Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

This project is archived. Its data is read-only.

Commit 38c10a1d authored Jul 06, 2007 by Jeff Committed by Steve French Jul 06, 2007

[CIFS] Mount should fail if server signing off but client mount option requires it



Currently, if mount with a signing-enabled sec= option (e.g.
sec=ntlmi), the kernel does a warning printk if the server doesn't
support signing, and then proceeds without signatures.

This is probably OK for people that think to look at the ring buffer,
but seems wrong to me. If someone explicitly requests signing, we
should error out if that request can't be satisfied. They can then
reattempt the mount without signing if that's ok.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>

parent d38d8c74

fs/cifs/CHANGES

+1 −0

Original line number	Original line	Diff line number	Diff line
	@@ -12,6 +12,7 @@ to match what documentation said. Support for very large reads, over 127K,
	available to some newer servers (such as Samba 3.0.26 and later but		available to some newer servers (such as Samba 3.0.26 and later but
	note that it also requires setting CIFSMaxBufSize at module install		note that it also requires setting CIFSMaxBufSize at module install
	time to a larger value which may hurt performance in some cases).		time to a larger value which may hurt performance in some cases).
			Make sign option force signing (or fail if server does not support it).

	Version 1.48		Version 1.48
	------------		------------

fs/cifs/cifssmb.c

+2 −1

Original line number	Original line	Diff line number	Diff line
	@@ -645,11 +645,12 @@ signing_check:
	~(SECMODE_SIGN_ENABLED \| SECMODE_SIGN_REQUIRED);		~(SECMODE_SIGN_ENABLED \| SECMODE_SIGN_REQUIRED);
	} else if ((secFlags & CIFSSEC_MUST_SIGN) == CIFSSEC_MUST_SIGN) {		} else if ((secFlags & CIFSSEC_MUST_SIGN) == CIFSSEC_MUST_SIGN) {
	/* signing required */		/* signing required */
	cFYI(1, ("Must sign - segFlags 0x%x", secFlags));		cFYI(1, ("Must sign - secFlags 0x%x", secFlags));
	if ((server->secMode &		if ((server->secMode &
	(SECMODE_SIGN_ENABLED \| SECMODE_SIGN_REQUIRED)) == 0) {		(SECMODE_SIGN_ENABLED \| SECMODE_SIGN_REQUIRED)) == 0) {
	cERROR(1,		cERROR(1,
	("signing required but server lacks support"));		("signing required but server lacks support"));
			rc = -EOPNOTSUPP;
	} else		} else
	server->secMode \|= SECMODE_SIGN_REQUIRED;		server->secMode \|= SECMODE_SIGN_REQUIRED;
	} else {		} else {