Commit 634b9e0a authored by David Howells's avatar David Howells Committed by Greg Kroah-Hartman

afs: Fix the non-encryption of calls

[ Upstream commit 4776cab4 ]

Some AFS servers refuse to accept unencrypted traffic, so can't be accessed
with kAFS.  Set the AF_RXRPC security level to encrypt client calls to deal
with this.

Note that incoming service calls are set by the remote client and so aren't
affected by this.

This requires an AF_RXRPC patch to pass the value set by setsockopt to calls
begun by the kernel.
Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
Signed-off-by: default avatarSasha Levin <alexander.levin@microsoft.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent a92a2863
...@@ -55,6 +55,7 @@ int afs_open_socket(void) ...@@ -55,6 +55,7 @@ int afs_open_socket(void)
{ {
struct sockaddr_rxrpc srx; struct sockaddr_rxrpc srx;
struct socket *socket; struct socket *socket;
unsigned int min_level;
int ret; int ret;
_enter(""); _enter("");
...@@ -80,6 +81,12 @@ int afs_open_socket(void) ...@@ -80,6 +81,12 @@ int afs_open_socket(void)
memset(&srx.transport.sin.sin_addr, 0, memset(&srx.transport.sin.sin_addr, 0,
sizeof(srx.transport.sin.sin_addr)); sizeof(srx.transport.sin.sin_addr));
min_level = RXRPC_SECURITY_ENCRYPT;
ret = kernel_setsockopt(socket, SOL_RXRPC, RXRPC_MIN_SECURITY_LEVEL,
(void *)&min_level, sizeof(min_level));
if (ret < 0)
goto error_2;
ret = kernel_bind(socket, (struct sockaddr *) &srx, sizeof(srx)); ret = kernel_bind(socket, (struct sockaddr *) &srx, sizeof(srx));
if (ret < 0) if (ret < 0)
goto error_2; goto error_2;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment