SMB3 mounts fail with access denied to some servers

commit 52c0f4ad8ed462d81f1d37f56a74a71dc0c9bf0f upstream.

We were checking incorrectly if signatures were required to be sent,
so were always sending signatures after the initial session establishment.
For SMB3 mounts (vers=3.0) this was a problem because we were putting
SMB2 signatures in SMB3 requests which would cause access denied
on mount (the tree connection would fail).

This might also be worth considering for stable (for 3.7), as the
error message on mount (access denied) is confusing to users and
there is no workaround if the server is configured to only
support smb3.0. I am ok either way.

Signed-off-by: Steve French <smfrench@gmail.com>
Reviewed-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c
index cf33622cdac841c7108d76043cf70ca7fab252e7..e7f9dbc33ce2065e157bf644cab9ee33cf3298bc 100644 (file)
--- a/fs/cifs/smb2pdu.c
+++ b/fs/cifs/smb2pdu.c
@@ -425,7 +425,7 @@ SMB2_negotiate(const unsigned int xid, struct cifs_ses *ses)
        }
 
        cFYI(1, "sec_flags 0x%x", sec_flags);
-       if (sec_flags & CIFSSEC_MUST_SIGN) {
+       if ((sec_flags & CIFSSEC_MUST_SIGN) == CIFSSEC_MUST_SIGN) {
                cFYI(1, "Signing required");
                if (!(server->sec_mode & (SMB2_NEGOTIATE_SIGNING_REQUIRED |
                      SMB2_NEGOTIATE_SIGNING_ENABLED))) {