Received: by 2002:ac0:a5b6:0:0:0:0:0 with SMTP id m51-v6csp3645252imm; Mon, 18 Jun 2018 01:28:05 -0700 (PDT) X-Google-Smtp-Source: ADUXVKLxzPtRiVvV6RNnJwDQBu02u9ZGXBDeq9X2/30PNq2cmOstyKiHtxfhRvyZj47gQf1fdG0h X-Received: by 2002:a65:644f:: with SMTP id s15-v6mr10240324pgv.228.1529310485417; Mon, 18 Jun 2018 01:28:05 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1529310485; cv=none; d=google.com; s=arc-20160816; b=JZyTJlfjX3nqeWg1a9MXQyqGa3h1W9NZYKb7vp/MAITcA4d7w1TDYgvuZdN/+rxOsG 9wOt+7OT8Frf44aEKVRnEjrduBRbc+G9bsLCv7Of9rXx0mktdqw+0B6B8q5bOiNdh5Wk GgnUCWA5F2ioGdmysrsAnVNLppcdyFp5BoeRQQbmhW/m2nL/5G1LfjYWSATWcwQQ3hYj Cy0GfWFoWbgWY5Hn0UBb2y0tqaZtl0yhoVp5jiw80iN6RBNwDPOM3ddRdZpeBvrrfRNg Zp1URg+ntAkiRMWLyeN3hJhWyO7ThzvnSesphFMCRzPu3dF3q6befmIeE0eCERJqt7Y8 HqVg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :in-reply-to:message-id:date:subject:cc:to:from :arc-authentication-results; bh=Wxmj0sUAlO5eN+fmEjKa7O2jbYQCAWDc+yRl3dk+LSQ=; b=f7+I4/idVmvJstlV6M6XM5gTCm3ZQ3M+/1yeRZj0NFZ0IE9JzWpCO5+qeycGiJHeHf Hb61E+Is8uBoTmgZbwRoJxpEnXZ73zp3/Y/ju/rQnf1vQFvry+V6MODLqWCe5qoPh9rv rPQQ4+tbHg1qiOtTcHEuTCboRsBzuOr6P3fcAZm2D5Mv+njUO//iai68Sa+uOw1ozpt5 veCPEao22n5sHyxHdvd5OejPJ1eieTUUSPByR0XamI03GxBDlqkVo3IVc1S5fne34AiJ +xP+JGTQI+Q6tEoC//8JYponr+tgL8/zSz9GPo/XAyZDH2ryVkQ+uWEb6hoW0ZaWJe+u tibg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v22-v6si13941491ply.328.2018.06.18.01.27.52; Mon, 18 Jun 2018 01:28:05 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S936678AbeFRI1R (ORCPT + 99 others); Mon, 18 Jun 2018 04:27:17 -0400 Received: from mail.linuxfoundation.org ([140.211.169.12]:57570 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S935984AbeFRI1P (ORCPT ); Mon, 18 Jun 2018 04:27:15 -0400 Received: from localhost (LFbn-1-12247-202.w90-92.abo.wanadoo.fr [90.92.61.202]) by mail.linuxfoundation.org (Postfix) with ESMTPSA id 853F3C5C; Mon, 18 Jun 2018 08:27:14 +0000 (UTC) From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, David Howells , Sasha Levin Subject: [PATCH 4.16 255/279] afs: Fix the non-encryption of calls Date: Mon, 18 Jun 2018 10:14:00 +0200 Message-Id: <20180618080619.284716087@linuxfoundation.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180618080608.851973560@linuxfoundation.org> References: <20180618080608.851973560@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.16-stable review patch. If anyone has any objections, please let me know. ------------------ From: David Howells [ Upstream commit 4776cab43fd3111618112737a257dc3ef368eddd ] Some AFS servers refuse to accept unencrypted traffic, so can't be accessed with kAFS. Set the AF_RXRPC security level to encrypt client calls to deal with this. Note that incoming service calls are set by the remote client and so aren't affected by this. This requires an AF_RXRPC patch to pass the value set by setsockopt to calls begun by the kernel. Signed-off-by: David Howells Signed-off-by: Sasha Levin Signed-off-by: Greg Kroah-Hartman --- fs/afs/rxrpc.c | 7 +++++++ 1 file changed, 7 insertions(+) --- a/fs/afs/rxrpc.c +++ b/fs/afs/rxrpc.c @@ -41,6 +41,7 @@ int afs_open_socket(struct afs_net *net) { struct sockaddr_rxrpc srx; struct socket *socket; + unsigned int min_level; int ret; _enter(""); @@ -60,6 +61,12 @@ int afs_open_socket(struct afs_net *net) srx.transport.sin6.sin6_family = AF_INET6; srx.transport.sin6.sin6_port = htons(AFS_CM_PORT); + min_level = RXRPC_SECURITY_ENCRYPT; + ret = kernel_setsockopt(socket, SOL_RXRPC, RXRPC_MIN_SECURITY_LEVEL, + (void *)&min_level, sizeof(min_level)); + if (ret < 0) + goto error_2; + ret = kernel_bind(socket, (struct sockaddr *) &srx, sizeof(srx)); if (ret == -EADDRINUSE) { srx.transport.sin6.sin6_port = 0;