summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDavid Howells <dhowells@redhat.com>2018-05-10 23:10:40 +0100
committerDavid Howells <dhowells@redhat.com>2018-05-14 15:15:19 +0100
commit4776cab43fd3111618112737a257dc3ef368eddd (patch)
treeafff2a3feab3838763103dd5e59fffb487dd4c1e
parent428edade4e6c70e5b51fcd4188d944fbb744d84c (diff)
downloadlinux-4776cab43fd3111618112737a257dc3ef368eddd.tar.gz
linux-4776cab43fd3111618112737a257dc3ef368eddd.tar.bz2
linux-4776cab43fd3111618112737a257dc3ef368eddd.zip
afs: Fix the non-encryption of calls
Some AFS servers refuse to accept unencrypted traffic, so can't be accessed with kAFS. Set the AF_RXRPC security level to encrypt client calls to deal with this. Note that incoming service calls are set by the remote client and so aren't affected by this. This requires an AF_RXRPC patch to pass the value set by setsockopt to calls begun by the kernel. Signed-off-by: David Howells <dhowells@redhat.com>
-rw-r--r--fs/afs/rxrpc.c7
1 files changed, 7 insertions, 0 deletions
diff --git a/fs/afs/rxrpc.c b/fs/afs/rxrpc.c
index d0eee5d32c94..08735948f15d 100644
--- a/fs/afs/rxrpc.c
+++ b/fs/afs/rxrpc.c
@@ -41,6 +41,7 @@ int afs_open_socket(struct afs_net *net)
{
struct sockaddr_rxrpc srx;
struct socket *socket;
+ unsigned int min_level;
int ret;
_enter("");
@@ -60,6 +61,12 @@ int afs_open_socket(struct afs_net *net)
srx.transport.sin6.sin6_family = AF_INET6;
srx.transport.sin6.sin6_port = htons(AFS_CM_PORT);
+ min_level = RXRPC_SECURITY_ENCRYPT;
+ ret = kernel_setsockopt(socket, SOL_RXRPC, RXRPC_MIN_SECURITY_LEVEL,
+ (void *)&min_level, sizeof(min_level));
+ if (ret < 0)
+ goto error_2;
+
ret = kernel_bind(socket, (struct sockaddr *) &srx, sizeof(srx));
if (ret == -EADDRINUSE) {
srx.transport.sin6.sin6_port = 0;