]> err.no Git - linux-2.6/commitdiff
[CIFS] Mount should fail if server signing off but client mount option requires it
authorJeff <jlayton@redhat.com>
Fri, 6 Jul 2007 21:10:07 +0000 (21:10 +0000)
committerSteve French <sfrench@us.ibm.com>
Fri, 6 Jul 2007 21:10:07 +0000 (21:10 +0000)
Currently, if mount with a signing-enabled sec= option (e.g.
sec=ntlmi), the kernel does a warning printk if the server doesn't
support signing, and then proceeds without signatures.

This is probably OK for people that think to look at the ring buffer,
but seems wrong to me. If someone explicitly requests signing, we
should error out if that request can't be satisfied. They can then
reattempt the mount without signing if that's ok.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
fs/cifs/CHANGES
fs/cifs/cifssmb.c

index b4d388d2b524537cc96e2eb45379d9981b59774a..258130eea9e7d843908606be73fe9ffa2e04173a 100644 (file)
@@ -12,6 +12,7 @@ to match what documentation said. Support for very large reads, over 127K,
 available to some newer servers (such as Samba 3.0.26 and later but
 note that it also requires setting CIFSMaxBufSize at module install
 time to a larger value which may hurt performance in some cases).
+Make sign option force signing (or fail if server does not support it).
 
 Version 1.48
 ------------
index 4a2458e787847967d8f046173be9c21e0daf24ef..b4916eb6fd43adb76304db586e5502fee7e68810 100644 (file)
@@ -645,11 +645,12 @@ signing_check:
                        ~(SECMODE_SIGN_ENABLED | SECMODE_SIGN_REQUIRED);
        } else if ((secFlags & CIFSSEC_MUST_SIGN) == CIFSSEC_MUST_SIGN) {
                /* signing required */
-               cFYI(1, ("Must sign - segFlags 0x%x", secFlags));
+               cFYI(1, ("Must sign - secFlags 0x%x", secFlags));
                if ((server->secMode &
                        (SECMODE_SIGN_ENABLED | SECMODE_SIGN_REQUIRED)) == 0) {
                        cERROR(1,
                                ("signing required but server lacks support"));
+                       rc = -EOPNOTSUPP;
                } else
                        server->secMode |= SECMODE_SIGN_REQUIRED;
        } else {