From patchwork Tue Dec 6 22:02:38 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Pavel Shilovskiy X-Patchwork-Id: 9463329 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id E7D4860231 for ; Tue, 6 Dec 2016 22:18:01 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D8726284F3 for ; Tue, 6 Dec 2016 22:18:01 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id CD33C284F0; Tue, 6 Dec 2016 22:18:01 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 2D9FA284F0 for ; Tue, 6 Dec 2016 22:18:01 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752215AbcLFWSA (ORCPT ); Tue, 6 Dec 2016 17:18:00 -0500 Received: from mail-bn3nam01on0129.outbound.protection.outlook.com ([104.47.33.129]:2800 "EHLO NAM01-BN3-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1751618AbcLFWR7 (ORCPT ); Tue, 6 Dec 2016 17:17:59 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=J3BbJrzrWlCtbYfDd7KPfnG5S1Z/UtosewySm8B0TSA=; b=Sz9foioWlwjokWQSYK7njOLgDwU5pxNge8Cx4x6Yong5Em3ILdyUjtxnPAJty/igObUmJHdqg0GcROrt3w2CEpsBFuXbnxK0zY1xZ+6LLvSB34i/iQnTLV0qcbsAKg2KmlUhruAX/BsWqM3HXdKDgLu0/TiAw3qNILGBp3qBhTA= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=pshilov@microsoft.com; Received: from ubuntu-vm.corp.microsoft.com (2001:4898:80e8:2::63b) by CY4PR03MB2549.namprd03.prod.outlook.com (10.173.41.148) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.761.9; Tue, 6 Dec 2016 22:02:51 +0000 From: Pavel Shilovsky To: linux-cifs@vger.kernel.org Subject: [PATCH 15/15] CIFS: Allow to switch on encryption with seal mount option Date: Tue, 6 Dec 2016 14:02:38 -0800 Message-Id: <1481061758-52020-16-git-send-email-pshilov@microsoft.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1481061758-52020-1-git-send-email-pshilov@microsoft.com> References: <1481061758-52020-1-git-send-email-pshilov@microsoft.com> MIME-Version: 1.0 X-Originating-IP: [2001:4898:80e8:2::63b] X-ClientProxiedBy: CY1PR17CA0004.namprd17.prod.outlook.com (10.163.68.14) To CY4PR03MB2549.namprd03.prod.outlook.com (10.173.41.148) X-MS-Office365-Filtering-Correlation-Id: cf5365e4-1a43-48fe-5a83-08d41e239f6b X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001); SRVR:CY4PR03MB2549; X-Microsoft-Exchange-Diagnostics: 1; CY4PR03MB2549; 3:K5ujlwPp6V8SE49+efBmqm1V9/M7omBen+atD8MJODbWTkyofngK1upsZfouKxo0y6F8ygaV5eMUPcE3KtoQVSzAegdAk0mL21qvtxQc6DkdZtZbP+xzJSH2azqEnuKps5xUNpVM7gUkIXBAbf5IM7QN/J5ctDLnNnclrD+q3jyxToCtMNEM2XxDAfb+Askl0pgaDesowjOwrbGuZwQhGRN/i58o0zl0sxZvWuCd9HMspAMfF8PuhdCZ3UAlCQXlikU3LJm8mmqXjwfiW9UFqg==; 25:qPvuzurlV/6xbSAEZ0uVeJxYMElF8iR2dz4rDa9sV284e2dXW//NdWIsNTKfVlCiVs92s6xmKf2g7O5yyBaXc6T9mziWZLNuGWeURy5e0GJEE7CN60ndSuvjHlQf73KsrtcTd+xMGKC5ivN0u6jQjUG9OfsKFnLyTrpRTK+261rBR5MsF/Ipm6r8aGCxC7i5GxK0AjVm7Vh231yDacowKWqSKPK5CV9IIBHe9sOf+WHvzg2skSgq793ITvBUBQGsOvuhX3HAcbTdNxHso//kTPXg6T10rBHSke8eUy+TVzS3VbM7QbIudLm+q0mMi6CgA5LY3ICmLDiqp5ZCZcc1NRsDKhdTXWm9OVkbyYmSiZrVyAkl7O62/GWpcUKH8ADd2lE2XdW+S3UcpXZ2/7BiPAr9RxbuhCvaVSBkQMZprZrEE9snUA8BxnWkvRbxAalsBKf3R25eUYeFv1BLvxAxFg== X-Microsoft-Exchange-Diagnostics: 1; CY4PR03MB2549; 31:MgCSxrA40dp2Sx81pu0fBcypaBvMdSyrgSf92vJO02Qyeszk2vCETviwL68KNgd0eC3ZNJANjXAuKhaf1mn8u8g459K1JP9mn3qefyqOKZJkVLuAhzk4tPXCcIgORk3lgiSkSATW5VjlMeNkkgBX/visIQ660jC51XCwL3Nxu8OjRaASFnWIOUHmiPKJpCZY+z9tdqcad5M5xsTMualXA4IspBK6NwlvBgt+ehpYI8wkxg58MaPmxl/aKKOLgfaSaZ0QWyVyY6B2bOVJPgVqUYkzvC6hPBaS3iFfewVZA9eP0nMltaRH0cytu14uj/sy; 20:1NpVoqO6iK6CHzmxwradJRoeY6cWfbHxUYqs/DFYUmK5cjOFSnfQcGhAi4BQYXNtcE1Nf2ssHuCr+C1SPGAdCW1/cp/74THntaGqywB3vOvs6ENPMrPqFNTtPVM8ldlFXwp5n/vUJMm4MjVFMgH5kUbPQhWyRzK2YgW8+Lc5yFItpSJbGSN9xHNeTCNgg5KHPDHnXBI0mkQtw4XsRrX7oKqWdgw8dA1ocUbNhAtJngjrdAIFN0q25rxnLtJCZhHX0IvitWDISamlNpsZ+xDC6MqlOzuFzld9fNztvyiHxlbGMhGss5+VH2Z4ntbbyVzXJ5cQfGzFfdJJIa1QITDWwBsyzHKrnvkwJeuC1FC4+ersCLctED1jgJ3QCO3FWgUHeeDCdoBZrablzhU/3ev6OevX86CZZYYAZepzWzEmr6SbW2mpHyLGOTianATkLSjvRUMrJd0VSwMd3OdZMAjrv42UsLJm86wF35nEA4A00pM1RYkbOGioEvcNeD3VnyE+ X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(158342451672863); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040375)(601004)(2401047)(5005006)(8121501046)(3002001)(10201501046)(6055026)(6041248)(20161123560025)(20161123562025)(20161123564025)(20161123555025)(6047074)(6072148); SRVR:CY4PR03MB2549; BCL:0; PCL:0; RULEID:; SRVR:CY4PR03MB2549; X-Microsoft-Exchange-Diagnostics: 1; CY4PR03MB2549; 4:wwCXrC2UklFex8ilCCgMEjBdtMQ/UVl7wUr7SiP6TjCMYRhEK8okiaAnklo7X9mwnmbJHLTb2p/xGXFjCcTIuqPRpNcB4GqzvksJACTexxGuq+FXRUOVONHKYzUy/pTlT9+uY2E9HZOpFep9rqRK7omGZB3pUYkTvMQHNw4yD3gUaTH0IK56PLO9DuJr7XV8OO068/xspo9vWAbxWk6NIN0WEGmBPMW2/keTdrixhwWFNo0HfJygc/dI2rlqA0jRDiM3fUDi29xZbFDEL3Uf23VVD9d8ZYluqNo1vg4MfXF8t1xCkXOFfDLYF8PhDuokR2nnvf72VHRT+vs7qlHnB/IoImvnSwX8tZUW2yTfQNb0OPCMw7QUBZkV+jPBuR8FOzxxlPS1YHKL8LZE5ra3kZBiLJieJJbz1DfQ9Jgaw9qMAc/mk7bZL+zWcJ3KbucwdYmbHgglXeQiAHuBzodw4p+dCpLb5tF3HXJdEhIPHA9F1f7Cf+OGCOLzlWhjonJKE2Se416gf8hXDyy97s63W+wDWSjkWRjeYG7CW3LyTckjOceho+lht078NvT7Oi39Xc2rEOsQrhT2X7SyjjK7g9KF0zqN0CSvVApiBbzlsfsnRMPYbv8+QxBnGjPikO6qoS3afafnK4Ux9Yhx65aykA== X-Forefront-PRVS: 01480965DA X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10019020)(4630300001)(6009001)(7916002)(69234005)(199003)(189002)(50466002)(92566002)(101416001)(86362001)(33646002)(47776003)(48376002)(2950100002)(6916009)(106356001)(105586002)(6666003)(50986999)(42186005)(39860400001)(39850400001)(39840400001)(86612001)(76176999)(2361001)(110136003)(2351001)(450100001)(189998001)(5660300001)(10090500001)(5003940100001)(10290500002)(38730400001)(5005710100001)(8676002)(6116002)(36756003)(107886002)(39410400001)(733004)(7846002)(2906002)(39450400002)(6486002)(7736002)(50226002)(68736007)(305945005)(81156014)(97736004)(81166006); DIR:OUT; SFP:1102; SCL:1; SRVR:CY4PR03MB2549; H:ubuntu-vm.corp.microsoft.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; CY4PR03MB2549; 23:K2TP5pXcRLOt5dO13+dAWwBHMZgN9P4Jg3P0jeD/O?= =?us-ascii?Q?CEa9LHn43wmp4BCIhw7COf9ZOsoIZ5Knv44wrlKtkBd95OBAN00z/FaY+cHp?= =?us-ascii?Q?rKPEOoWXG1CnSML/jdso+VDqCAIwYYUM+H39/uzWwILIlkEpv8Y5/JHA+ESf?= =?us-ascii?Q?2s/gmGzb5G9nfyb8rVyD9jQwurd8q6LyYiFkcL0E00ZsjiFoGx/Mzk+W2P5U?= =?us-ascii?Q?3GmvGLSIkOFf+d1zhthyXw437La19+cHXyXVDZXyRwwBjADkOMK2FdpqT+2D?= =?us-ascii?Q?UC8D1y9XQU2+j8saX/fC7YH6syl2WRfxnrOd8Qx1/KvU2b56i4T2peJdO8ZD?= =?us-ascii?Q?EYBZ6LyNhie/parE4tsB+45WsSTjTvPDTU2Ks3yxyiGr6RSUNISb6sj4Y/5V?= =?us-ascii?Q?MUtsUuELNcSPN2LMLNOOXmHPAfqxHvJK7hYvvksEnuoUyOpuuf6oIAHcquXe?= =?us-ascii?Q?hvnxv/DcZhy1hP5LRziHMsw/MQAnrnw90DVmISUhh7Lqs82TeDeq5H174u1y?= =?us-ascii?Q?ag/8rieS3BJ0pJfrC3sgwbad0M1iR/yVYBH90tG5gYZdf8+w8ifqFH9nfhsq?= =?us-ascii?Q?6MKScatVGeihrFN4igELisQvU0YOU0afHDVBEySwiVZQBaxHfvn3hAD8/Bu1?= =?us-ascii?Q?4n4nN0TKrgoM0dVHhr35wlcclXiMlBrDwVPgaYJAWWXgrb+Bae8NfnwfXXED?= =?us-ascii?Q?bHlB/Hb315Y1j5dZWMPl062mfQJv63WNs+TSxLapUjH3NMyvR8BPZDz4Citd?= =?us-ascii?Q?szOgbzCRpu0h8N4IL6VeJiq6ImfxEfNt/ZAsXyddHAUA7gZe2WXS+HtfPmWI?= =?us-ascii?Q?H0ANQHDhNwxA9Ej2FE21cm5Tdc0Vx6gUJbekGT23SAPfHndsrABODw9sFAqt?= =?us-ascii?Q?pvLi7QjtBj7YiQ9O3Flhjm4UN/UpajhCS5ReAzcdx1TIBkNB87YscQtyXdWU?= =?us-ascii?Q?VdawwYxDZStjdCBYm+kU8PkzJwLcPVYtfEnaJHoIaEF+8fH1INkhnhNXEJaC?= =?us-ascii?Q?MgbJ9ZX5vMm4NK5NItSms38WVHb0qDxRz+jGjKZmQqFfdSftTOakmz1op1Yq?= =?us-ascii?Q?RkImI9IlF0iPHig49iGuF1MI1AHG8ZXcZqdLdgV4oft7YF9NcPryZb982cbw?= =?us-ascii?Q?qy5JNzXyCWLVycGyTLrm33ATuCIXSpD0ifbmkW9KKQMgPpJpq3NH9EHaxRoh?= =?us-ascii?Q?33yfupKBaFkUxaS56K/hW7EKphxIhbeyJq1ywzw0EqGLXPabqxO8+Bjmw27I?= =?us-ascii?Q?OvLkOb9DrnjK7T8rkpWtSeBce860OU4W+qC/hsjGERDs9nxB2TbLI5JhehZ3?= =?us-ascii?Q?cDptwOi0br2ZHr28dQujV4=3D?= X-Microsoft-Exchange-Diagnostics: 1; CY4PR03MB2549; 6:OyQ8FaFYU1lJUmohhy74GfjUpMtmDxopXO+dUPpHmyfSzIhnfBgCORIwuXyJGnaXYfZvujWO6Q9mJNB4v74sQ1l34vy52fvs3ADU5GKTiIg9zVf0mpRva8Y91nrcwvx01syYmWpKnui0kesP8NldT2aBf3rlpJGpnB7TsgEwJRVUqINAqLvEIXprkpX+hyAN9++bQknhMU11zXO/6A66N6gWf9HHO+xa7ZLaOvD8Gu0J4gn3rakd28PydsevPZMfTQVpw5KUT8rQBDC3CkdlZFro7efq4TsYCdkg7g1TTaiR5KdHNKHEDM8pJzCmogp5/xbKM34IXidBGb6awgKZNJfbnBmDWY/SpWHCfIGvKG1i1w/97qC/l38XuY/dS9Cbme4SGQyTm3+KPQfgki23ayct5l30oXCKv2zS1n6csQ1qxRgroy2Mf0snSSQmVrastQPk0Mr7jKS3pm/Bn0DrUw==; 5:KRb5BftkliSyCq/S7y1DhMkBQ9mX/IxWLYQASI3f+wqHj/23em4ZOqeEmM241ktrT7vpBI9kQHQ/6FSQphRaCsYh7gxPclUiF6TfPgv48ktxQn1Ah/iN4NdBN3xB4E6Ys6W3U93XQ/Gj4/NhQ38OPyV2aJNoDPUcvUE0IYNyVhQ=; 24:NvMD7OTsTgdmSN7D9OWUSdIYACjAEQzUY3xcbBwAeIFEoAtdLhhxAfH0HwmgB/M5+ImFxaXR3MJbcGO2awAWiFHX3go3BSRWaQOPFrcl+Fg= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; CY4PR03MB2549; 7:jKwkzUjrZoi4b2r81wFDXDQ9OR4JNfeGyrIO4WQYOKvDAjX30mPJHDN4nvz2J+qS7trT6cZNxbHkE77EaNQVt5zEgYY3kl4F5iJmM64AwP7/SacqW0To7oWBcaQ77q6zksyQ2aeY/huJ94qDumFa3decwXSIU+36uM2Nv9PqvLu2qFG1vrSDNz0x21uCxTauhsg0mX+uD37qwkcd7NLlwgnYxzoC25B2bW/n+t9e9JDq1WnFfG1omAKrQ1FaF9BVpR/3bgvFBMd/xvJ4JjBmn3BlckVgthzXxpXhm1sJ8Wg2D6ERvnDXOxslkW17qhq8lYeJB6jMDbzcH3UE1sbHY61uuYIYmqpjQg3eVlJ4o2qKE9/jTQuJjD8He5oBRLJ7b9Oyi1fUjyz7hnu8B6E1Pwo/WFa7s9snC0NX99avsQb4Qotu8rNL60Ef9nxnHCoe3izzVmnbHyt5h39gcVFPQg== X-OriginatorOrg: microsoft.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Dec 2016 22:02:51.2523 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR03MB2549 Sender: linux-cifs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-cifs@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP This allows users to inforce encryption for SMB3 shares if a server supports it. Signed-off-by: Pavel Shilovsky --- fs/cifs/connect.c | 41 ++++++++++++++++++++++++++++------------- fs/cifs/smb2pdu.c | 33 +++++++++++++++------------------ 2 files changed, 43 insertions(+), 31 deletions(-) diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c index c41f496..872fc8a 100644 --- a/fs/cifs/connect.c +++ b/fs/cifs/connect.c @@ -2622,12 +2622,18 @@ cifs_get_smb_ses(struct TCP_Server_Info *server, struct smb_vol *volume_info) return ERR_PTR(rc); } -static int match_tcon(struct cifs_tcon *tcon, const char *unc) +static int match_tcon(struct cifs_tcon *tcon, struct smb_vol *volume_info) { if (tcon->tidStatus == CifsExiting) return 0; - if (strncmp(tcon->treeName, unc, MAX_TREE_SIZE)) + if (strncmp(tcon->treeName, volume_info->UNC, MAX_TREE_SIZE)) return 0; + if (tcon->seal != volume_info->seal) + return 0; +#ifdef CONFIG_CIFS_SMB2 + if (tcon->snapshot_time != volume_info->snapshot_time) + return 0; +#endif /* CONFIG_CIFS_SMB2 */ return 1; } @@ -2640,14 +2646,8 @@ cifs_find_tcon(struct cifs_ses *ses, struct smb_vol *volume_info) spin_lock(&cifs_tcp_ses_lock); list_for_each(tmp, &ses->tcon_list) { tcon = list_entry(tmp, struct cifs_tcon, tcon_list); - if (!match_tcon(tcon, volume_info->UNC)) - continue; - -#ifdef CONFIG_CIFS_SMB2 - if (tcon->snapshot_time != volume_info->snapshot_time) + if (!match_tcon(tcon, volume_info)) continue; -#endif /* CONFIG_CIFS_SMB2 */ - ++tcon->tc_count; spin_unlock(&cifs_tcp_ses_lock); return tcon; @@ -2693,8 +2693,6 @@ cifs_get_tcon(struct cifs_ses *ses, struct smb_vol *volume_info) cifs_dbg(FYI, "Found match on UNC path\n"); /* existing tcon already has a reference */ cifs_put_smb_ses(ses); - if (tcon->seal != volume_info->seal) - cifs_dbg(VFS, "transport encryption setting conflicts with existing tid\n"); return tcon; } @@ -2750,7 +2748,6 @@ cifs_get_tcon(struct cifs_ses *ses, struct smb_vol *volume_info) tcon->Flags &= ~SMB_SHARE_IS_IN_DFS; cifs_dbg(FYI, "DFS disabled (%d)\n", tcon->Flags); } - tcon->seal = volume_info->seal; tcon->use_persistent = false; /* check if SMB2 or later, CIFS does not support persistent handles */ if (volume_info->persistent) { @@ -2787,6 +2784,24 @@ cifs_get_tcon(struct cifs_ses *ses, struct smb_vol *volume_info) tcon->use_resilient = true; } + if (volume_info->seal) { + if (ses->server->vals->protocol_id == 0) { + cifs_dbg(VFS, + "SMB3 or later required for encryption\n"); + rc = -EOPNOTSUPP; + goto out_fail; +#ifdef CONFIG_CIFS_SMB2 + } else if (tcon->ses->server->capabilities & + SMB2_GLOBAL_CAP_ENCRYPTION) + tcon->seal = true; + else { + cifs_dbg(VFS, "Encryption is not supported on share\n"); + rc = -EOPNOTSUPP; + goto out_fail; +#endif /* CONFIG_CIFS_SMB2 */ + } + } + /* * We can have only one retry value for a connection to a share so for * resources mounted more than once to the same server share the last @@ -2918,7 +2933,7 @@ cifs_match_super(struct super_block *sb, void *data) if (!match_server(tcp_srv, volume_info) || !match_session(ses, volume_info) || - !match_tcon(tcon, volume_info->UNC) || + !match_tcon(tcon, volume_info) || !match_prepath(sb, mnt_data)) { rc = 0; goto out; diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c index 0abeb5f..ad83b3d 100644 --- a/fs/cifs/smb2pdu.c +++ b/fs/cifs/smb2pdu.c @@ -79,9 +79,14 @@ static const int smb2_req_struct_sizes[NUMBER_OF_SMB2_COMMANDS] = { static int encryption_required(const struct cifs_tcon *tcon) { + if (!tcon) + return 0; if ((tcon->ses->session_flags & SMB2_SESSION_FLAG_ENCRYPT_DATA) || (tcon->share_flags & SHI1005_FLAGS_ENCRYPT_DATA)) return 1; + if (tcon->seal && + (tcon->ses->server->capabilities & SMB2_GLOBAL_CAP_ENCRYPTION)) + return 1; return 0; } @@ -835,8 +840,6 @@ SMB2_auth_kerberos(struct SMB2_sess_data *sess_data) ses->Suid = rsp->hdr.sync_hdr.SessionId; ses->session_flags = le16_to_cpu(rsp->SessionFlags); - if (ses->session_flags & SMB2_SESSION_FLAG_ENCRYPT_DATA) - cifs_dbg(VFS, "SMB3 encryption not supported yet\n"); rc = SMB2_sess_establish_session(sess_data); out_put_spnego_key: @@ -933,8 +936,6 @@ SMB2_sess_auth_rawntlmssp_negotiate(struct SMB2_sess_data *sess_data) ses->Suid = rsp->hdr.sync_hdr.SessionId; ses->session_flags = le16_to_cpu(rsp->SessionFlags); - if (ses->session_flags & SMB2_SESSION_FLAG_ENCRYPT_DATA) - cifs_dbg(VFS, "SMB3 encryption not supported yet\n"); out: kfree(ntlmssp_blob); @@ -993,8 +994,6 @@ SMB2_sess_auth_rawntlmssp_authenticate(struct SMB2_sess_data *sess_data) ses->Suid = rsp->hdr.sync_hdr.SessionId; ses->session_flags = le16_to_cpu(rsp->SessionFlags); - if (ses->session_flags & SMB2_SESSION_FLAG_ENCRYPT_DATA) - cifs_dbg(VFS, "SMB3 encryption not supported yet\n"); rc = SMB2_sess_establish_session(sess_data); out: @@ -1145,12 +1144,6 @@ SMB2_tcon(const unsigned int xid, struct cifs_ses *ses, const char *tree, if (tcon && tcon->bad_network_name) return -ENOENT; - if ((tcon && tcon->seal) && - ((ses->server->capabilities & SMB2_GLOBAL_CAP_ENCRYPTION) == 0)) { - cifs_dbg(VFS, "encryption requested but no server support"); - return -EOPNOTSUPP; - } - unc_path = kmalloc(MAX_SHARENAME_LENGTH * 2, GFP_KERNEL); if (unc_path == NULL) return -ENOMEM; @@ -1168,15 +1161,16 @@ SMB2_tcon(const unsigned int xid, struct cifs_ses *ses, const char *tree, return rc; } - if (ses->session_flags & SMB2_SESSION_FLAG_ENCRYPT_DATA) - flags |= CIFS_TRANSFORM_REQ; - if (tcon == NULL) { + if ((ses->session_flags & SMB2_SESSION_FLAG_ENCRYPT_DATA)) + flags |= CIFS_TRANSFORM_REQ; + /* since no tcon, smb2_init can not do this, so do here */ req->hdr.sync_hdr.SessionId = ses->Suid; /* if (ses->server->sec_mode & SECMODE_SIGN_REQUIRED) req->hdr.Flags |= SMB2_FLAGS_SIGNED; */ - } + } else if (encryption_required(tcon)) + flags |= CIFS_TRANSFORM_REQ; iov[0].iov_base = (char *)req; /* 4 for rfc1002 length field and 1 for pad */ @@ -1233,9 +1227,12 @@ SMB2_tcon(const unsigned int xid, struct cifs_ses *ses, const char *tree, if ((rsp->Capabilities & SMB2_SHARE_CAP_DFS) && ((tcon->share_flags & SHI1005_FLAGS_DFS) == 0)) cifs_dbg(VFS, "DFS capability contradicts DFS flag\n"); + + if (tcon->seal && + !(tcon->ses->server->capabilities & SMB2_GLOBAL_CAP_ENCRYPTION)) + cifs_dbg(VFS, "Encryption is requested but not supported\n"); + init_copy_chunk_defaults(tcon); - if (tcon->share_flags & SHI1005_FLAGS_ENCRYPT_DATA) - cifs_dbg(VFS, "Encrypted shares not supported"); if (tcon->ses->server->ops->validate_negotiate) rc = tcon->ses->server->ops->validate_negotiate(xid, tcon); tcon_exit: