[CIFS] Fix cifsd so shuts down when signing fails during mount (a013689d) · Commits · 戴 / test

fs/cifs/cifs_debug.c

+8 −3

Original line number	Diff line number	Diff line
		@@ -879,11 +879,16 @@ security_flags_write(struct file file, const char __user buffer,
		if (count < 3) {
		/* single char or single char followed by null */
		c = flags_string[0];
		if (c == '0' \|\| c == 'n' \|\| c == 'N')
		if (c == '0' \|\| c == 'n' \|\| c == 'N') {
		extended_security = CIFSSEC_DEF; /* default */
		else if (c == '1' \|\| c == 'y' \|\| c == 'Y')
		return count;
		} else if (c == '1' \|\| c == 'y' \|\| c == 'Y') {
		extended_security = CIFSSEC_MAX;
		return count;
		} else if (!isdigit(c)) {
		cERROR(1, ("invalid flag %c", c));
		return -EINVAL;
		}
		}
		/* else we have a number */

fs/cifs/cifsglob.h

+3 −1

Original line number	Diff line number	Diff line
		@@ -90,7 +90,8 @@ enum statusEnum {
		};

		enum securityEnum {
		LANMAN = 0, /* Legacy LANMAN auth */
		PLAINTXT = 0, /* Legacy with Plaintext passwords */
		LANMAN, /* Legacy LANMAN auth */
		NTLM, /* Legacy NTLM012 auth with NTLM hash */
		NTLMv2, /* Legacy NTLM auth with NTLMv2 hash */
		RawNTLMSSP, /* NTLMSSP without SPNEGO */
		@@ -499,6 +500,7 @@ require use of the stronger protocol */

		#define CIFSSEC_DEF CIFSSEC_MAY_SIGN \| CIFSSEC_MAY_NTLM \| CIFSSEC_MAY_NTLMV2
		#define CIFSSEC_MAX CIFSSEC_MUST_SIGN \| CIFSSEC_MUST_NTLMV2
		#define CIFSSEC_AUTH_MASK (CIFSSEC_MAY_NTLM \| CIFSSEC_MAY_NTLMV2 \| CIFSSEC_MAY_LANMAN \| CIFSSEC_MAY_PLNTXT \| CIFSSEC_MAY_KRB5)
		/*
		*****************************************************************
		* All constants go here

fs/cifs/cifssmb.c

+20 −3

Original line number	Diff line number	Diff line
		@@ -438,8 +438,13 @@ CIFSSMBNegotiate(unsigned int xid, struct cifsSesInfo *ses)

		pSMB->hdr.Mid = GetNextMid(server);
		pSMB->hdr.Flags2 \|= (SMBFLG2_UNICODE \| SMBFLG2_ERR_STATUS);

		if ((secFlags & CIFSSEC_MUST_KRB5) == CIFSSEC_MUST_KRB5)
		pSMB->hdr.Flags2 \|= SMBFLG2_EXT_SEC;
		else if ((secFlags & CIFSSEC_AUTH_MASK) == CIFSSEC_MAY_KRB5) {
		cFYI(1, ("Kerberos only mechanism, enable extended security"));
		pSMB->hdr.Flags2 \|= SMBFLG2_EXT_SEC;
		}

		count = 0;
		for (i = 0; i < CIFS_NUM_PROT; i++) {
		@@ -573,7 +578,20 @@ CIFSSMBNegotiate(unsigned int xid, struct cifsSesInfo *ses)
		server->secType = NTLM;
		else if (secFlags & CIFSSEC_MAY_NTLMV2)
		server->secType = NTLMv2;
		/* else krb5 ... any others ... */
		else if (secFlags & CIFSSEC_MAY_KRB5)
		server->secType = Kerberos;
		else if (secFlags & CIFSSEC_MAY_LANMAN)
		server->secType = LANMAN;
		/* #ifdef CONFIG_CIFS_EXPERIMENTAL
		else if (secFlags & CIFSSEC_MAY_PLNTXT)
		server->secType = ??
		#endif */
		else {
		rc = -EOPNOTSUPP;
		cERROR(1, ("Invalid security type"));
		goto neg_err_exit;
		}
		/* else ... any others ...? */

		/* one byte, so no need to convert this or EncryptionKeyLen from
		little endian */
		@@ -3089,8 +3107,7 @@ CIFSSMBGetCIFSACL(const int xid, struct cifsTconInfo *tcon, __u16 fid,
		goto qsec_out;
		pSMBr = (struct smb_com_ntransact_rsp *)iov[0].iov_base;

		cERROR(1, ("smb %p parm %p data %p",
		pSMBr, parm, psec_desc)); /* BB removeme BB */
		cFYI(1, ("smb %p parm %p data %p", pSMBr, parm, psec_desc));

		if (le32_to_cpu(pSMBr->ParameterCount) != 4) {
		rc = -EIO; /* bad smb */

fs/cifs/connect.c

+11 −1

Original line number	Diff line number	Diff line
		@@ -2172,8 +2172,18 @@ cifs_mount(struct super_block sb, struct cifs_sb_info cifs_sb,
		if (tsk)
		kthread_stop(tsk);
		}
		} else
		} else {
		cFYI(1, ("No session or bad tcon"));
		if ((pSesInfo->server) &&
		(pSesInfo->server->tsk)) {
		struct task_struct *tsk;
		force_sig(SIGKILL,
		pSesInfo->server->tsk);
		tsk = pSesInfo->server->tsk;
		if (tsk)
		kthread_stop(tsk);
		}
		}
		sesInfoFree(pSesInfo);
		/* pSesInfo = NULL; */
		}

Admin message