afs: Fix the non-encryption of calls

[ Upstream commit 4776cab43fd3111618112737a257dc3ef368eddd ] Some AFS servers refuse to accept unencrypted traffic, so can't be accessed with kAFS. Set the AF_RXRPC security level to encrypt client calls to deal with this. Note that incoming service calls are set by the remote client and so aren't affected by this. This requires an AF_RXRPC patch to pass the value set by setsockopt to calls begun by the kernel. Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Sasha Levin <alexander.levin@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
author: David Howells <dhowells@redhat.com> 2018-05-10 23:10:40 +0100
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2018-06-21 04:02:59 +0900
commit: 634b9e0aabd92d2b6f0df7580b60fd0921b1c578 (patch)
tree: 8adc381927a03369f71b9865e00382e5637a58c2 /fs/afs
parent: a92a286361572e65988e37ac7c5da91a04e26a01 (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/fs/afs/rxrpc.c b/fs/afs/rxrpc.c
index 9f715c3edcf9..ccc9c708a860 100644
--- a/fs/afs/rxrpc.c
+++ b/fs/afs/rxrpc.c
@@ -55,6 +55,7 @@ int afs_open_socket(void)
 {
 	struct sockaddr_rxrpc srx;
 	struct socket *socket;
+	unsigned int min_level;
 	int ret;
 
 	_enter("");
@@ -80,6 +81,12 @@ int afs_open_socket(void)
 	memset(&srx.transport.sin.sin_addr, 0,
 	       sizeof(srx.transport.sin.sin_addr));
 
+	min_level = RXRPC_SECURITY_ENCRYPT;
+	ret = kernel_setsockopt(socket, SOL_RXRPC, RXRPC_MIN_SECURITY_LEVEL,
+				(void *)&min_level, sizeof(min_level));
+	if (ret < 0)
+		goto error_2;
+
 	ret = kernel_bind(socket, (struct sockaddr *) &srx, sizeof(srx));
 	if (ret < 0)
 		goto error_2;
author	David Howells <dhowells@redhat.com>	2018-05-10 23:10:40 +0100
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2018-06-21 04:02:59 +0900
commit	634b9e0aabd92d2b6f0df7580b60fd0921b1c578 (patch)
tree	8adc381927a03369f71b9865e00382e5637a58c2 /fs/afs
parent	a92a286361572e65988e37ac7c5da91a04e26a01 (diff)