From: Jeff Layton <jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
To: Pavel Shilovsky <piastryyy-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
Cc: Steve French <smfrench-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>,
linux-cifs <linux-cifs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
idra-eUNUBHrolfbYtjvyW6yDsg@public.gmane.org
Subject: Re: [PATCH 09/19] cifs: move handling of signed connections into separate function
Date: Fri, 24 May 2013 08:45:36 -0400 [thread overview]
Message-ID: <20130524084536.544c59a1@corrin.poochiereds.net> (raw)
In-Reply-To: <CAKywueQEwagjBhXsuSBEMRdnAAHyFovnoaR+28Gb7B9QpEXbqw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
On Fri, 24 May 2013 16:41:37 +0400
Pavel Shilovsky <piastryyy-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> 2013/5/23 Jeff Layton <jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>:
> > Move the sanity checks for signed connections into a separate function.
> > SMB2's was a cut-and-paste job from CIFS code, so we can make them use
> > the same function.
> >
> > Signed-off-by: Jeff Layton <jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
> > ---
> > fs/cifs/cifsproto.h | 1 +
> > fs/cifs/cifssmb.c | 71 +++++++++++++++++++++++++++--------------------------
> > fs/cifs/smb2pdu.c | 33 +++----------------------
> > 3 files changed, 41 insertions(+), 64 deletions(-)
> >
> > diff --git a/fs/cifs/cifsproto.h b/fs/cifs/cifsproto.h
> > index dda188a..f0e93ff 100644
> > --- a/fs/cifs/cifsproto.h
> > +++ b/fs/cifs/cifsproto.h
> > @@ -212,6 +212,7 @@ extern int cifs_negotiate_protocol(const unsigned int xid,
> > struct cifs_ses *ses);
> > extern int cifs_setup_session(const unsigned int xid, struct cifs_ses *ses,
> > struct nls_table *nls_info);
> > +extern int cifs_enable_signing(struct TCP_Server_Info *server, unsigned int secFlags);
> > extern int CIFSSMBNegotiate(const unsigned int xid, struct cifs_ses *ses);
> >
> > extern int CIFSTCon(const unsigned int xid, struct cifs_ses *ses,
> > diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c
> > index 5dd4f8a..5b191f7 100644
> > --- a/fs/cifs/cifssmb.c
> > +++ b/fs/cifs/cifssmb.c
> > @@ -417,6 +417,38 @@ decode_ext_sec_blob(struct TCP_Server_Info *server, NEGOTIATE_RSP *pSMBr)
> > return 0;
> > }
> >
> > +int
> > +cifs_enable_signing(struct TCP_Server_Info *server, unsigned int secFlags)
> > +{
> > + if ((secFlags & CIFSSEC_MAY_SIGN) == 0) {
> > + /* MUST_SIGN already includes the MAY_SIGN FLAG
> > + so if this is zero it means that signing is disabled */
> > + cifs_dbg(FYI, "Signing disabled\n");
> > + if (server->sec_mode & SECMODE_SIGN_REQUIRED) {
> > + cifs_dbg(VFS, "Server requires packet signing to be enabled in /proc/fs/cifs/SecurityFlags\n");
> > + return -EOPNOTSUPP;
> > + }
> > + server->sec_mode &=
> > + ~(SECMODE_SIGN_ENABLED | SECMODE_SIGN_REQUIRED);
> > + } else if ((secFlags & CIFSSEC_MUST_SIGN) == CIFSSEC_MUST_SIGN) {
> > + /* signing required */
> > + cifs_dbg(FYI, "Must sign - secFlags 0x%x\n", secFlags);
> > + if ((server->sec_mode &
> > + (SECMODE_SIGN_ENABLED | SECMODE_SIGN_REQUIRED)) == 0) {
> > + cifs_dbg(VFS, "signing required but server lacks support\n");
> > + return -EOPNOTSUPP;
> > + } else
> > + server->sec_mode |= SECMODE_SIGN_REQUIRED;
> > + } else {
> > + /* signing optional ie CIFSSEC_MAY_SIGN */
> > + if ((server->sec_mode & SECMODE_SIGN_REQUIRED) == 0)
> > + server->sec_mode &=
> > + ~(SECMODE_SIGN_ENABLED | SECMODE_SIGN_REQUIRED);
> > + }
> > +
> > + return 0;
> > +}
> > +
> > #ifdef CONFIG_CIFS_WEAK_PW_HASH
> > static int
> > decode_lanman_negprot_rsp(struct TCP_Server_Info *server, NEGOTIATE_RSP *pSMBr,
> > @@ -495,7 +527,7 @@ decode_lanman_negprot_rsp(struct TCP_Server_Info *server, NEGOTIATE_RSP *pSMBr,
> > }
> >
> > cifs_dbg(FYI, "LANMAN negotiated\n");
> > - return 0;
> > + return cifs_enable_signing(server, secFlags);
> > }
> > #else
> > static inline int
> > @@ -577,10 +609,7 @@ CIFSSMBNegotiate(const unsigned int xid, struct cifs_ses *ses)
> > goto neg_err_exit;
> > } else if (pSMBr->hdr.WordCount == 13) {
> > rc = decode_lanman_negprot_rsp(server, pSMBr, secFlags);
> > - if (!rc)
> > - goto signing_check;
> > - else
> > - goto neg_err_exit;
> > + goto neg_err_exit;
>
> Go to a label that has "err" in it's name after a successful function
> call may confuse people.
>
I guess we could change it to "neg_exit:" or something. I can toss a
patch onto the top of the pile to do that in the next iteration.
--
Jeff Layton <jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
next prev parent reply other threads:[~2013-05-24 12:45 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-05-23 15:05 [PATCH 00/19] cifs: overhaul of auth selection code Jeff Layton
[not found] ` <1369321563-16893-1-git-send-email-jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2013-05-23 15:05 ` [PATCH 01/19] cifs: remove protocolEnum definition Jeff Layton
[not found] ` <1369321563-16893-2-git-send-email-jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2013-05-24 12:08 ` Pavel Shilovsky
2013-05-23 15:05 ` [PATCH 02/19] cifs: remove useless memset in LANMAN auth code Jeff Layton
[not found] ` <1369321563-16893-3-git-send-email-jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2013-05-24 12:08 ` Pavel Shilovsky
2013-05-23 15:05 ` [PATCH 03/19] cifs: make decode_ascii_ssetup void return Jeff Layton
[not found] ` <1369321563-16893-4-git-send-email-jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2013-05-24 12:10 ` Pavel Shilovsky
2013-05-23 15:05 ` [PATCH 04/19] cifs: throw a warning if negotiate or sess_setup ops are passed NULL server or session pointers Jeff Layton
[not found] ` <1369321563-16893-5-git-send-email-jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2013-05-24 12:15 ` Pavel Shilovsky
[not found] ` <CAKywueQWk_r+TcSebVHzyWs_Gnbdj523CETqXB4u25QkebPrqA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2013-05-24 12:20 ` Jeff Layton
2013-05-23 15:05 ` [PATCH 05/19] cifs: remove the cifs_ses->flags field Jeff Layton
[not found] ` <1369321563-16893-6-git-send-email-jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2013-05-24 12:16 ` Pavel Shilovsky
2013-05-23 15:05 ` [PATCH 06/19] cifs: remove "seal" stubs Jeff Layton
[not found] ` <1369321563-16893-7-git-send-email-jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2013-05-24 12:17 ` Pavel Shilovsky
2013-05-24 18:32 ` Steve French
[not found] ` <CAH2r5mv3bRxXKzBSkD9BUGxLVdvtcrD1vTfqsEp=cX2MrcQAvw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2013-05-24 19:42 ` Jeff Layton
[not found] ` <20130524154206.4cd7e357-4QP7MXygkU+dMjc06nkz3ljfA9RmPOcC@public.gmane.org>
2013-05-25 4:17 ` Shirish Pargaonkar
2013-05-23 15:05 ` [PATCH 07/19] cifs: break out decoding of security blob into separate function Jeff Layton
[not found] ` <1369321563-16893-8-git-send-email-jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2013-05-24 12:24 ` Pavel Shilovsky
2013-05-23 15:05 ` [PATCH 08/19] cifs: break out lanman NEGOTIATE handling " Jeff Layton
[not found] ` <1369321563-16893-9-git-send-email-jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2013-05-24 12:31 ` Pavel Shilovsky
2013-05-23 15:05 ` [PATCH 09/19] cifs: move handling of signed connections " Jeff Layton
[not found] ` <1369321563-16893-10-git-send-email-jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2013-05-24 12:41 ` Pavel Shilovsky
[not found] ` <CAKywueQEwagjBhXsuSBEMRdnAAHyFovnoaR+28Gb7B9QpEXbqw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2013-05-24 12:45 ` Jeff Layton [this message]
2013-05-23 15:05 ` [PATCH 10/19] cifs: factor out check for extended security bit " Jeff Layton
[not found] ` <1369321563-16893-11-git-send-email-jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2013-05-28 6:02 ` Pavel Shilovsky
2013-05-23 15:05 ` [PATCH 11/19] cifs: add new "Unspecified" securityEnum value Jeff Layton
[not found] ` <1369321563-16893-12-git-send-email-jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2013-05-28 5:43 ` Pavel Shilovsky
2013-05-23 15:05 ` [PATCH 12/19] cifs: track the flavor of the NEGOTIATE reponse Jeff Layton
[not found] ` <1369321563-16893-13-git-send-email-jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2013-05-28 5:46 ` Pavel Shilovsky
2013-05-23 15:05 ` [PATCH 13/19] cifs: add new fields to smb_vol to track the requested security flavor Jeff Layton
[not found] ` <1369321563-16893-14-git-send-email-jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2013-05-28 5:49 ` Pavel Shilovsky
2013-05-23 15:05 ` [PATCH 14/19] cifs: add new fields to cifs_ses to track " Jeff Layton
[not found] ` <1369321563-16893-15-git-send-email-jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2013-05-24 12:56 ` Jeff Layton
2013-05-23 15:05 ` [PATCH 15/19] cifs: track the enablement of signing in the TCP_Server_Info Jeff Layton
[not found] ` <1369321563-16893-16-git-send-email-jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2013-05-28 6:00 ` Pavel Shilovsky
2013-05-23 15:06 ` [PATCH 16/19] cifs: move sectype to the cifs_ses instead of TCP_Server_Info Jeff Layton
[not found] ` <1369321563-16893-17-git-send-email-jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2013-05-28 6:32 ` Pavel Shilovsky
2013-05-23 15:06 ` [PATCH 17/19] cifs: update the default global_secflags to include "raw" NTLMv2 Jeff Layton
[not found] ` <1369321563-16893-18-git-send-email-jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2013-05-28 6:34 ` Pavel Shilovsky
2013-05-23 15:06 ` [PATCH 18/19] cifs: clean up the SecurityFlags write handler Jeff Layton
[not found] ` <1369321563-16893-19-git-send-email-jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2013-05-28 6:36 ` Pavel Shilovsky
2013-05-23 15:06 ` [PATCH 19/19] cifs: try to handle the MUST SecurityFlags sanely Jeff Layton
[not found] ` <1369321563-16893-20-git-send-email-jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2013-05-28 6:38 ` Pavel Shilovsky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130524084536.544c59a1@corrin.poochiereds.net \
--to=jlayton-h+wxahxf7alqt0dzr+alfa@public.gmane.org \
--cc=idra-eUNUBHrolfbYtjvyW6yDsg@public.gmane.org \
--cc=linux-cifs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=piastryyy-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
--cc=smfrench-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.