Commit 1e3cc57e authored by Jeff Layton's avatar Jeff Layton Committed by Steve French

add new fields to smb_vol to track the requested security flavor

We have this to some degree already in secFlgs, but those get "or'ed" so
there's no way to know what the last option requested was. Add new fields
that will eventually supercede the secFlgs field in the cifs_ses.
Signed-off-by: default avatarJeff Layton <jlayton@redhat.com>
Reviewed-by: default avatarPavel Shilovsky <piastry@etersoft.ru>
Signed-off-by: default avatarSteve French <smfrench@gmail.com>
parent 28e11bd8
...@@ -402,6 +402,8 @@ struct smb_vol { ...@@ -402,6 +402,8 @@ struct smb_vol {
umode_t file_mode; umode_t file_mode;
umode_t dir_mode; umode_t dir_mode;
unsigned secFlg; unsigned secFlg;
enum securityEnum sectype; /* sectype requested via mnt opts */
bool sign; /* was signing requested via mnt opts? */
bool retry:1; bool retry:1;
bool intr:1; bool intr:1;
bool setuids:1; bool setuids:1;
......
...@@ -1025,11 +1025,21 @@ static int cifs_parse_security_flavors(char *value, ...@@ -1025,11 +1025,21 @@ static int cifs_parse_security_flavors(char *value,
substring_t args[MAX_OPT_ARGS]; substring_t args[MAX_OPT_ARGS];
/*
* With mount options, the last one should win. Reset any existing
* settings back to default.
*/
vol->sectype = Unspecified;
vol->sign = false;
switch (match_token(value, cifs_secflavor_tokens, args)) { switch (match_token(value, cifs_secflavor_tokens, args)) {
case Opt_sec_krb5: case Opt_sec_krb5:
vol->sectype = Kerberos;
vol->secFlg |= CIFSSEC_MAY_KRB5 | CIFSSEC_MAY_SIGN; vol->secFlg |= CIFSSEC_MAY_KRB5 | CIFSSEC_MAY_SIGN;
break; break;
case Opt_sec_krb5i: case Opt_sec_krb5i:
vol->sectype = Kerberos;
vol->sign = true;
vol->secFlg |= CIFSSEC_MAY_KRB5 | CIFSSEC_MUST_SIGN; vol->secFlg |= CIFSSEC_MAY_KRB5 | CIFSSEC_MUST_SIGN;
break; break;
case Opt_sec_krb5p: case Opt_sec_krb5p:
...@@ -1037,26 +1047,36 @@ static int cifs_parse_security_flavors(char *value, ...@@ -1037,26 +1047,36 @@ static int cifs_parse_security_flavors(char *value,
cifs_dbg(VFS, "Krb5 cifs privacy not supported\n"); cifs_dbg(VFS, "Krb5 cifs privacy not supported\n");
break; break;
case Opt_sec_ntlmssp: case Opt_sec_ntlmssp:
vol->sectype = RawNTLMSSP;
vol->secFlg |= CIFSSEC_MAY_NTLMSSP; vol->secFlg |= CIFSSEC_MAY_NTLMSSP;
break; break;
case Opt_sec_ntlmsspi: case Opt_sec_ntlmsspi:
vol->sectype = RawNTLMSSP;
vol->sign = true;
vol->secFlg |= CIFSSEC_MAY_NTLMSSP | CIFSSEC_MUST_SIGN; vol->secFlg |= CIFSSEC_MAY_NTLMSSP | CIFSSEC_MUST_SIGN;
break; break;
case Opt_ntlm: case Opt_ntlm:
/* ntlm is default so can be turned off too */ /* ntlm is default so can be turned off too */
vol->sectype = NTLM;
vol->secFlg |= CIFSSEC_MAY_NTLM; vol->secFlg |= CIFSSEC_MAY_NTLM;
break; break;
case Opt_sec_ntlmi: case Opt_sec_ntlmi:
vol->sectype = NTLM;
vol->sign = true;
vol->secFlg |= CIFSSEC_MAY_NTLM | CIFSSEC_MUST_SIGN; vol->secFlg |= CIFSSEC_MAY_NTLM | CIFSSEC_MUST_SIGN;
break; break;
case Opt_sec_ntlmv2: case Opt_sec_ntlmv2:
vol->sectype = NTLMv2;
vol->secFlg |= CIFSSEC_MAY_NTLMV2; vol->secFlg |= CIFSSEC_MAY_NTLMV2;
break; break;
case Opt_sec_ntlmv2i: case Opt_sec_ntlmv2i:
vol->sectype = NTLMv2;
vol->sign = true;
vol->secFlg |= CIFSSEC_MAY_NTLMV2 | CIFSSEC_MUST_SIGN; vol->secFlg |= CIFSSEC_MAY_NTLMV2 | CIFSSEC_MUST_SIGN;
break; break;
#ifdef CONFIG_CIFS_WEAK_PW_HASH #ifdef CONFIG_CIFS_WEAK_PW_HASH
case Opt_sec_lanman: case Opt_sec_lanman:
vol->sectype = LANMAN;
vol->secFlg |= CIFSSEC_MAY_LANMAN; vol->secFlg |= CIFSSEC_MAY_LANMAN;
break; break;
#endif #endif
...@@ -1426,6 +1446,7 @@ cifs_parse_mount_options(const char *mountdata, const char *devname, ...@@ -1426,6 +1446,7 @@ cifs_parse_mount_options(const char *mountdata, const char *devname,
break; break;
case Opt_sign: case Opt_sign:
vol->secFlg |= CIFSSEC_MUST_SIGN; vol->secFlg |= CIFSSEC_MUST_SIGN;
vol->sign = true;
break; break;
case Opt_seal: case Opt_seal:
/* we do not do the following in secFlags because seal /* we do not do the following in secFlags because seal
...@@ -3894,6 +3915,10 @@ cifs_set_vol_auth(struct smb_vol *vol, struct cifs_ses *ses) ...@@ -3894,6 +3915,10 @@ cifs_set_vol_auth(struct smb_vol *vol, struct cifs_ses *ses)
case LANMAN: case LANMAN:
vol->secFlg = CIFSSEC_MUST_LANMAN; vol->secFlg = CIFSSEC_MUST_LANMAN;
break; break;
default:
/* should never happen */
vol->secFlg = 0;
break;
} }
return cifs_set_cifscreds(vol, ses); return cifs_set_cifscreds(vol, ses);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment