]> git.karo-electronics.de Git - karo-tx-linux.git/commitdiff
cifs: move handling of signed connections into separate function
authorJeff Layton <jlayton@redhat.com>
Sun, 26 May 2013 11:00:58 +0000 (07:00 -0400)
committerSteve French <smfrench@gmail.com>
Mon, 10 Jun 2013 22:03:42 +0000 (17:03 -0500)
Move the sanity checks for signed connections into a separate function.
SMB2's was a cut-and-paste job from CIFS code, so we can make them use
the same function.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Reviewed-by: Pavel Shilovsky <piastry@etersoft.ru>
Signed-off-by: Steve French <smfrench@gmail.com>
fs/cifs/cifsproto.h
fs/cifs/cifssmb.c
fs/cifs/smb2pdu.c

index dda188a94332bfbf569121680d3207360e1acc3a..f0e93ffe654cc8cdb556468f34e8d9b81199aa99 100644 (file)
@@ -212,6 +212,7 @@ extern int cifs_negotiate_protocol(const unsigned int xid,
                                   struct cifs_ses *ses);
 extern int cifs_setup_session(const unsigned int xid, struct cifs_ses *ses,
                              struct nls_table *nls_info);
+extern int cifs_enable_signing(struct TCP_Server_Info *server, unsigned int secFlags);
 extern int CIFSSMBNegotiate(const unsigned int xid, struct cifs_ses *ses);
 
 extern int CIFSTCon(const unsigned int xid, struct cifs_ses *ses,
index 5dd4f8a51e0cd210e8f4d296ad74d942e712e757..1a3776322c71ee990601d6be7b078a2800923b1c 100644 (file)
@@ -417,6 +417,38 @@ decode_ext_sec_blob(struct TCP_Server_Info *server, NEGOTIATE_RSP *pSMBr)
        return 0;
 }
 
+int
+cifs_enable_signing(struct TCP_Server_Info *server, unsigned int secFlags)
+{
+       if ((secFlags & CIFSSEC_MAY_SIGN) == 0) {
+               /* MUST_SIGN already includes the MAY_SIGN FLAG
+                  so if this is zero it means that signing is disabled */
+               cifs_dbg(FYI, "Signing disabled\n");
+               if (server->sec_mode & SECMODE_SIGN_REQUIRED) {
+                       cifs_dbg(VFS, "Server requires packet signing to be enabled in /proc/fs/cifs/SecurityFlags\n");
+                       return -EOPNOTSUPP;
+               }
+               server->sec_mode &=
+                       ~(SECMODE_SIGN_ENABLED | SECMODE_SIGN_REQUIRED);
+       } else if ((secFlags & CIFSSEC_MUST_SIGN) == CIFSSEC_MUST_SIGN) {
+               /* signing required */
+               cifs_dbg(FYI, "Must sign - secFlags 0x%x\n", secFlags);
+               if ((server->sec_mode &
+                       (SECMODE_SIGN_ENABLED | SECMODE_SIGN_REQUIRED)) == 0) {
+                       cifs_dbg(VFS, "signing required but server lacks support\n");
+                       return -EOPNOTSUPP;
+               } else
+                       server->sec_mode |= SECMODE_SIGN_REQUIRED;
+       } else {
+               /* signing optional ie CIFSSEC_MAY_SIGN */
+               if ((server->sec_mode & SECMODE_SIGN_REQUIRED) == 0)
+                       server->sec_mode &=
+                               ~(SECMODE_SIGN_ENABLED | SECMODE_SIGN_REQUIRED);
+       }
+
+       return 0;
+}
+
 #ifdef CONFIG_CIFS_WEAK_PW_HASH
 static int
 decode_lanman_negprot_rsp(struct TCP_Server_Info *server, NEGOTIATE_RSP *pSMBr,
@@ -577,10 +609,7 @@ CIFSSMBNegotiate(const unsigned int xid, struct cifs_ses *ses)
                goto neg_err_exit;
        } else if (pSMBr->hdr.WordCount == 13) {
                rc = decode_lanman_negprot_rsp(server, pSMBr, secFlags);
-               if (!rc)
-                       goto signing_check;
-               else
-                       goto neg_err_exit;
+               goto signing_check;
        } else if (pSMBr->hdr.WordCount != 17) {
                /* unknown wct */
                rc = -EOPNOTSUPP;
@@ -642,36 +671,9 @@ CIFSSMBNegotiate(const unsigned int xid, struct cifs_ses *ses)
        else
                server->capabilities &= ~CAP_EXTENDED_SECURITY;
 
-       if (rc)
-               goto neg_err_exit;
-
 signing_check:
-       if ((secFlags & CIFSSEC_MAY_SIGN) == 0) {
-               /* MUST_SIGN already includes the MAY_SIGN FLAG
-                  so if this is zero it means that signing is disabled */
-               cifs_dbg(FYI, "Signing disabled\n");
-               if (server->sec_mode & SECMODE_SIGN_REQUIRED) {
-                       cifs_dbg(VFS, "Server requires packet signing to be enabled in /proc/fs/cifs/SecurityFlags\n");
-                       rc = -EOPNOTSUPP;
-               }
-               server->sec_mode &=
-                       ~(SECMODE_SIGN_ENABLED | SECMODE_SIGN_REQUIRED);
-       } else if ((secFlags & CIFSSEC_MUST_SIGN) == CIFSSEC_MUST_SIGN) {
-               /* signing required */
-               cifs_dbg(FYI, "Must sign - secFlags 0x%x\n", secFlags);
-               if ((server->sec_mode &
-                       (SECMODE_SIGN_ENABLED | SECMODE_SIGN_REQUIRED)) == 0) {
-                       cifs_dbg(VFS, "signing required but server lacks support\n");
-                       rc = -EOPNOTSUPP;
-               } else
-                       server->sec_mode |= SECMODE_SIGN_REQUIRED;
-       } else {
-               /* signing optional ie CIFSSEC_MAY_SIGN */
-               if ((server->sec_mode & SECMODE_SIGN_REQUIRED) == 0)
-                       server->sec_mode &=
-                               ~(SECMODE_SIGN_ENABLED | SECMODE_SIGN_REQUIRED);
-       }
-
+       if (!rc)
+               rc = cifs_enable_signing(server, secFlags);
 neg_err_exit:
        cifs_buf_release(pSMB);
 
index 3af66aa18d3b0306ad183eb2dd764171b84a31ff..ebb97b484ab1dbf340455523b393d7655fe219a8 100644 (file)
@@ -423,36 +423,11 @@ SMB2_negotiate(const unsigned int xid, struct cifs_ses *ses)
        }
 
        cifs_dbg(FYI, "sec_flags 0x%x\n", sec_flags);
-       if ((sec_flags & CIFSSEC_MUST_SIGN) == CIFSSEC_MUST_SIGN) {
-               cifs_dbg(FYI, "Signing required\n");
-               if (!(server->sec_mode & (SMB2_NEGOTIATE_SIGNING_REQUIRED |
-                     SMB2_NEGOTIATE_SIGNING_ENABLED))) {
-                       cifs_dbg(VFS, "signing required but server lacks support\n");
-                       rc = -EOPNOTSUPP;
-                       goto neg_exit;
-               }
-               server->sec_mode |= SECMODE_SIGN_REQUIRED;
-       } else if (sec_flags & CIFSSEC_MAY_SIGN) {
-               cifs_dbg(FYI, "Signing optional\n");
-               if (server->sec_mode & SMB2_NEGOTIATE_SIGNING_REQUIRED) {
-                       cifs_dbg(FYI, "Server requires signing\n");
-                       server->sec_mode |= SECMODE_SIGN_REQUIRED;
-               } else {
-                       server->sec_mode &=
-                               ~(SECMODE_SIGN_ENABLED | SECMODE_SIGN_REQUIRED);
-               }
-       } else {
-               cifs_dbg(FYI, "Signing disabled\n");
-               if (server->sec_mode & SMB2_NEGOTIATE_SIGNING_REQUIRED) {
-                       cifs_dbg(VFS, "Server requires packet signing to be enabled in /proc/fs/cifs/SecurityFlags\n");
-                       rc = -EOPNOTSUPP;
-                       goto neg_exit;
-               }
-               server->sec_mode &=
-                       ~(SECMODE_SIGN_ENABLED | SECMODE_SIGN_REQUIRED);
-       }
-
+       rc = cifs_enable_signing(server, sec_flags);
 #ifdef CONFIG_SMB2_ASN1  /* BB REMOVEME when updated asn1.c ready */
+       if (rc)
+               goto neg_exit;
+
        rc = decode_neg_token_init(security_blob, blob_length,
                                   &server->sec_type);
        if (rc == 1)