From patchwork Thu Jun 27 07:55:34 2013
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve French <smfrench@gmail.com>
X-Patchwork-Id: 2790451
Return-Path: <linux-cifs-owner@kernel.org>
X-Original-To: patchwork-cifs-client@patchwork.kernel.org
Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org
Received: from mail.kernel.org (mail.kernel.org [198.145.19.201])
	by patchwork2.web.kernel.org (Postfix) with ESMTP id 8510BC0AB1
	for <patchwork-cifs-client@patchwork.kernel.org>;
	Thu, 27 Jun 2013 07:55:43 +0000 (UTC)
Received: from mail.kernel.org (localhost [127.0.0.1])
	by mail.kernel.org (Postfix) with ESMTP id 81CD420212
	for <patchwork-cifs-client@patchwork.kernel.org>;
	Thu, 27 Jun 2013 07:55:42 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.kernel.org (Postfix) with ESMTP id 5FFF620213
	for <patchwork-cifs-client@patchwork.kernel.org>;
	Thu, 27 Jun 2013 07:55:41 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752695Ab3F0Hzi (ORCPT
	<rfc822;patchwork-cifs-client@patchwork.kernel.org>);
	Thu, 27 Jun 2013 03:55:38 -0400
Received: from mail-pb0-f49.google.com ([209.85.160.49]:34180 "EHLO
	mail-pb0-f49.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1752696Ab3F0Hzf (ORCPT
	<rfc822; linux-cifs@vger.kernel.org>); Thu, 27 Jun 2013 03:55:35 -0400
Received: by mail-pb0-f49.google.com with SMTP id jt11so556457pbb.36
	for <linux-cifs@vger.kernel.org>;
	Thu, 27 Jun 2013 00:55:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20120113;
	h=mime-version:in-reply-to:references:date:message-id:subject:from:to
	:cc:content-type;
	bh=KZtk8GVI9BZdkAklPT+0An2EhhgdrNGXXZdlAcp9wSo=;
	b=adJzakHix7zgj/Jh8KfwVhI7PMZSMpzcv8qS9+dP9dY4rxQNTWv60BrC80OjaOpyvZ
	TU9RlMo03AC99bg1n2+V+O1OK02dpWuAtuyaxyGe07ETWBaDYuQEY+NdyYTXjyaEi6HU
	vdsrgKEhhjGBBRO2IudXQlhyDeSOpRBlYhhGOx/LD8Dlp+nQqdlxUKJtwGKMSY+8HIHL
	4u6xNHqvS9ebZor76DiZu9hOeu/SXk6sInyapS7mhD9TaBvsyLQHsrQmkSKXMjf+LGGH
	KaGtCLHoUVoNngFxK/xNucxuCO89peutUpUU+LQAfkU+RI92Z3GpZHMxbbt5aZuiQfU1
	N3oQ==
MIME-Version: 1.0
X-Received: by 10.68.163.68 with SMTP id yg4mr4745993pbb.64.1372319734915;
	Thu, 27 Jun 2013 00:55:34 -0700 (PDT)
Received: by 10.68.128.9 with HTTP; Thu, 27 Jun 2013 00:55:34 -0700 (PDT)
In-Reply-To: <20130627004345.279cfb02@tlielax.poochiereds.net>
References: <1372279639-31426-1-git-send-email-shirishpargaonkar@gmail.com>
	<CADT32eJvWa1f6fbfxWmo+_DH-SnMGsP3wH3HHxf9V6Chc73urA@mail.gmail.com>
	<CAH2r5mu0QSjZ5E0tepmKw=SuXuhx1SgVu-BPsX_ZMijzwW5zdA@mail.gmail.com>
	<CADT32eKX9yAS4iKZWQnUEaS95W5i2z2EFsVBe03ff9uRzUsa=g@mail.gmail.com>
	<20130626210944.59bf3827@corrin.poochiereds.net>
	<CAH2r5mv+K7CE8ApnUR2q0kf=cLaLPRDCP+4QNUYZ4mivtbRtMA@mail.gmail.com>
	<20130627004345.279cfb02@tlielax.poochiereds.net>
Date: Thu, 27 Jun 2013 02:55:34 -0500
Message-ID: 
 <CAH2r5mtiK1is8ZxMbUv60jQKbSZ1tV7MsCBT25QHNJNCdPDi4g@mail.gmail.com>
Subject: Re: [PATCH] [cifs] smb2 mounts with signing fail due to incorrect
	security mode bits check
From: Steve French <smfrench@gmail.com>
To: Jeff Layton <jlayton@redhat.com>, linux-cifs@vger.kernel.org
Cc: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
Sender: linux-cifs-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-cifs.vger.kernel.org>
X-Mailing-List: linux-cifs@vger.kernel.org
X-Spam-Status: No, score=-8.1 required=5.0 tests=BAYES_00,
	DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED, FREEMAIL_FROM, RCVD_IN_DNSWL_HI, RP_MATCHES_RCVD,
	T_DKIM_INVALID, UNPARSEABLE_RELAY autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

How about this patch to fix the problem that Shirish noted? It seemed
simple to simply map the two SMB2 flags to the older style flags that
we check in the sec_mode.

diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c
index 2b312e4..8f0a46b 100644
--- a/fs/cifs/smb2pdu.c
+++ b/fs/cifs/smb2pdu.c
@@ -318,6 +318,23 @@ free_rsp_buf(int resp_buftype, void *rsp)
 		cifs_buf_release(rsp);
 }

+/* convert smb2 sec mode to older form so can be used for both smb2 and cifs */
+static __u16
+convert_sec_mode(__u16 smb2_sec_mode)
+{
+	u16 sec_mode = 0;
+
+	if ((smb2_sec_mode & SMB2_SEC_MODE_MASK) != smb2_sec_mode)
+		cifs_dbg(VFS, "srv ret unknown sec_mode 0x%x\n", smb2_sec_mode);
+
+	if (smb2_sec_mode & SMB2_NEGOTIATE_SIGNING_ENABLED)
+		sec_mode |= SECMODE_SIGN_ENABLED;
+
+	if (smb2_sec_mode & SMB2_NEGOTIATE_SIGNING_REQUIRED)
+		sec_mode |= SECMODE_SIGN_REQUIRED;
+
+	return sec_mode;
+}

 /*
  *
@@ -416,8 +433,7 @@ SMB2_negotiate(const unsigned int xid, struct cifs_ses *ses)
 	server->maxBuf = le32_to_cpu(rsp->MaxTransactSize);
 	server->max_read = le32_to_cpu(rsp->MaxReadSize);
 	server->max_write = le32_to_cpu(rsp->MaxWriteSize);
-	/* BB Do we need to validate the SecurityMode? */
-	server->sec_mode = le16_to_cpu(rsp->SecurityMode);
+	server->sec_mode = convert_sec_mode(le16_to_cpu(rsp->SecurityMode));
 	server->capabilities = le32_to_cpu(rsp->Capabilities);
 	/* Internal types */
 	server->capabilities |= SMB2_NT_FIND | SMB2_LARGE_FILES;
diff --git a/fs/cifs/smb2pdu.h b/fs/cifs/smb2pdu.h
index f31043b..c7534ee 100644
--- a/fs/cifs/smb2pdu.h
+++ b/fs/cifs/smb2pdu.h
@@ -176,6 +176,7 @@ struct smb2_negotiate_req {
 /* SecurityMode flags */
 #define	SMB2_NEGOTIATE_SIGNING_ENABLED	0x0001
 #define SMB2_NEGOTIATE_SIGNING_REQUIRED	0x0002
+#define SMB2_SEC_MODE_MASK		0x0003
 /* Capabilities flags */
 #define SMB2_GLOBAL_CAP_DFS		0x00000001
 #define SMB2_GLOBAL_CAP_LEASING		0x00000002 /* Resp only New to SMB2.1 */