CIFS: Allow to switch on encryption with seal mount option
This allows users to inforce encryption for SMB3 shares if a server supports it. Signed-off-by: Pavel Shilovsky <pshilov@microsoft.com>
This commit is contained in:
Pavel Shilovsky
committed by
Steve French
Steve French
parent
c42a6abe30
commit
ae6f8dd4d0
@@ -2630,12 +2630,18 @@ get_ses_fail:
|
||||
return ERR_PTR(rc);
|
||||
}
|
||||
|
||||
static int match_tcon(struct cifs_tcon *tcon, const char *unc)
|
||||
static int match_tcon(struct cifs_tcon *tcon, struct smb_vol *volume_info)
|
||||
{
|
||||
if (tcon->tidStatus == CifsExiting)
|
||||
return 0;
|
||||
if (strncmp(tcon->treeName, unc, MAX_TREE_SIZE))
|
||||
if (strncmp(tcon->treeName, volume_info->UNC, MAX_TREE_SIZE))
|
||||
return 0;
|
||||
if (tcon->seal != volume_info->seal)
|
||||
return 0;
|
||||
#ifdef CONFIG_CIFS_SMB2
|
||||
if (tcon->snapshot_time != volume_info->snapshot_time)
|
||||
return 0;
|
||||
#endif /* CONFIG_CIFS_SMB2 */
|
||||
return 1;
|
||||
}
|
||||
|
||||
@@ -2648,14 +2654,8 @@ cifs_find_tcon(struct cifs_ses *ses, struct smb_vol *volume_info)
|
||||
spin_lock(&cifs_tcp_ses_lock);
|
||||
list_for_each(tmp, &ses->tcon_list) {
|
||||
tcon = list_entry(tmp, struct cifs_tcon, tcon_list);
|
||||
if (!match_tcon(tcon, volume_info->UNC))
|
||||
if (!match_tcon(tcon, volume_info))
|
||||
continue;
|
||||
|
||||
#ifdef CONFIG_CIFS_SMB2
|
||||
if (tcon->snapshot_time != volume_info->snapshot_time)
|
||||
continue;
|
||||
#endif /* CONFIG_CIFS_SMB2 */
|
||||
|
||||
++tcon->tc_count;
|
||||
spin_unlock(&cifs_tcp_ses_lock);
|
||||
return tcon;
|
||||
@@ -2701,8 +2701,6 @@ cifs_get_tcon(struct cifs_ses *ses, struct smb_vol *volume_info)
|
||||
cifs_dbg(FYI, "Found match on UNC path\n");
|
||||
/* existing tcon already has a reference */
|
||||
cifs_put_smb_ses(ses);
|
||||
if (tcon->seal != volume_info->seal)
|
||||
cifs_dbg(VFS, "transport encryption setting conflicts with existing tid\n");
|
||||
return tcon;
|
||||
}
|
||||
|
||||
@@ -2758,7 +2756,6 @@ cifs_get_tcon(struct cifs_ses *ses, struct smb_vol *volume_info)
|
||||
tcon->Flags &= ~SMB_SHARE_IS_IN_DFS;
|
||||
cifs_dbg(FYI, "DFS disabled (%d)\n", tcon->Flags);
|
||||
}
|
||||
tcon->seal = volume_info->seal;
|
||||
tcon->use_persistent = false;
|
||||
/* check if SMB2 or later, CIFS does not support persistent handles */
|
||||
if (volume_info->persistent) {
|
||||
@@ -2795,6 +2792,24 @@ cifs_get_tcon(struct cifs_ses *ses, struct smb_vol *volume_info)
|
||||
tcon->use_resilient = true;
|
||||
}
|
||||
|
||||
if (volume_info->seal) {
|
||||
if (ses->server->vals->protocol_id == 0) {
|
||||
cifs_dbg(VFS,
|
||||
"SMB3 or later required for encryption\n");
|
||||
rc = -EOPNOTSUPP;
|
||||
goto out_fail;
|
||||
#ifdef CONFIG_CIFS_SMB2
|
||||
} else if (tcon->ses->server->capabilities &
|
||||
SMB2_GLOBAL_CAP_ENCRYPTION)
|
||||
tcon->seal = true;
|
||||
else {
|
||||
cifs_dbg(VFS, "Encryption is not supported on share\n");
|
||||
rc = -EOPNOTSUPP;
|
||||
goto out_fail;
|
||||
#endif /* CONFIG_CIFS_SMB2 */
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* We can have only one retry value for a connection to a share so for
|
||||
* resources mounted more than once to the same server share the last
|
||||
@@ -2926,7 +2941,7 @@ cifs_match_super(struct super_block *sb, void *data)
|
||||
|
||||
if (!match_server(tcp_srv, volume_info) ||
|
||||
!match_session(ses, volume_info) ||
|
||||
!match_tcon(tcon, volume_info->UNC) ||
|
||||
!match_tcon(tcon, volume_info) ||
|
||||
!match_prepath(sb, mnt_data)) {
|
||||
rc = 0;
|
||||
goto out;
|
||||
|
||||
Reference in New Issue
Block a user