed-off-by: Jeff Layton <[EMAIL PROTECTED]>
    Signed-off-by: Steve French <[EMAIL PROTECTED]>
---
 fs/cifs/CHANGES   |    1 +
 fs/cifs/cifssmb.c |    3 ++-
 2 files changed, 3 insertions(+), 1 deletions(-)

diff --git a/fs/cifs/CHANGES b/fs/cifs/CHANGES
index b4d388d..258130e 100644
--- a/fs/cifs/CHANGES
+++ b/fs/cifs/CHANGES
@@ -12,6 +12,7 @@ to match what documentation said. Support for very large 
reads, over 127K,
 available to some newer servers (such as Samba 3.0.26 and later but
 note that it also requires setting CIFSMaxBufSize at module install
 time to a larger value which may hurt performance in some cases).
+Make sign option force signing (or fail if server does not support it).
 
 Version 1.48
 ------------
diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c
index 4a2458e..b4916eb 100644
--- a/fs/cifs/cifssmb.c
+++ b/fs/cifs/cifssmb.c
@@ -645,11 +645,12 @@ signing_check:
                        ~(SECMODE_SIGN_ENABLED | SECMODE_SIGN_REQUIRED);
        } else if ((secFlags & CIFSSEC_MUST_SIGN) == CIFSSEC_MUST_SIGN) {
                /* signing required */
-               cFYI(1, ("Must sign - segFlags 0x%x", secFlags));
+               cFYI(1, ("Must sign - secFlags 0x%x", secFlags));
                if ((server->secMode &
                        (SECMODE_SIGN_ENABLED | SECMODE_SIGN_REQUIRED)) == 0) {
                        cERROR(1,
                                ("signing required but server lacks support"));
+                       rc = -EOPNOTSUPP;
                } else
                        server->secMode |= SECMODE_SIGN_REQUIRED;
        } else {
-
To unsubscribe from this list: send the line "unsubscribe git-commits-head" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to