From patchwork Sun Jun 20 21:10:48 2010
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Jeff Layton <jlayton@redhat.com>
X-Patchwork-Id: 107087
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by demeter.kernel.org (8.14.3/8.14.3) with ESMTP id o5KLAsbu020212
	for <patchwork-linux-cifs@patchwork.kernel.org>;
	Sun, 20 Jun 2010 21:10:56 GMT
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1751778Ab0FTVKy (ORCPT
	<rfc822;patchwork-linux-cifs@patchwork.kernel.org>);
	Sun, 20 Jun 2010 17:10:54 -0400
Received: from cdptpa-omtalb.mail.rr.com ([75.180.132.122]:38757 "EHLO
	cdptpa-omtalb.mail.rr.com" rhost-flags-OK-OK-OK-OK) by
	vger.kernel.org with ESMTP id S1751892Ab0FTVKx (ORCPT
	<rfc822; linux-cifs@vger.kernel.org>); Sun, 20 Jun 2010 17:10:53 -0400
X-Authority-Analysis: v=1.0 c=1 a=jBLUVfG7zcYA:10 a=1CvaPgNKC-EA:10
	a=20KFwNOVAAAA:8 a=-V51AFOpbAqV6Z2ZIRcA:9
	a=braUIVdxa0DnV8XIk7gA:7 a=dTcw0yK6U2herhQHTr65RODOyooA:4
	a=jEp0ucaQiEUA:10 a=l5skwo8q8pkI5xF9:21 a=7dfahLFqv_Hm2HWy:21
X-Cloudmark-Score: 0
X-Originating-IP: 71.70.153.3
Received: from [71.70.153.3] ([71.70.153.3:51024] helo=mail.poochiereds.net)
	by cdptpa-oedge01.mail.rr.com (envelope-from
	<jlayton@poochiereds.net>) (ecelerity 2.2.2.39 r()) with ESMTP
	id 53/00-25132-CD38E1C4; Sun, 20 Jun 2010 21:10:52 +0000
Received: by mail.poochiereds.net (Postfix, from userid 4447)
	id 33168580EC; Sun, 20 Jun 2010 17:10:52 -0400 (EDT)
From: Jeff Layton <jlayton@redhat.com>
To: smfrench@gmail.com
Cc: linux-cifs@vger.kernel.org
Subject: [PATCH 3/6] cifs: match secType when searching for existing tcp
	session
Date: Sun, 20 Jun 2010 17:10:48 -0400
Message-Id: <1277068251-16344-4-git-send-email-jlayton@redhat.com>
X-Mailer: git-send-email 1.6.6.1
In-Reply-To: <1277068251-16344-1-git-send-email-jlayton@redhat.com>
References: <1277068251-16344-1-git-send-email-jlayton@redhat.com>
Sender: linux-cifs-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-cifs.vger.kernel.org>
X-Mailing-List: linux-cifs@vger.kernel.org
X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by
	milter-greylist-4.2.3 (demeter.kernel.org [140.211.167.41]);
	Sun, 20 Jun 2010 21:10:56 +0000 (UTC)


diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h
index a88479c..1cb7c32 100644
--- a/fs/cifs/cifsglob.h
+++ b/fs/cifs/cifsglob.h
@@ -80,8 +80,7 @@ enum statusEnum {
 };
 
 enum securityEnum {
-	PLAINTXT = 0, 		/* Legacy with Plaintext passwords */
-	LANMAN,			/* Legacy LANMAN auth */
+	LANMAN = 0,			/* Legacy LANMAN auth */
 	NTLM,			/* Legacy NTLM012 auth with NTLM hash */
 	NTLMv2,			/* Legacy NTLM auth with NTLMv2 hash */
 	RawNTLMSSP,		/* NTLMSSP without SPNEGO, NTLMv2 hash */
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
index 665ee37..6440b79 100644
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -1411,8 +1411,56 @@ match_address(struct TCP_Server_Info *server, struct sockaddr *addr)
 	return true;
 }
 
+static bool
+match_security(struct TCP_Server_Info *server, struct smb_vol *vol)
+{
+	unsigned int secFlags;
+
+	if (vol->secFlg & (~(CIFSSEC_MUST_SIGN | CIFSSEC_MUST_SEAL)))
+		secFlags = vol->secFlg;
+	else
+		secFlags = global_secflags | vol->secFlg;
+
+	switch (server->secType) {
+	case LANMAN:
+		if (!(secFlags & (CIFSSEC_MAY_LANMAN|CIFSSEC_MAY_PLNTXT)))
+			return false;
+		break;
+	case NTLMv2:
+		if (!(secFlags & CIFSSEC_MAY_NTLMV2))
+			return false;
+		break;
+	case NTLM:
+		if (!(secFlags & CIFSSEC_MAY_NTLM))
+			return false;
+		break;
+	case Kerberos:
+		if (!(secFlags & CIFSSEC_MAY_KRB5))
+			return false;
+		break;
+	case RawNTLMSSP:
+		if (!(secFlags & CIFSSEC_MAY_NTLMSSP))
+			return false;
+		break;
+	default:
+		/* shouldn't happen */
+		return false;
+	}
+
+	/* now check if signing mode is acceptible */
+	if ((secFlags & CIFSSEC_MAY_SIGN) == 0 &&
+	    (server->secMode & SECMODE_SIGN_REQUIRED))
+			return false;
+	else if (((secFlags & CIFSSEC_MUST_SIGN) == CIFSSEC_MUST_SIGN) &&
+		 (server->secMode &
+		  (SECMODE_SIGN_ENABLED|SECMODE_SIGN_REQUIRED)) == 0)
+			return false;
+
+	return true;
+}
+
 static struct TCP_Server_Info *
-cifs_find_tcp_session(struct sockaddr *addr)
+cifs_find_tcp_session(struct sockaddr *addr, struct smb_vol *vol)
 {
 	struct TCP_Server_Info *server;
 
@@ -1430,6 +1478,9 @@ cifs_find_tcp_session(struct sockaddr *addr)
 		if (!match_address(server, addr))
 			continue;
 
+		if (!match_security(server, vol))
+			continue;
+
 		++server->srv_count;
 		write_unlock(&cifs_tcp_ses_lock);
 		cFYI(1, "Existing tcp session with server found");
@@ -1498,7 +1549,7 @@ cifs_get_tcp_session(struct smb_vol *volume_info)
 	}
 
 	/* see if we already have a matching tcp_ses */
-	tcp_ses = cifs_find_tcp_session((struct sockaddr *)&addr);
+	tcp_ses = cifs_find_tcp_session((struct sockaddr *)&addr, volume_info);
 	if (tcp_ses)
 		return tcp_ses;