diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h index 87d92e35e991de067a53bc9e18bb56e50cb5c040..2f3a89a2c497767ac47e549f2fbaebe47ab15f0c 100644 --- a/fs/cifs/cifsglob.h +++ b/fs/cifs/cifsglob.h @@ -402,6 +402,8 @@ struct smb_vol { umode_t file_mode; umode_t dir_mode; unsigned secFlg; + enum securityEnum sectype; /* sectype requested via mnt opts */ + bool sign; /* was signing requested via mnt opts? */ bool retry:1; bool intr:1; bool setuids:1; diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c index 2a8b2107ad5f87e94bac6cf4ce8870ea25078846..f638b5e1a2d27eeac1e75610eea772ef5b0f0ab9 100644 --- a/fs/cifs/connect.c +++ b/fs/cifs/connect.c @@ -1025,11 +1025,21 @@ static int cifs_parse_security_flavors(char *value, substring_t args[MAX_OPT_ARGS]; + /* + * With mount options, the last one should win. Reset any existing + * settings back to default. + */ + vol->sectype = Unspecified; + vol->sign = false; + switch (match_token(value, cifs_secflavor_tokens, args)) { case Opt_sec_krb5: + vol->sectype = Kerberos; vol->secFlg |= CIFSSEC_MAY_KRB5 | CIFSSEC_MAY_SIGN; break; case Opt_sec_krb5i: + vol->sectype = Kerberos; + vol->sign = true; vol->secFlg |= CIFSSEC_MAY_KRB5 | CIFSSEC_MUST_SIGN; break; case Opt_sec_krb5p: @@ -1037,26 +1047,36 @@ static int cifs_parse_security_flavors(char *value, cifs_dbg(VFS, "Krb5 cifs privacy not supported\n"); break; case Opt_sec_ntlmssp: + vol->sectype = RawNTLMSSP; vol->secFlg |= CIFSSEC_MAY_NTLMSSP; break; case Opt_sec_ntlmsspi: + vol->sectype = RawNTLMSSP; + vol->sign = true; vol->secFlg |= CIFSSEC_MAY_NTLMSSP | CIFSSEC_MUST_SIGN; break; case Opt_ntlm: /* ntlm is default so can be turned off too */ + vol->sectype = NTLM; vol->secFlg |= CIFSSEC_MAY_NTLM; break; case Opt_sec_ntlmi: + vol->sectype = NTLM; + vol->sign = true; vol->secFlg |= CIFSSEC_MAY_NTLM | CIFSSEC_MUST_SIGN; break; case Opt_sec_ntlmv2: + vol->sectype = NTLMv2; vol->secFlg |= CIFSSEC_MAY_NTLMV2; break; case Opt_sec_ntlmv2i: + vol->sectype = NTLMv2; + vol->sign = true; vol->secFlg |= CIFSSEC_MAY_NTLMV2 | CIFSSEC_MUST_SIGN; break; #ifdef CONFIG_CIFS_WEAK_PW_HASH case Opt_sec_lanman: + vol->sectype = LANMAN; vol->secFlg |= CIFSSEC_MAY_LANMAN; break; #endif @@ -1426,6 +1446,7 @@ cifs_parse_mount_options(const char *mountdata, const char *devname, break; case Opt_sign: vol->secFlg |= CIFSSEC_MUST_SIGN; + vol->sign = true; break; case Opt_seal: /* we do not do the following in secFlags because seal @@ -3894,6 +3915,10 @@ cifs_set_vol_auth(struct smb_vol *vol, struct cifs_ses *ses) case LANMAN: vol->secFlg = CIFSSEC_MUST_LANMAN; break; + default: + /* should never happen */ + vol->secFlg = 0; + break; } return cifs_set_cifscreds(vol, ses);