Sākums Izpētīt Palīdzība
Reģistrēties Pierakstīties
phyus
/
linux-vybrid_public
8
0
Atdalīts 0
Faili Problēmas 0 Izmaiņu pieprasījumi 0 Vikivietne
Pārlūkot izejas kodu

cifs: match secType when searching for existing tcp session

The secType is a per-tcp session entity, but the current routine doesn't
verify that it is acceptible when attempting to match an existing TCP
session.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
Jeff Layton 15 gadi atpakaļ
vecāks
4515148ef7
revīzija
daf5b0b6f3
2 mainītis faili ar 54 papildinājumiem un 4 dzēšanām
Dalītais skats Rādīt salīdzināšanas statistiku
  1. 1 2
      fs/cifs/cifsglob.h
  2. 53 2
      fs/cifs/connect.c

+ 1 - 2
fs/cifs/cifsglob.h
Parādīt failu 

@@ -83,8 +83,7 @@ enum statusEnum {
 
 };
 
 
 enum securityEnum {
 
-	PLAINTXT = 0, 		/* Legacy with Plaintext passwords */
 
-	LANMAN,			/* Legacy LANMAN auth */
 
+	LANMAN = 0,			/* Legacy LANMAN auth */
 
 	NTLM,			/* Legacy NTLM012 auth with NTLM hash */
 
 	NTLMv2,			/* Legacy NTLM auth with NTLMv2 hash */
 
 	RawNTLMSSP,		/* NTLMSSP without SPNEGO, NTLMv2 hash */

+ 53 - 2
fs/cifs/connect.c
Parādīt failu 

@@ -1412,8 +1412,56 @@ match_address(struct TCP_Server_Info *server, struct sockaddr *addr)
 
 	return true;
 
 }
 
 
+static bool
 
+match_security(struct TCP_Server_Info *server, struct smb_vol *vol)
 
+{
 
+	unsigned int secFlags;
 
+
 
+	if (vol->secFlg & (~(CIFSSEC_MUST_SIGN | CIFSSEC_MUST_SEAL)))
 
+		secFlags = vol->secFlg;
 
+	else
 
+		secFlags = global_secflags | vol->secFlg;
 
+
 
+	switch (server->secType) {
 
+	case LANMAN:
 
+		if (!(secFlags & (CIFSSEC_MAY_LANMAN|CIFSSEC_MAY_PLNTXT)))
 
+			return false;
 
+		break;
 
+	case NTLMv2:
 
+		if (!(secFlags & CIFSSEC_MAY_NTLMV2))
 
+			return false;
 
+		break;
 
+	case NTLM:
 
+		if (!(secFlags & CIFSSEC_MAY_NTLM))
 
+			return false;
 
+		break;
 
+	case Kerberos:
 
+		if (!(secFlags & CIFSSEC_MAY_KRB5))
 
+			return false;
 
+		break;
 
+	case RawNTLMSSP:
 
+		if (!(secFlags & CIFSSEC_MAY_NTLMSSP))
 
+			return false;
 
+		break;
 
+	default:
 
+		/* shouldn't happen */
 
+		return false;
 
+	}
 
+
 
+	/* now check if signing mode is acceptible */
 
+	if ((secFlags & CIFSSEC_MAY_SIGN) == 0 &&
 
+	    (server->secMode & SECMODE_SIGN_REQUIRED))
 
+			return false;
 
+	else if (((secFlags & CIFSSEC_MUST_SIGN) == CIFSSEC_MUST_SIGN) &&
 
+		 (server->secMode &
 
+		  (SECMODE_SIGN_ENABLED|SECMODE_SIGN_REQUIRED)) == 0)
 
+			return false;
 
+
 
+	return true;
 
+}
 
+
 
 static struct TCP_Server_Info *
 
-cifs_find_tcp_session(struct sockaddr *addr)
 
+cifs_find_tcp_session(struct sockaddr *addr, struct smb_vol *vol)
 
 {
 
 	struct TCP_Server_Info *server;
 
 
@@ -1431,6 +1479,9 @@ cifs_find_tcp_session(struct sockaddr *addr)
 
 		if (!match_address(server, addr))
 
 			continue;
 
 
+		if (!match_security(server, vol))
 
+			continue;
 
+
 
 		++server->srv_count;
 
 		write_unlock(&cifs_tcp_ses_lock);
 
 		cFYI(1, "Existing tcp session with server found");
 
@@ -1501,7 +1552,7 @@ cifs_get_tcp_session(struct smb_vol *volume_info)
 
 	}
 
 
 	/* see if we already have a matching tcp_ses */
 
-	tcp_ses = cifs_find_tcp_session((struct sockaddr *)&addr);
 
+	tcp_ses = cifs_find_tcp_session((struct sockaddr *)&addr, volume_info);
 
 	if (tcp_ses)
 
 		return tcp_ses;