On Thu, 23 May 2013 11:05:58 -0400
Jeff Layton <jlayton@xxxxxxxxxx> wrote:
> Currently we have the overrideSecFlg field, but it's quite cumbersome
> to work with. Add some new fields that will eventually supercede it.
>
> Signed-off-by: Jeff Layton <jlayton@xxxxxxxxxx>
> ---
> fs/cifs/cifsfs.c | 11 +++++++----
> fs/cifs/cifsglob.h | 2 ++
> fs/cifs/connect.c | 5 +++++
> 3 files changed, 14 insertions(+), 4 deletions(-)
>
> diff --git a/fs/cifs/cifsfs.c b/fs/cifs/cifsfs.c
> index bb27269..97601fa 100644
> --- a/fs/cifs/cifsfs.c
> +++ b/fs/cifs/cifsfs.c
> @@ -312,11 +312,14 @@ cifs_show_address(struct seq_file *s, struct TCP_Server_Info *server)
> }
>
> static void
> -cifs_show_security(struct seq_file *s, struct TCP_Server_Info *server)
> +cifs_show_security(struct seq_file *s, struct cifs_ses *ses)
> {
> + if (ses->sectype == Unspecified)
> + return;
> +
> seq_printf(s, ",sec=");
>
> - switch (server->secType) {
> + switch (ses->sectype) {
> case LANMAN:
> seq_printf(s, "lanman");
> break;
> @@ -338,7 +341,7 @@ cifs_show_security(struct seq_file *s, struct TCP_Server_Info *server)
> break;
> }
>
> - if (server->sec_mode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
> + if (ses->sign)
> seq_printf(s, "i");
> }
>
> @@ -369,7 +372,7 @@ cifs_show_options(struct seq_file *s, struct dentry *root)
> srcaddr = (struct sockaddr *)&tcon->ses->server->srcaddr;
>
> seq_printf(s, ",vers=%s", tcon->ses->server->vals->version_string);
> - cifs_show_security(s, tcon->ses->server);
> + cifs_show_security(s, tcon->ses);
> cifs_show_cache_flavor(s, cifs_sb);
>
> if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_MULTIUSER)
> diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h
> index 9f88a35..a911a33 100644
> --- a/fs/cifs/cifsglob.h
> +++ b/fs/cifs/cifsglob.h
> @@ -713,6 +713,8 @@ struct cifs_ses {
> char *password;
> struct session_key auth_key;
> struct ntlmssp_auth *ntlmssp; /* ciphertext, flags, server challenge */
> + enum securityEnum sectype; /* what security flavor was specified? */
> + bool sign; /* is signing required? */
> bool need_reconnect:1; /* connection reset, uid now invalid */
> #ifdef CONFIG_CIFS_SMB2
> __u16 session_flags;
> diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
> index 7b71961..072598f 100644
> --- a/fs/cifs/connect.c
> +++ b/fs/cifs/connect.c
> @@ -2513,6 +2513,9 @@ cifs_get_smb_ses(struct TCP_Server_Info *server, struct smb_vol *volume_info)
> ses->linux_uid = volume_info->linux_uid;
>
> ses->overrideSecFlg = volume_info->secFlg;
> + ses->sectype = volume_info->sectype;
> + ses->sign = volume_info->sign ? volume_info->sign :
> + (global_secflags & CIFSSEC_MUST_SIGN);
Note that there's a minor bug in the above line. CIFSSEC_MUST_SIGN is
CIFSSEC_MAY_SIGN or'ed with another bit. So this ends up setting
ses->sign when only CIFSSEC_MAY_SIGN is set. I've got that fixed in my
repo, and the next iteration of the set will include it.
>
> mutex_lock(&ses->session_mutex);
> rc = cifs_negotiate_protocol(xid, ses);
> @@ -3931,6 +3934,8 @@ cifs_construct_tcon(struct cifs_sb_info *cifs_sb, kuid_t fsuid)
> vol_info->nocase = master_tcon->nocase;
> vol_info->local_lease = master_tcon->local_lease;
> vol_info->no_linux_ext = !master_tcon->unix_ext;
> + vol_info->sectype = master_tcon->ses->sectype;
> + vol_info->sign = master_tcon->ses->sign;
>
> rc = cifs_set_vol_auth(vol_info, master_tcon->ses);
> if (rc) {
--
Jeff Layton <jlayton@xxxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe linux-cifs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
