summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--fs/cifs/cifsglob.h2
-rw-r--r--fs/cifs/connect.c25
2 files changed, 27 insertions, 0 deletions
diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h
index 87d92e35e99..2f3a89a2c49 100644
--- a/fs/cifs/cifsglob.h
+++ b/fs/cifs/cifsglob.h
@@ -402,6 +402,8 @@ struct smb_vol {
umode_t file_mode;
umode_t dir_mode;
unsigned secFlg;
+ enum securityEnum sectype; /* sectype requested via mnt opts */
+ bool sign; /* was signing requested via mnt opts? */
bool retry:1;
bool intr:1;
bool setuids:1;
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
index 2a8b2107ad5..f638b5e1a2d 100644
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -1025,11 +1025,21 @@ static int cifs_parse_security_flavors(char *value,
substring_t args[MAX_OPT_ARGS];
+ /*
+ * With mount options, the last one should win. Reset any existing
+ * settings back to default.
+ */
+ vol->sectype = Unspecified;
+ vol->sign = false;
+
switch (match_token(value, cifs_secflavor_tokens, args)) {
case Opt_sec_krb5:
+ vol->sectype = Kerberos;
vol->secFlg |= CIFSSEC_MAY_KRB5 | CIFSSEC_MAY_SIGN;
break;
case Opt_sec_krb5i:
+ vol->sectype = Kerberos;
+ vol->sign = true;
vol->secFlg |= CIFSSEC_MAY_KRB5 | CIFSSEC_MUST_SIGN;
break;
case Opt_sec_krb5p:
@@ -1037,26 +1047,36 @@ static int cifs_parse_security_flavors(char *value,
cifs_dbg(VFS, "Krb5 cifs privacy not supported\n");
break;
case Opt_sec_ntlmssp:
+ vol->sectype = RawNTLMSSP;
vol->secFlg |= CIFSSEC_MAY_NTLMSSP;
break;
case Opt_sec_ntlmsspi:
+ vol->sectype = RawNTLMSSP;
+ vol->sign = true;
vol->secFlg |= CIFSSEC_MAY_NTLMSSP | CIFSSEC_MUST_SIGN;
break;
case Opt_ntlm:
/* ntlm is default so can be turned off too */
+ vol->sectype = NTLM;
vol->secFlg |= CIFSSEC_MAY_NTLM;
break;
case Opt_sec_ntlmi:
+ vol->sectype = NTLM;
+ vol->sign = true;
vol->secFlg |= CIFSSEC_MAY_NTLM | CIFSSEC_MUST_SIGN;
break;
case Opt_sec_ntlmv2:
+ vol->sectype = NTLMv2;
vol->secFlg |= CIFSSEC_MAY_NTLMV2;
break;
case Opt_sec_ntlmv2i:
+ vol->sectype = NTLMv2;
+ vol->sign = true;
vol->secFlg |= CIFSSEC_MAY_NTLMV2 | CIFSSEC_MUST_SIGN;
break;
#ifdef CONFIG_CIFS_WEAK_PW_HASH
case Opt_sec_lanman:
+ vol->sectype = LANMAN;
vol->secFlg |= CIFSSEC_MAY_LANMAN;
break;
#endif
@@ -1426,6 +1446,7 @@ cifs_parse_mount_options(const char *mountdata, const char *devname,
break;
case Opt_sign:
vol->secFlg |= CIFSSEC_MUST_SIGN;
+ vol->sign = true;
break;
case Opt_seal:
/* we do not do the following in secFlags because seal
@@ -3894,6 +3915,10 @@ cifs_set_vol_auth(struct smb_vol *vol, struct cifs_ses *ses)
case LANMAN:
vol->secFlg = CIFSSEC_MUST_LANMAN;
break;
+ default:
+ /* should never happen */
+ vol->secFlg = 0;
+ break;
}
return cifs_set_cifscreds(vol, ses);