Home Explore Help
Register Sign In
phyus
/
linux-vybrid_public
8
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

cifs: move handling of signed connections into separate function

Move the sanity checks for signed connections into a separate function.
SMB2's was a cut-and-paste job from CIFS code, so we can make them use
the same function.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Reviewed-by: Pavel Shilovsky <piastry@etersoft.ru>
Signed-off-by: Steve French <smfrench@gmail.com>
Jeff Layton 12 years ago
parent
2190eca1d0
commit
9ddec56131
3 changed files with 40 additions and 62 deletions
Split View Show Diff Stats
  1. 1 0
      fs/cifs/cifsproto.h
  2. 35 33
      fs/cifs/cifssmb.c
  3. 4 29
      fs/cifs/smb2pdu.c

+ 1 - 0
fs/cifs/cifsproto.h
View File 

@@ -212,6 +212,7 @@ extern int cifs_negotiate_protocol(const unsigned int xid,
 
 				   struct cifs_ses *ses);
 
 extern int cifs_setup_session(const unsigned int xid, struct cifs_ses *ses,
 
 			      struct nls_table *nls_info);
 
+extern int cifs_enable_signing(struct TCP_Server_Info *server, unsigned int secFlags);
 
 extern int CIFSSMBNegotiate(const unsigned int xid, struct cifs_ses *ses);
 
 
 extern int CIFSTCon(const unsigned int xid, struct cifs_ses *ses,

+ 35 - 33
fs/cifs/cifssmb.c
View File 

@@ -417,6 +417,38 @@ decode_ext_sec_blob(struct TCP_Server_Info *server, NEGOTIATE_RSP *pSMBr)
 
 	return 0;
 
 }
 
 
+int
 
+cifs_enable_signing(struct TCP_Server_Info *server, unsigned int secFlags)
 
+{
 
+	if ((secFlags & CIFSSEC_MAY_SIGN) == 0) {
 
+		/* MUST_SIGN already includes the MAY_SIGN FLAG
 
+		   so if this is zero it means that signing is disabled */
 
+		cifs_dbg(FYI, "Signing disabled\n");
 
+		if (server->sec_mode & SECMODE_SIGN_REQUIRED) {
 
+			cifs_dbg(VFS, "Server requires packet signing to be enabled in /proc/fs/cifs/SecurityFlags\n");
 
+			return -EOPNOTSUPP;
 
+		}
 
+		server->sec_mode &=
 
+			~(SECMODE_SIGN_ENABLED | SECMODE_SIGN_REQUIRED);
 
+	} else if ((secFlags & CIFSSEC_MUST_SIGN) == CIFSSEC_MUST_SIGN) {
 
+		/* signing required */
 
+		cifs_dbg(FYI, "Must sign - secFlags 0x%x\n", secFlags);
 
+		if ((server->sec_mode &
 
+			(SECMODE_SIGN_ENABLED | SECMODE_SIGN_REQUIRED)) == 0) {
 
+			cifs_dbg(VFS, "signing required but server lacks support\n");
 
+			return -EOPNOTSUPP;
 
+		} else
 
+			server->sec_mode |= SECMODE_SIGN_REQUIRED;
 
+	} else {
 
+		/* signing optional ie CIFSSEC_MAY_SIGN */
 
+		if ((server->sec_mode & SECMODE_SIGN_REQUIRED) == 0)
 
+			server->sec_mode &=
 
+				~(SECMODE_SIGN_ENABLED | SECMODE_SIGN_REQUIRED);
 
+	}
 
+
 
+	return 0;
 
+}
 
+
 
 #ifdef CONFIG_CIFS_WEAK_PW_HASH
 
 static int
 
 decode_lanman_negprot_rsp(struct TCP_Server_Info *server, NEGOTIATE_RSP *pSMBr,
 
@@ -577,10 +609,7 @@ CIFSSMBNegotiate(const unsigned int xid, struct cifs_ses *ses)
 
 		goto neg_err_exit;
 
 	} else if (pSMBr->hdr.WordCount == 13) {
 
 		rc = decode_lanman_negprot_rsp(server, pSMBr, secFlags);
 
-		if (!rc)
 
-			goto signing_check;
 
-		else
 
-			goto neg_err_exit;
 
+		goto signing_check;
 
 	} else if (pSMBr->hdr.WordCount != 17) {
 
 		/* unknown wct */
 
 		rc = -EOPNOTSUPP;
 
@@ -642,36 +671,9 @@ CIFSSMBNegotiate(const unsigned int xid, struct cifs_ses *ses)
 
 	else
 
 		server->capabilities &= ~CAP_EXTENDED_SECURITY;
 
 
-	if (rc)
 
-		goto neg_err_exit;
 
-
 
 signing_check:
 
-	if ((secFlags & CIFSSEC_MAY_SIGN) == 0) {
 
-		/* MUST_SIGN already includes the MAY_SIGN FLAG
 
-		   so if this is zero it means that signing is disabled */
 
-		cifs_dbg(FYI, "Signing disabled\n");
 
-		if (server->sec_mode & SECMODE_SIGN_REQUIRED) {
 
-			cifs_dbg(VFS, "Server requires packet signing to be enabled in /proc/fs/cifs/SecurityFlags\n");
 
-			rc = -EOPNOTSUPP;
 
-		}
 
-		server->sec_mode &=
 
-			~(SECMODE_SIGN_ENABLED | SECMODE_SIGN_REQUIRED);
 
-	} else if ((secFlags & CIFSSEC_MUST_SIGN) == CIFSSEC_MUST_SIGN) {
 
-		/* signing required */
 
-		cifs_dbg(FYI, "Must sign - secFlags 0x%x\n", secFlags);
 
-		if ((server->sec_mode &
 
-			(SECMODE_SIGN_ENABLED | SECMODE_SIGN_REQUIRED)) == 0) {
 
-			cifs_dbg(VFS, "signing required but server lacks support\n");
 
-			rc = -EOPNOTSUPP;
 
-		} else
 
-			server->sec_mode |= SECMODE_SIGN_REQUIRED;
 
-	} else {
 
-		/* signing optional ie CIFSSEC_MAY_SIGN */
 
-		if ((server->sec_mode & SECMODE_SIGN_REQUIRED) == 0)
 
-			server->sec_mode &=
 
-				~(SECMODE_SIGN_ENABLED | SECMODE_SIGN_REQUIRED);
 
-	}
 
-
 
+	if (!rc)
 
+		rc = cifs_enable_signing(server, secFlags);
 
 neg_err_exit:
 
 	cifs_buf_release(pSMB);

+ 4 - 29
fs/cifs/smb2pdu.c
View File 

@@ -423,36 +423,11 @@ SMB2_negotiate(const unsigned int xid, struct cifs_ses *ses)
 
 	}
 
 
 	cifs_dbg(FYI, "sec_flags 0x%x\n", sec_flags);
 
-	if ((sec_flags & CIFSSEC_MUST_SIGN) == CIFSSEC_MUST_SIGN) {
 
-		cifs_dbg(FYI, "Signing required\n");
 
-		if (!(server->sec_mode & (SMB2_NEGOTIATE_SIGNING_REQUIRED |
 
-		      SMB2_NEGOTIATE_SIGNING_ENABLED))) {
 
-			cifs_dbg(VFS, "signing required but server lacks support\n");
 
-			rc = -EOPNOTSUPP;
 
-			goto neg_exit;
 
-		}
 
-		server->sec_mode |= SECMODE_SIGN_REQUIRED;
 
-	} else if (sec_flags & CIFSSEC_MAY_SIGN) {
 
-		cifs_dbg(FYI, "Signing optional\n");
 
-		if (server->sec_mode & SMB2_NEGOTIATE_SIGNING_REQUIRED) {
 
-			cifs_dbg(FYI, "Server requires signing\n");
 
-			server->sec_mode |= SECMODE_SIGN_REQUIRED;
 
-		} else {
 
-			server->sec_mode &=
 
-				~(SECMODE_SIGN_ENABLED | SECMODE_SIGN_REQUIRED);
 
-		}
 
-	} else {
 
-		cifs_dbg(FYI, "Signing disabled\n");
 
-		if (server->sec_mode & SMB2_NEGOTIATE_SIGNING_REQUIRED) {
 
-			cifs_dbg(VFS, "Server requires packet signing to be enabled in /proc/fs/cifs/SecurityFlags\n");
 
-			rc = -EOPNOTSUPP;
 
-			goto neg_exit;
 
-		}
 
-		server->sec_mode &=
 
-			~(SECMODE_SIGN_ENABLED | SECMODE_SIGN_REQUIRED);
 
-	}
 
-
 
+	rc = cifs_enable_signing(server, sec_flags);
 
 #ifdef CONFIG_SMB2_ASN1  /* BB REMOVEME when updated asn1.c ready */
 
+	if (rc)
 
+		goto neg_exit;
 
+
 
 	rc = decode_neg_token_init(security_blob, blob_length,
 
 				   &server->sec_type);
 
 	if (rc == 1)