1. 30 9月, 2010 5 次提交
    • B
      cifs: Allow binding to local IP address. · 3eb9a889
      Ben Greear 提交于
      When using multi-homed machines, it's nice to be able to specify
      the local IP to use for outbound connections.  This patch gives
      cifs the ability to bind to a particular IP address.
      
         Usage:  mount -t cifs -o srcaddr=192.168.1.50,user=foo, ...
         Usage:  mount -t cifs -o srcaddr=2002::100:1,user=foo, ...
      Acked-by: NJeff Layton <jlayton@redhat.com>
      Acked-by: NDr. David Holder <david.holder@erion.co.uk>
      Signed-off-by: NBen Greear <greearb@candelatech.com>
      Signed-off-by: NSteve French <sfrench@us.ibm.com>
      3eb9a889
    • S
      cifs NTLMv2/NTLMSSP ntlmv2 within ntlmssp autentication code · 2b149f11
      Shirish Pargaonkar 提交于
      Attribue Value (AV) pairs or Target Info (TI) pairs are part of
      ntlmv2 authentication.
      Structure ntlmv2_resp had only definition for two av pairs.
      So removed it, and now allocation of av pairs is dynamic.
      For servers like Windows 7/2008, av pairs sent by server in
      challege packet (type 2 in the ntlmssp exchange/negotiation) can
      vary.
      
      Server sends them during ntlmssp negotiation. So when ntlmssp is used
      as an authentication mechanism, type 2 challenge packet from server
      has this information.  Pluck it and use the entire blob for
      authenticaiton purpose.  If user has not specified, extract
      (netbios) domain name from the av pairs which is used to calculate
      ntlmv2 hash.  Servers like Windows 7 are particular about the AV pair
      blob.
      
      Servers like Windows 2003, are not very strict about the contents
      of av pair blob used during ntlmv2 authentication.
      So when security mechanism such as ntlmv2 is used (not ntlmv2 in ntlmssp),
      there is no negotiation and so genereate a minimal blob that gets
      used in ntlmv2 authentication as well as gets sent.
      
      Fields tilen and tilbob are session specific.  AV pair values are defined.
      
      To calculate ntlmv2 response we need ti/av pair blob.
      
      For sec mech like ntlmssp, the blob is plucked from type 2 response from
      the server.  From this blob, netbios name of the domain is retrieved,
      if user has not already provided, to be included in the Target String
      as part of ntlmv2 hash calculations.
      
      For sec mech like ntlmv2, create a minimal, two av pair blob.
      
      The allocated blob is freed in case of error.  In case there is no error,
      this blob is used in calculating ntlmv2 response (in CalcNTLMv2_response)
      and is also copied on the response to the server, and then freed.
      
      The type 3 ntlmssp response is prepared on a buffer,
      5 * sizeof of struct _AUTHENTICATE_MESSAGE, an empirical value large
      enough to hold _AUTHENTICATE_MESSAGE plus a blob with max possible
      10 values as part of ntlmv2 response and lmv2 keys and domain, user,
      workstation  names etc.
      
      Also, kerberos gets selected as a default mechanism if server supports it,
      over the other security mechanisms.
      Signed-off-by: NShirish Pargaonkar <shirishpargaonkar@gmail.com>
      Signed-off-by: NSteve French <sfrench@us.ibm.com>
      2b149f11
    • S
      cifs NTLMv2/NTLMSSP Change variable name mac_key to session key to reflect the key it holds · 5f98ca9a
      Shirish Pargaonkar 提交于
      Change name of variable mac_key to session key.
      The reason mac_key was changed to session key is, this structure does not
      hold message authentication code, it holds the session key (for ntlmv2,
      ntlmv1 etc.).  mac is generated as a signature in cifs_calc* functions.
      Signed-off-by: NShirish Pargaonkar <shirishpargaonkar@gmail.com>
      Signed-off-by: NSteve French <sfrench@us.ibm.com>
      5f98ca9a
    • S
      cifs: fix broken oplock handling · aa91c7e4
      Suresh Jayaraman 提交于
      cifs_new_fileinfo() does not use the 'oplock' value from the callers. Instead,
      it sets it to REQ_OPLOCK which seems wrong. We should be using the oplock value
      obtained from the Server to set the inode's clientCanCacheAll or
      clientCanCacheRead flags. Fix this by passing oplock from the callers to
      cifs_new_fileinfo().
      
      This change dates back to commit a6ce4932 (2.6.30-rc3). So, all the affected
      versions will need this fix. Please Cc stable once reviewed and accepted.
      
      Cc: Stable <stable@kernel.org>
      Reviewed-by: NJeff Layton <jlayton@redhat.com>
      Signed-off-by: NSuresh Jayaraman <sjayaraman@suse.de>
      Signed-off-by: NSteve French <sfrench@us.ibm.com>
      aa91c7e4
    • S
      cifs: use type __u32 instead of int for the oplock parameter · a347ecb2
      Suresh Jayaraman 提交于
      ... and avoid implicit casting from a signed type. Also, pass oplock by value
      instead by reference as we don't intend to change the value in
      cifs_open_inode_helper().
      
      Thanks to Jeff Layton for spotting this.
      Reviewed-by: NJeff Layton <jlayton@samba.org>
      Signed-off-by: NSuresh Jayaraman <sjayaraman@suse.de>
      Signed-off-by: NSteve French <sfrench@us.ibm.com>
      a347ecb2
  2. 29 9月, 2010 8 次提交
  3. 28 9月, 2010 27 次提交