1. 27 6月, 2013 12 次提交
    • S
      [CIFS] SMB3 Signing enablement · 429b46f4
      Steve French 提交于
      SMB3 uses a much faster method of signing (which is also better in other ways),
      AES-CMAC.  With the kernel now supporting AES-CMAC since last release, we
      are overdue to allow SMB3 signing (today only CIFS and SMB2 and SMB2.1,
      but not SMB3 and SMB3.1 can sign) - and we need this also for checking
      secure negotation and also per-share encryption (two other new SMB3 features
      which we need to implement).
      
      This patch needs some work in a few areas - for example we need to
      move signing for SMB2/SMB3 from per-socket to per-user (we may be able to
      use the "nosharesock" mount option in the interim for the multiuser case),
      and Shirish found a bug in the earlier authentication overhaul
      (setting signing flags properly) - but those can be done in followon
      patches.
      Signed-off-by: NShirish Pargaonkar <shirishpargaonkar@gmail.com>
      Signed-off-by: NSteve French <smfrench@gmail.com>
      429b46f4
    • S
      [CIFS] Do not set DFS flag on SMB2 open · f87ab88b
      Steve French 提交于
      If we would set SMB2_FLAGS_DFS_OPERATIONS on open we also would have
      to pass the path on the Open SMB prefixed by \\server\share.
      Not sure when we would need to do the augmented path (if ever) and
      setting this flag breaks the SMB2 open operation since it is
      illegal to send an empty path name (without \\server\share prefix)
      when the DFS flag is set in the SMB open header. We could
      consider setting the flag on all operations other than open
      but it is safer to net set it for now.
      Signed-off-by: NSteve French <smfrench@gmail.com>
      f87ab88b
    • S
      [CIFS] fix static checker warning · 84ceeb96
      Steve French 提交于
      Dan Carpenter wrote:
      
      The patch 7f420cee8bd6: "[CIFS] Charge at least one credit, if server
      says that it supports multicredit" from Jun 23, 2013, leads to the
      following Smatch complaint:
      
      fs/cifs/smb2pdu.c:120 smb2_hdr_assemble()
               warn: variable dereferenced before check 'tcon->ses' (see line 115)
      
      CC: Dan Carpenter <dan.carpenter@oracle.com>
      Signed-off-by: NSteve French <smfrench@gmail.com>
      84ceeb96
    • J
      cifs: try to handle the MUST SecurityFlags sanely · 52dfb446
      Jeff Layton 提交于
      The cifs.ko SecurityFlags interface wins my award for worst-designed
      interface ever, but we're sort of stuck with it since it's documented
      and people do use it (even if it doesn't work correctly).
      
      Case in point -- you can specify multiple sets of "MUST" flags. It makes
      absolutely no sense, but you can do it.
      
      What should the effect be in such a case? No one knows or seems to have
      considered this so far, so let's define it now. If you try to specify
      multiple MUST flags, clear any other MAY or MUST bits except for the
      ones that involve signing.
      Signed-off-by: NJeff Layton <jlayton@redhat.com>
      Reviewed-by: NPavel Shilovsky <piastry@etersoft.ru>
      Signed-off-by: NSteve French <smfrench@gmail.com>
      52dfb446
    • S
      When server doesn't provide SecurityBuffer on SMB2Negotiate pick default · 5d875cc9
      Steve French 提交于
      According to MS-SMB2 section 2.2.4: if no blob, client picks default which
      for us will be
      	ses->sectype = RawNTLMSSP;
      but for time being this is also our only auth choice so doesn't matter
      as long as we include this fix (which does not treat the empty
      SecurityBuffer as an error as the code had been doing).
      We just found a server which sets blob length to zero expecting raw so
      this fixes negotiation with that server.
      Signed-off-by: NSteve French <smfrench@gmail.com>
      5d875cc9
    • S
      Handle big endianness in NTLM (ntlmv2) authentication · fdf96a90
      Steve French 提交于
      This is RH bug 970891
      Uppercasing of username during calculation of ntlmv2 hash fails
      because UniStrupr function does not handle big endian wchars.
      
      Also fix a comment in the same code to reflect its correct usage.
      
      [To make it easier for stable (rather than require 2nd patch) fixed
      this patch of Shirish's to remove endian warning generated
      by sparse -- steve f.]
      Reported-by: Nsteve <sanpatr1@in.ibm.com>
      Signed-off-by: NShirish Pargaonkar <shirishpargaonkar@gmail.com>
      Cc: <stable@kernel.org>
      Reviewed-by: NJeff Layton <jlayton@redhat.com>
      Signed-off-by: NSteve French <smfrench@gmail.com>
      fdf96a90
    • J
      revalidate directories instiantiated via FIND_* in order to handle DFS referrals · 2a2c41c0
      Jeff Layton 提交于
      We've had a long-standing problem with DFS referral points. CIFS servers
      generally try to make them look like directories in FIND_FIRST/NEXT
      responses. When you go to try to do a FIND_FIRST on them though, the
      server will then (correctly) return STATUS_PATH_NOT_COVERED. Mostly this
      manifests as spurious EREMOTE errors back to userland.
      
      This patch attempts to fix this by marking directories that are
      discovered via FIND_FIRST/NEXT for revaldiation. When the lookup code
      runs across them again, we'll reissue a QPathInfo against them and that
      will make it chase the referral properly.
      
      There is some performance penalty involved here and no I haven't
      measured it -- it'll be highly dependent upon the workload and contents
      of the mounted share. To try and mitigate that though, the code only
      marks the inode for revalidation when it's possible to run across a DFS
      referral. i.e.: when the kernel has DFS support built in and the share
      is "in DFS"
      
      [At the Microsoft plugfest we noted that usually the DFS links had
      the REPARSE attribute tag enabled - DFS junctions are reparse points
      after all - so I just added a check for that flag too so the
      performance impact should be smaller - Steve]
      Signed-off-by: NJeff Layton <jlayton@redhat.com>
      Reviewed-by: NSachin Prabhu <sprabhu@redhat.com>
      Signed-off-by: NSteve French <smfrench@gmail.com>
      2a2c41c0
    • S
      SMB2 FSCTL and IOCTL worker function · 4a72dafa
      Steve French 提交于
      This worker function is needed to send SMB2 fsctl
      (and ioctl) requests including:
      
      validating negotiation info (secure negotiate)
      querying the servers network interfaces
      copy offload (refcopy)
      
      Followon patches for the above three will use this.
      This patch also does general validation of the response.
      
      In the future, as David Disseldorp notes, for the copychunk ioctl
      case, we will want to enhance the response processing to allow
      returning the chunk request limits to the caller (even
      though the server returns an error, in that case we would
      return data that the caller could use - see 2.2.32.1).
      
      See MS-SMB2 Section 2.2.31 for more details on format of fsctl.
      Acked-by: NPavel Shilovsky <piastry@etersoft.ru>
      Signed-off-by: NSteve French <smfrench@gmail.com>
      4a72dafa
    • S
      Charge at least one credit, if server says that it supports multicredit · 2b80d049
      Steve French 提交于
      In SMB2.1 and later the server will usually set the large MTU flag, and
      we need to charge at least one credit, if server says that since
      it supports multicredit.  Windows seems to let us get away with putting
      a zero there, but they confirmed that it is wrong and the spec says
      to put one there (if the request is under 64K and the CAP_LARGE_MTU
      was returned during protocol negotiation by the server.
      
      CC: Pavel Shilovsky <piastry@etersoft.ru>
      Signed-off-by: NSteve French <smfrench@gmail.com>
      2b80d049
    • S
      Remove typo · 7f653858
      Steve French 提交于
      Cut and paste likely introduced accidentally inserted spurious #define
      in d60622eb causes no harm but looks weird
      Signed-off-by: NSteve French <smfrench@gmail.com>
      7f653858
    • S
      Some missing share flags · c8664730
      Steve French 提交于
      Acked-by: NJeff Layton <jlayton@redhat.com>
      Signed-off-by: NSteve French <smfrench@gmail.com>
      c8664730
    • Z
      cifs: using strlcpy instead of strncpy · 46b51d08
      Zhao Hongjiang 提交于
      for NUL terminated string, need alway set '\0' in the end.
      Signed-off-by: NZhao Hongjiang <zhaohongjiang@huawei.com>
      Signed-off-by: NSteve French <smfrench@gmail.com>
      46b51d08
  2. 24 6月, 2013 26 次提交
  3. 23 6月, 2013 2 次提交