From patchwork Mon Jan 30 21:39:44 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Pavel Shilovskiy X-Patchwork-Id: 9546131 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id A413760415 for ; Mon, 30 Jan 2017 21:44:01 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id AF3F4283B4 for ; Mon, 30 Jan 2017 21:44:01 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id A41EB283F2; Mon, 30 Jan 2017 21:44:01 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 7C20C283FB for ; Mon, 30 Jan 2017 21:44:00 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932286AbdA3Vnv (ORCPT ); Mon, 30 Jan 2017 16:43:51 -0500 Received: from mail-dm3nam03on0109.outbound.protection.outlook.com ([104.47.41.109]:49007 "EHLO NAM03-DM3-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1754548AbdA3Vno (ORCPT ); Mon, 30 Jan 2017 16:43:44 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=J3BbJrzrWlCtbYfDd7KPfnG5S1Z/UtosewySm8B0TSA=; b=cwqAfDhAqiXV7NfVcAVO8/2GoXsnE8DTJvtSNWIPOFekCE0wVsWqViwKME6mhOl2ZaGrJD1jJL/YGEkqXL7jYyP7yOZ0dOfqpfCcTerj6gdEtKni8En38vX7CZs7PNDK/5KZ096yrZcWA6umegYTaF0csIUWTDfqHDAxgZx4lKw= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=pshilov@microsoft.com; Received: from ubuntu-vm.corp.microsoft.com (2001:4898:80e8:b::63b) by BN6PR03MB2545.namprd03.prod.outlook.com (10.173.142.148) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.874.12; Mon, 30 Jan 2017 21:41:11 +0000 From: Pavel Shilovsky To: Subject: [PATCH v2 15/15] CIFS: Allow to switch on encryption with seal mount option Date: Mon, 30 Jan 2017 13:39:44 -0800 Message-ID: <1485812384-28870-16-git-send-email-pshilov@microsoft.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1485812384-28870-1-git-send-email-pshilov@microsoft.com> References: <1485812384-28870-1-git-send-email-pshilov@microsoft.com> MIME-Version: 1.0 X-Originating-IP: [2001:4898:80e8:b::63b] X-ClientProxiedBy: BN6PR1401CA0011.namprd14.prod.outlook.com (10.174.237.149) To BN6PR03MB2545.namprd03.prod.outlook.com (10.173.142.148) X-MS-Office365-Filtering-Correlation-Id: 05cc0f9b-9427-4235-f877-08d44958b539 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001); SRVR:BN6PR03MB2545; X-Microsoft-Exchange-Diagnostics: 1; BN6PR03MB2545; 3:q/3aKJb7syEevTC/3KsghkJ+zR5quav76xUmKPI9+cNaF95w0WPyX0W6lTL/aYzOyjjNVfErLShcwGlnJVK19eCRyQO4IUrCMqhjvTYzWvAy5y7YbEU7cpeJkq+ecj6C74LytW+IQtziIpOMo3ysu33rGm4VGzPvHvDCYOw23JPcPHbbFTTxyw/ZboqYanzFhQe4PYcAra3bJLFhC9t1v1L7PgEIOlsB3+/jd4DC7zerflOQYVxKuCSDudMrvqOEAlVQx6eCHz4ZmK9oKLKKOA== X-Microsoft-Exchange-Diagnostics: 1; BN6PR03MB2545; 25:MibxaJkNDeDG5OPp/go78zOrE0WW8Onjfi2qgbWFdNHEFcDqq78WTfbt+QV3BSXI56CXtbH3WYv/LRBpoR1axlws9fsXU3thcAc6guPWfiVZqM1ZdYFX3Q14WDU16M05CsDneU+yAfZ7eKY0wwsgatf84WL4iqepSaJu/MWYnumwuYgxtajr+XWXuf1STbD4skqjxOB9MLDG6f7KsYWieee+ngEA5zpI4r3536r2TztpcTeRATyYbRHu16CCm0/ETDNrmVamH55qlr4pfVv90Nw85lp8v2/ITPuGPAR8EnVW7+P3VKIDbqgk2DKYEAoZu1wE1Y9Kaovu2c3yvJqRPcpAplvcuPuW/ccS4RUMuU41SNqFA/yt8d8ilBL0/R1SMEriP00nqIHRM+USv6loRwxUA+yIB+wcY7t6nysf9A4y3KYz1GuoZli5Ji1HYLlTrHVHogkagYtkPlkXHRiYyUcz4F7fE50cJu68tkNL5kPVRbAWlbjka6cRCfV7PiCRx0NJwat8XPnUoNKG6KLEFw1gpx/ZwMsFMfwkyDxXfHQkjU+iTK8UaDY3TPMThPsicD0YGS2nJP/OM5QsjVDkV1h8KjfSMKsob26d+JXpgjTZfpI9khNV9t15UCpoDHZ1DCFkT5AzemaklWsu2eX3CiPzTWY3h9BkbigQf4CVIS4QD9+udMzsVfEmtDPUxoGl X-Microsoft-Exchange-Diagnostics: 1; BN6PR03MB2545; 31:AookVg+n0BTfjmTuhMxeAzQoTslTJqEIiRBDWjHIJWmEGMGwilOSk9rjHHCBWxfBwNzu3i+M+i7HrU2+WRPz5QN9GR8mN6zznkFS1xdkd2y3V/nBVTYutIyOh7uAHBUJyIUJ1fzgC/g/jf9p11QJkoZu0f/UoObQ/evWXwNORB5P7Ye2Q7sFD2cemOPmw6Luh9p+yFIGxCMw6Y0PeF5w3DfAiJLeERdnLbnb0B8rS0tvCDb9GStcl2j60orJ7J0e+48LaQ4HcPzPWEvLbEyvOw==; 20:JTGTmk4qCThOaSoIY9zVMhp7bD7R9wQv1XhB7k1oylkoCIOu5oj9mT5JMQZMywooX4Kcpv5AUUBbnw1HtN1k2BMy8Syl93pzicwmu+d9Wh/VDvbrD/4E1adZBUAUCdq2JewXjXFjInzHPv/4HVUnmbrHAzkpbGIDweNi4zn2Ti4ldztp5aIKeqPVUlp73ebxYrmUMsEtZdVRobK+Hq1BklkMT8JrFOJc3ZtljCI4cJWQQKmAsp+d8NBQHY5NBvivjB7lE4Q5ejFSNEYIMER9/Hz8jir0pSfqDzgyIHjWifKBuTKmEV6m7uvp+LD4/6KONYYkCHnBkpWwyCMeT5Em8ctKx6idZHuah0hJIWSEcqqCF8cLtBbDe36/Bt3/YkrQavcKQLpo636YYdWB4wS8bNGVSWi5zLHtxTZJqShcWIpoTM22DYSeVrjL80fiTE4NWeaiBiNavSUDyfocM+oVVimQUrOUfzBMvIgxebBiSlhrzrXYBIjSs2wKpXq7syyD X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(158342451672863); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040375)(601004)(2401047)(5005006)(8121501046)(3002001)(10201501046)(6055026)(6041248)(20161123555025)(20161123564025)(20161123562025)(20161123560025)(6072148)(6047074); SRVR:BN6PR03MB2545; BCL:0; PCL:0; RULEID:; SRVR:BN6PR03MB2545; X-Microsoft-Exchange-Diagnostics: 1; BN6PR03MB2545; 4:rlJkHxqxWgW3ZmXHpn30lOf1V7xfiu+RlqUyY0u1+2aN1q0L8Mk1X+d/eyq0Af7XFzdqbR+haMAKSCf4+WsUIqgDWY7CG2TJPpw2uf0P4u7NadBvgJSMxdwiutYlKc8eJDYcUFjeJ2eOgwToABhvtiSvKRbUeHzFroZGgzpgY7xrizBr/LOWOyraVuDzfxeQOTVnlgkqEnnNEfDWfKJUuXMwkiplGkj9IR6MGR+2aUH9irIqHcKcwzRLKjyhGwF5nt3mWps7DYUMfYaar1Ll6/0yR7N8noYNuz9m8fAEShOvkzFR/VisXc0yWnQHlApgNRSxUghSs3FEUgJFt8NmfDAXs9zOfNgm3iAaC9StNV1tNJvMwwdOr2p45r7haduH3lafilzmgqoF+LF+8A3bfw5qpAI1/eTd3JL+pRrD1fwbVnoYAlDdoUReCQiZ5FLKGcCIwf7RpeBqESdcICihzpPS2M/RCFC6AO+iazgb89Z3p62G8gF8nENg+F0CoAAhOQW0LFwtwENa8FUoVtUwkf6GpuxF9AOd2tnR77DlVjP/cwmVA/4wE3NEwo6UL0iP1b5LjS70ag3uFBQwPntpZKj+1fnURW7KsCskr0WobVm7xNIL6LDQX4dbDJ5KkJNmdFVQjc/Oiv2mXNvdNGXzbQ== X-Forefront-PRVS: 0203C93D51 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10019020)(4630300001)(6009001)(7916002)(39850400002)(39860400002)(39840400002)(39450400003)(39410400002)(69234005)(189002)(199003)(305945005)(5660300001)(8676002)(81166006)(5003940100001)(6116002)(50466002)(48376002)(81156014)(53936002)(101416001)(42186005)(110136003)(7736002)(10290500002)(47776003)(5005710100001)(10090500001)(33646002)(36756003)(92566002)(2351001)(6486002)(2950100002)(50226002)(105586002)(76176999)(189998001)(50986999)(106356001)(86362001)(38730400001)(86612001)(25786008)(6916009)(6666003)(2906002)(450100001)(107886002)(68736007)(97736004); DIR:OUT; SFP:1102; SCL:1; SRVR:BN6PR03MB2545; H:ubuntu-vm.corp.microsoft.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; Received-SPF: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; BN6PR03MB2545; 23:55DrfBV3U8fhWFvVIIxaYmvYbCVsCeL0+TJMDZRPk?= =?us-ascii?Q?DDVPXn4Vswp1Ot3jP3Gv7EyDr11RRwcroSZb2qVK2Cwo7fVsfww+wL0wBNOn?= =?us-ascii?Q?Ac+en+dmkpquWhCPxVRoDMoEs6CnmEgtQ8flogm63IvEOu7xk/uMGGrbqDuV?= =?us-ascii?Q?kJfyLChXv4aNMqpEYb/k5DpJebOEtbJY7vh4V/o0wUPjBX28Fdk2GB0rgltv?= =?us-ascii?Q?+FTXg2PFKKQdMyBWoLO+iIRgYAagzxKN5WFQIBazkBfmksSlUQxAW2DOEXES?= =?us-ascii?Q?tmrqA+AP9Jfkw7zxJv65knn8y2PtEOwlXWm1SFnj5X5oN7n2p+dTypQMKnVX?= =?us-ascii?Q?j6u0pksMFSe6zCc1E9TQG57kI89wQ3CvcuA2kn6TkL1sO1wn7vHfAVdBPGjy?= =?us-ascii?Q?lZ91yqQUF+XImwxz5ywykvNMBduiAt1bopTjwbYmaIMgxt/bk4pwgWT2VmMM?= =?us-ascii?Q?NNGhM/8E0qTyuKT4XRctf6GhC5MRnR5mpOHjOZiyCu3f1W1QZDU2r+gEU/lL?= =?us-ascii?Q?lsr8HE00VrRHasInBkB6/qWzJJw1pQTaVXzfWdKJnegns6Jny9oAMbtyxRBI?= =?us-ascii?Q?LDY3jGgKH+3QCjlsCT+0dnWjrvc/qHTn8XzxmJ9zv+gnQNQyZbBFvADRsTi5?= =?us-ascii?Q?o+x7QvzvEdznA4VYTy2rGDWELKBSV8Ei8uN00CZAp/VsfRpZKLK5ZcsvW7pV?= =?us-ascii?Q?pZJCxlo1pmEqoqnFr4KH0eC0Vdw+igZJrJ9iMtS/R/xbPcIPM4vLojnTIJ4b?= =?us-ascii?Q?KaES/djyFbG88Oc7ysRQ5njE+X1K1LAqt0Iz/mFRTtZ382/E3RzgAlHrvH+L?= =?us-ascii?Q?AybRhua4QKgftZ7LJPike8QfJUoM/gfxxb+bvK4LeKWyRWnJHHONc+Y3hWGK?= =?us-ascii?Q?qJbY7Gx0H+Lb8zK9hy5G0kr37/MgCHMMkwuTNRIYzbNWPxMq1g59VF23ZRuT?= =?us-ascii?Q?hAamzb8V3Tyqr+JeSAzfrrYc3k8WGcdV2Fw5+AKwz9RgAR1O9If1GifvQ4tx?= =?us-ascii?Q?dMBc/Wa/sKFo63INwfdVbn50Z7ECkg524jvm+zi7NmVFPwHEr9gvc4gFX4zU?= =?us-ascii?Q?tNY95rS7c66cASWdmNtTW8k157oXY+IVPQHzcnDdw2A3u0jm42sFaPe0LXK2?= =?us-ascii?Q?p1k6mIDV3kkwPfJqJrVCpgr2OS5a/9H6w+ZWQ1YYFEVzr2gyWm3PShjOcR4k?= =?us-ascii?Q?OVx5jOkMGZldzLbE4aoj6cfyPehO2uFrRVxxMBwWrY+xhCE7xBhXsxAOisLT?= =?us-ascii?Q?cHlc9o/w3cwAtl5hiA98eOWLiciAT6W1NKZoh75bGObdf4O78pfgGhrz/Urn?= =?us-ascii?Q?wB8L9mGwwycc1DYZ9bqc3s=3D?= X-Microsoft-Exchange-Diagnostics: 1; BN6PR03MB2545; 6:xWkgQfnGCRg3fX+EvsLrAN4jDXe0ctQPjeoqFgGqEppIrFuq4z8gJbpZ7wM2I9Xz039/YQGe8yqramBsQB9tdF0hFFxzkPrEqgmgxN9x5lVF033OITZU/Am44XxAngPzkXZCsUlvVJNQiTsuLSgwZI7q9NP6PNfuFMQNBOKXF62QhJQk4b45EOLFhr7lbRQlXl51pNbbjyMSsS4TX2bx1SmOgb/2d82WkGUn+h6PYKC8Nc3QnkASQVDhXAlJyAvhc0AsTspVctG4GGO0UAwoTn9g2yauRuoT9lwARz+5AoFRnJ6DFIX8jW7mcmGeLVJvsFQBFQHUPdqQkDlGxZ3APaqmSlAY3n4Y0Gyihp/hhg6g3F5BvysEJEp3VWOB870EZPS0w6h7bNdNESgPFn5fDWn70LG9qJ4Sy/qn+8SnebK/oMimO14kOikybPFgAZxK; 5:BRlekXL/HVG8JdB+3qpgzv+Yqbty4idtlc8AjkWWj1BLYgvqCIsB43KBoO2LX+mNeBCWeYAbTrseaXqe8WWlm4Z6qmIVywJGZOPiNKQ15P6DY5MBlntu7m/ssamgfaFK3ZxZx5hR3RzrWryqaSuw54QGvS2i8LVRDgciTJH+7PI=; 24:lh2gYA9GKJwhIRW5BZRjjZIAM0xx4/tfyXV8ld7rwgXv2fcOJAZTeKWQHed8tKTFl7+T3zV50ozwWVsg2mNu+G98Ij6IfvC8/CR6jV9KbMY= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; BN6PR03MB2545; 7:ebeccKxuiW59k0xyI+FKz7nNtUmmel1AMcDlQPExk2M9m9gg4GcqsgsNHlI1rGi/l3K6P07/5zAGzkjphrf6cJGDl2zRXZ3gscgMzoHpVXiajDk8OXHykixQm6AfZHR3aHWJ79rMRlTa87GDZgbHghTbNCBheLdleHGGdNBZQ8RI8n4rJHvM5HF6YmYK1nBN/Db5o0UdgVSv7wR6u0kPuptW81Pj0ikGQYMyblPRUuuwnMc+wzkd43gI3Iv8li56S8zUt39vrIl0CUpBonqAES+vt1bl3Lv7JdQOw8vZO29v22IrzRG1MEFpcRVd3kZIoViUxha4HLJfvXE1Fx50Jy4dEclI4NwmNzJJ01EPfLo2wKE7G2x6qNnPKmsLn/cqnDJU7Ulqh3thIBJx/PA78d2sj5lW0hI/REpYppUO4TerXEW+1bBrCmk2FvM7UPykDQQyGBQ9S6bKzggvW1aPUQ== X-OriginatorOrg: microsoft.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Jan 2017 21:41:11.0225 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR03MB2545 Sender: linux-cifs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-cifs@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP This allows users to inforce encryption for SMB3 shares if a server supports it. Signed-off-by: Pavel Shilovsky --- fs/cifs/connect.c | 41 ++++++++++++++++++++++++++++------------- fs/cifs/smb2pdu.c | 33 +++++++++++++++------------------ 2 files changed, 43 insertions(+), 31 deletions(-) diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c index c41f496..872fc8a 100644 --- a/fs/cifs/connect.c +++ b/fs/cifs/connect.c @@ -2622,12 +2622,18 @@ cifs_get_smb_ses(struct TCP_Server_Info *server, struct smb_vol *volume_info) return ERR_PTR(rc); } -static int match_tcon(struct cifs_tcon *tcon, const char *unc) +static int match_tcon(struct cifs_tcon *tcon, struct smb_vol *volume_info) { if (tcon->tidStatus == CifsExiting) return 0; - if (strncmp(tcon->treeName, unc, MAX_TREE_SIZE)) + if (strncmp(tcon->treeName, volume_info->UNC, MAX_TREE_SIZE)) return 0; + if (tcon->seal != volume_info->seal) + return 0; +#ifdef CONFIG_CIFS_SMB2 + if (tcon->snapshot_time != volume_info->snapshot_time) + return 0; +#endif /* CONFIG_CIFS_SMB2 */ return 1; } @@ -2640,14 +2646,8 @@ cifs_find_tcon(struct cifs_ses *ses, struct smb_vol *volume_info) spin_lock(&cifs_tcp_ses_lock); list_for_each(tmp, &ses->tcon_list) { tcon = list_entry(tmp, struct cifs_tcon, tcon_list); - if (!match_tcon(tcon, volume_info->UNC)) - continue; - -#ifdef CONFIG_CIFS_SMB2 - if (tcon->snapshot_time != volume_info->snapshot_time) + if (!match_tcon(tcon, volume_info)) continue; -#endif /* CONFIG_CIFS_SMB2 */ - ++tcon->tc_count; spin_unlock(&cifs_tcp_ses_lock); return tcon; @@ -2693,8 +2693,6 @@ cifs_get_tcon(struct cifs_ses *ses, struct smb_vol *volume_info) cifs_dbg(FYI, "Found match on UNC path\n"); /* existing tcon already has a reference */ cifs_put_smb_ses(ses); - if (tcon->seal != volume_info->seal) - cifs_dbg(VFS, "transport encryption setting conflicts with existing tid\n"); return tcon; } @@ -2750,7 +2748,6 @@ cifs_get_tcon(struct cifs_ses *ses, struct smb_vol *volume_info) tcon->Flags &= ~SMB_SHARE_IS_IN_DFS; cifs_dbg(FYI, "DFS disabled (%d)\n", tcon->Flags); } - tcon->seal = volume_info->seal; tcon->use_persistent = false; /* check if SMB2 or later, CIFS does not support persistent handles */ if (volume_info->persistent) { @@ -2787,6 +2784,24 @@ cifs_get_tcon(struct cifs_ses *ses, struct smb_vol *volume_info) tcon->use_resilient = true; } + if (volume_info->seal) { + if (ses->server->vals->protocol_id == 0) { + cifs_dbg(VFS, + "SMB3 or later required for encryption\n"); + rc = -EOPNOTSUPP; + goto out_fail; +#ifdef CONFIG_CIFS_SMB2 + } else if (tcon->ses->server->capabilities & + SMB2_GLOBAL_CAP_ENCRYPTION) + tcon->seal = true; + else { + cifs_dbg(VFS, "Encryption is not supported on share\n"); + rc = -EOPNOTSUPP; + goto out_fail; +#endif /* CONFIG_CIFS_SMB2 */ + } + } + /* * We can have only one retry value for a connection to a share so for * resources mounted more than once to the same server share the last @@ -2918,7 +2933,7 @@ cifs_match_super(struct super_block *sb, void *data) if (!match_server(tcp_srv, volume_info) || !match_session(ses, volume_info) || - !match_tcon(tcon, volume_info->UNC) || + !match_tcon(tcon, volume_info) || !match_prepath(sb, mnt_data)) { rc = 0; goto out; diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c index 0abeb5f..ad83b3d 100644 --- a/fs/cifs/smb2pdu.c +++ b/fs/cifs/smb2pdu.c @@ -79,9 +79,14 @@ static const int smb2_req_struct_sizes[NUMBER_OF_SMB2_COMMANDS] = { static int encryption_required(const struct cifs_tcon *tcon) { + if (!tcon) + return 0; if ((tcon->ses->session_flags & SMB2_SESSION_FLAG_ENCRYPT_DATA) || (tcon->share_flags & SHI1005_FLAGS_ENCRYPT_DATA)) return 1; + if (tcon->seal && + (tcon->ses->server->capabilities & SMB2_GLOBAL_CAP_ENCRYPTION)) + return 1; return 0; } @@ -835,8 +840,6 @@ SMB2_auth_kerberos(struct SMB2_sess_data *sess_data) ses->Suid = rsp->hdr.sync_hdr.SessionId; ses->session_flags = le16_to_cpu(rsp->SessionFlags); - if (ses->session_flags & SMB2_SESSION_FLAG_ENCRYPT_DATA) - cifs_dbg(VFS, "SMB3 encryption not supported yet\n"); rc = SMB2_sess_establish_session(sess_data); out_put_spnego_key: @@ -933,8 +936,6 @@ SMB2_sess_auth_rawntlmssp_negotiate(struct SMB2_sess_data *sess_data) ses->Suid = rsp->hdr.sync_hdr.SessionId; ses->session_flags = le16_to_cpu(rsp->SessionFlags); - if (ses->session_flags & SMB2_SESSION_FLAG_ENCRYPT_DATA) - cifs_dbg(VFS, "SMB3 encryption not supported yet\n"); out: kfree(ntlmssp_blob); @@ -993,8 +994,6 @@ SMB2_sess_auth_rawntlmssp_authenticate(struct SMB2_sess_data *sess_data) ses->Suid = rsp->hdr.sync_hdr.SessionId; ses->session_flags = le16_to_cpu(rsp->SessionFlags); - if (ses->session_flags & SMB2_SESSION_FLAG_ENCRYPT_DATA) - cifs_dbg(VFS, "SMB3 encryption not supported yet\n"); rc = SMB2_sess_establish_session(sess_data); out: @@ -1145,12 +1144,6 @@ SMB2_tcon(const unsigned int xid, struct cifs_ses *ses, const char *tree, if (tcon && tcon->bad_network_name) return -ENOENT; - if ((tcon && tcon->seal) && - ((ses->server->capabilities & SMB2_GLOBAL_CAP_ENCRYPTION) == 0)) { - cifs_dbg(VFS, "encryption requested but no server support"); - return -EOPNOTSUPP; - } - unc_path = kmalloc(MAX_SHARENAME_LENGTH * 2, GFP_KERNEL); if (unc_path == NULL) return -ENOMEM; @@ -1168,15 +1161,16 @@ SMB2_tcon(const unsigned int xid, struct cifs_ses *ses, const char *tree, return rc; } - if (ses->session_flags & SMB2_SESSION_FLAG_ENCRYPT_DATA) - flags |= CIFS_TRANSFORM_REQ; - if (tcon == NULL) { + if ((ses->session_flags & SMB2_SESSION_FLAG_ENCRYPT_DATA)) + flags |= CIFS_TRANSFORM_REQ; + /* since no tcon, smb2_init can not do this, so do here */ req->hdr.sync_hdr.SessionId = ses->Suid; /* if (ses->server->sec_mode & SECMODE_SIGN_REQUIRED) req->hdr.Flags |= SMB2_FLAGS_SIGNED; */ - } + } else if (encryption_required(tcon)) + flags |= CIFS_TRANSFORM_REQ; iov[0].iov_base = (char *)req; /* 4 for rfc1002 length field and 1 for pad */ @@ -1233,9 +1227,12 @@ SMB2_tcon(const unsigned int xid, struct cifs_ses *ses, const char *tree, if ((rsp->Capabilities & SMB2_SHARE_CAP_DFS) && ((tcon->share_flags & SHI1005_FLAGS_DFS) == 0)) cifs_dbg(VFS, "DFS capability contradicts DFS flag\n"); + + if (tcon->seal && + !(tcon->ses->server->capabilities & SMB2_GLOBAL_CAP_ENCRYPTION)) + cifs_dbg(VFS, "Encryption is requested but not supported\n"); + init_copy_chunk_defaults(tcon); - if (tcon->share_flags & SHI1005_FLAGS_ENCRYPT_DATA) - cifs_dbg(VFS, "Encrypted shares not supported"); if (tcon->ses->server->ops->validate_negotiate) rc = tcon->ses->server->ops->validate_negotiate(xid, tcon); tcon_exit: