Gitweb:
http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=762e5ab77c803c819e45d054518a98efb70b0f60
Commit: 762e5ab77c803c819e45d054518a98efb70b0f60
Parent: 467a8f8d480190a98cec3e4362c51c2a27157115
Author: Steve French <[EMAIL PROTECTED]>
AuthorDate: Thu Jun 28 18:41:42 2007 +0000
Committer: Steve French <[EMAIL PROTECTED]>
CommitDate: Thu Jun 28 18:41:42 2007 +0000
[CIFS] Fix sign mount option and sign proc config setting
We were checking the wrong (old) global variable to determine
whether to override server and force signing on the SMB
connection.
Acked-by: Dave Kleikamp <[EMAIL PROTECTED]>
Signed-off-by: Steve French <[EMAIL PROTECTED]>
---
fs/cifs/cifs_debug.c | 92 ++++---------------------------------------------
fs/cifs/cifssmb.c | 32 +++++++++++------
2 files changed, 29 insertions(+), 95 deletions(-)
diff --git a/fs/cifs/cifs_debug.c b/fs/cifs/cifs_debug.c
index ebd1335..42fafa1 100644
--- a/fs/cifs/cifs_debug.c
+++ b/fs/cifs/cifs_debug.c
@@ -901,90 +901,14 @@ security_flags_write(struct file *file, const char __user
*buffer,
}
/* flags look ok - update the global security flags for cifs module */
extended_security = flags;
+ if (extended_security & CIFSSEC_MUST_SIGN) {
+ /* requiring signing implies signing is allowed */
+ extended_security |= CIFSSEC_MAY_SIGN;
+ cFYI(1, ("packet signing now required"));
+ } else if ((extended_security & CIFSSEC_MAY_SIGN) == 0) {
+ cFYI(1, ("packet signing disabled"));
+ }
+ /* BB should we turn on MAY flags for other MUST options? */
return count;
}
-
-/* static int
-ntlmv2_enabled_read(char *page, char **start, off_t off,
- int count, int *eof, void *data)
-{
- int len;
-
- len = sprintf(page, "%d\n", ntlmv2_support);
-
- len -= off;
- *start = page + off;
-
- if (len > count)
- len = count;
- else
- *eof = 1;
-
- if (len < 0)
- len = 0;
-
- return len;
-}
-static int
-ntlmv2_enabled_write(struct file *file, const char __user *buffer,
- unsigned long count, void *data)
-{
- char c;
- int rc;
-
- rc = get_user(c, buffer);
- if (rc)
- return rc;
- if (c == '0' || c == 'n' || c == 'N')
- ntlmv2_support = 0;
- else if (c == '1' || c == 'y' || c == 'Y')
- ntlmv2_support = 1;
- else if (c == '2')
- ntlmv2_support = 2;
-
- return count;
-}
-
-static int
-packet_signing_enabled_read(char *page, char **start, off_t off,
- int count, int *eof, void *data)
-{
- int len;
-
- len = sprintf(page, "%d\n", sign_CIFS_PDUs);
-
- len -= off;
- *start = page + off;
-
- if (len > count)
- len = count;
- else
- *eof = 1;
-
- if (len < 0)
- len = 0;
-
- return len;
-}
-static int
-packet_signing_enabled_write(struct file *file, const char __user *buffer,
- unsigned long count, void *data)
-{
- char c;
- int rc;
-
- rc = get_user(c, buffer);
- if (rc)
- return rc;
- if (c == '0' || c == 'n' || c == 'N')
- sign_CIFS_PDUs = 0;
- else if (c == '1' || c == 'y' || c == 'Y')
- sign_CIFS_PDUs = 1;
- else if (c == '2')
- sign_CIFS_PDUs = 2;
-
- return count;
-} */
-
-
#endif
diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c
index 57419a1..4a2458e 100644
--- a/fs/cifs/cifssmb.c
+++ b/fs/cifs/cifssmb.c
@@ -426,11 +426,11 @@ CIFSSMBNegotiate(unsigned int xid, struct cifsSesInfo
*ses)
/* if any of auth flags (ie not sign or seal) are overriden use them */
if(ses->overrideSecFlg & (~(CIFSSEC_MUST_SIGN | CIFSSEC_MUST_SEAL)))
- secFlags = ses->overrideSecFlg;
+ secFlags = ses->overrideSecFlg; /* BB FIXME fix sign flags? */
else /* if override flags set only sign/seal OR them with global auth */
secFlags = extended_security | ses->overrideSecFlg;
- cFYI(1,("secFlags 0x%x",secFlags));
+ cFYI(1, ("secFlags 0x%x", secFlags));
pSMB->hdr.Mid = GetNextMid(server);
pSMB->hdr.Flags2 |= (SMBFLG2_UNICODE | SMBFLG2_ERR_STATUS);
@@ -633,22 +633,32 @@ CIFSSMBNegotiate(unsigned int xid, struct cifsSesInfo
*ses)
#ifdef CONFIG_CIFS_WEAK_PW_HASH
signing_check:
#endif
- if(sign_CIFS_PDUs == FALSE) {
+ if ((secFlags & CIFSSEC_MAY_SIGN) == 0) {
+ /* MUST_SIGN already includes the MAY_SIGN FLAG
+ so if this is zero it means that signing is disabled */
+ cFYI(1, ("Signing disabled"));
if(server->secMode & SECMODE_SIGN_REQUIRED)
- cERROR(1,("Server requires "
- "/proc/fs/cifs/PacketSigningEnabled to be
on"));
+ cERROR(1, ("Server requires "
+ "/proc/fs/cifs/PacketSigningEnabled "
+ "to be on"));
server->secMode &=
~(SECMODE_SIGN_ENABLED | SECMODE_SIGN_REQUIRED);
- } else if(sign_CIFS_PDUs == 1) {
+ } else if ((secFlags & CIFSSEC_MUST_SIGN) == CIFSSEC_MUST_SIGN) {
+ /* signing required */
+ cFYI(1, ("Must sign - segFlags 0x%x", secFlags));
+ if ((server->secMode &
+ (SECMODE_SIGN_ENABLED | SECMODE_SIGN_REQUIRED)) == 0) {
+ cERROR(1,
+ ("signing required but server lacks support"));
+ } else
+ server->secMode |= SECMODE_SIGN_REQUIRED;
+ } else {
+ /* signing optional ie CIFSSEC_MAY_SIGN */
if((server->secMode & SECMODE_SIGN_REQUIRED) == 0)
server->secMode &=
~(SECMODE_SIGN_ENABLED | SECMODE_SIGN_REQUIRED);
- } else if(sign_CIFS_PDUs == 2) {
- if((server->secMode &
- (SECMODE_SIGN_ENABLED | SECMODE_SIGN_REQUIRED)) == 0) {
- cERROR(1,("signing required but server lacks support"));
- }
}
+
neg_err_exit:
cifs_buf_release(pSMB);
-
To unsubscribe from this list: send the line "unsubscribe git-commits-head" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
