| From foo@baz Sun Jun 17 12:07:34 CEST 2018 |
| From: David Howells <dhowells@redhat.com> |
| Date: Thu, 10 May 2018 23:10:40 +0100 |
| Subject: afs: Fix the non-encryption of calls |
| |
| From: David Howells <dhowells@redhat.com> |
| |
| [ Upstream commit 4776cab43fd3111618112737a257dc3ef368eddd ] |
| |
| Some AFS servers refuse to accept unencrypted traffic, so can't be accessed |
| with kAFS. Set the AF_RXRPC security level to encrypt client calls to deal |
| with this. |
| |
| Note that incoming service calls are set by the remote client and so aren't |
| affected by this. |
| |
| This requires an AF_RXRPC patch to pass the value set by setsockopt to calls |
| begun by the kernel. |
| |
| Signed-off-by: David Howells <dhowells@redhat.com> |
| Signed-off-by: Sasha Levin <alexander.levin@microsoft.com> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| --- |
| fs/afs/rxrpc.c | 7 +++++++ |
| 1 file changed, 7 insertions(+) |
| |
| --- a/fs/afs/rxrpc.c |
| +++ b/fs/afs/rxrpc.c |
| @@ -41,6 +41,7 @@ int afs_open_socket(struct afs_net *net) |
| { |
| struct sockaddr_rxrpc srx; |
| struct socket *socket; |
| + unsigned int min_level; |
| int ret; |
| |
| _enter(""); |
| @@ -60,6 +61,12 @@ int afs_open_socket(struct afs_net *net) |
| srx.transport.sin6.sin6_family = AF_INET6; |
| srx.transport.sin6.sin6_port = htons(AFS_CM_PORT); |
| |
| + min_level = RXRPC_SECURITY_ENCRYPT; |
| + ret = kernel_setsockopt(socket, SOL_RXRPC, RXRPC_MIN_SECURITY_LEVEL, |
| + (void *)&min_level, sizeof(min_level)); |
| + if (ret < 0) |
| + goto error_2; |
| + |
| ret = kernel_bind(socket, (struct sockaddr *) &srx, sizeof(srx)); |
| if (ret == -EADDRINUSE) { |
| srx.transport.sin6.sin6_port = 0; |