1. 28 6月, 2015 1 次提交
  2. 13 8月, 2014 1 次提交
  3. 12 11月, 2013 1 次提交
  4. 03 11月, 2013 2 次提交
    • S
      Allow setting per-file compression via CIFS protocol · c7f508a9
      Steve French 提交于
      An earlier patch allowed setting the per-file compression flag
      
      "chattr +c filename"
      
      on an smb2 or smb3 mount, and also allowed lsattr to return
      whether a file on a cifs, or smb2/smb3 mount was compressed.
      
      This patch extends the ability to set the per-file
      compression flag to the cifs protocol, which uses a somewhat
      different IOCTL mechanism than SMB2, although the payload
      (the flags stored in the compression_state) are the same.
      Reviewed-by: NJeff Layton <jlayton@redhat.com>
      Signed-off-by: NSteve French <smfrench@gmail.com>
      c7f508a9
    • T
      cifs: Make big endian multiplex ID sequences monotonic on the wire · 3d378d3f
      Tim Gardner 提交于
      The multiplex identifier (MID) in the SMB header is only
      ever used by the client, in conjunction with PID, to match responses
      from the server. As such, the endianess of the MID is not important.
      However, When tracing packet sequences on the wire, protocol analyzers
      such as wireshark display MID as little endian. It is much more informative
      for the on-the-wire MID sequences to match debug information emitted by the
      CIFS driver.  Therefore, one should write and read MID in the SMB header
      assuming it is always little endian.
      
      Observed from wireshark during the protocol negotiation
      and session setup:
      
              Multiplex ID: 256
              Multiplex ID: 256
              Multiplex ID: 512
              Multiplex ID: 512
              Multiplex ID: 768
              Multiplex ID: 768
      
      After this patch on-the-wire MID values begin at 1 and increase monotonically.
      
      Introduce get_next_mid64() for the internal consumers that use the full 64 bit
      multiplex identifier.
      
      Introduce the helpers get_mid() and compare_mid() to make the endian
      translation clear.
      Reviewed-by: NJeff Layton <jlayton@redhat.com>
      Signed-off-by: NTim Gardner <timg@tpi.com>
      Signed-off-by: NSteve French <smfrench@gmail.com>
      3d378d3f
  5. 28 10月, 2013 1 次提交
  6. 06 10月, 2013 1 次提交
    • S
      do not treat non-symlink reparse points as valid symlinks · c31f3307
      Steve French 提交于
      Windows 8 and later can create NFS symlinks (within reparse points)
      which we were assuming were normal NTFS symlinks and thus reporting
      corrupt paths for.  Add check for reparse points to make sure that
      they really are normal symlinks before we try to parse the pathname.
      
      We also should not be parsing other types of reparse points (DFS
      junctions etc) as if they were a  symlink so return EOPNOTSUPP
      on those.  Also fix endian errors (we were not parsing symlink
      lengths as little endian).
      
      This fixes commit d244bf2d
      which implemented follow link for non-Unix CIFS mounts
      
      CC: Stable <stable@kernel.org>
      Reviewed-by: NAndrew Bartlett <abartlet@samba.org>
      Signed-off-by: NSteve French <smfrench@gmail.com>
      c31f3307
  7. 26 9月, 2013 1 次提交
  8. 09 9月, 2013 1 次提交
  9. 27 6月, 2013 1 次提交
    • S
      [CIFS] SMB3 Signing enablement · 429b46f4
      Steve French 提交于
      SMB3 uses a much faster method of signing (which is also better in other ways),
      AES-CMAC.  With the kernel now supporting AES-CMAC since last release, we
      are overdue to allow SMB3 signing (today only CIFS and SMB2 and SMB2.1,
      but not SMB3 and SMB3.1 can sign) - and we need this also for checking
      secure negotation and also per-share encryption (two other new SMB3 features
      which we need to implement).
      
      This patch needs some work in a few areas - for example we need to
      move signing for SMB2/SMB3 from per-socket to per-user (we may be able to
      use the "nosharesock" mount option in the interim for the multiuser case),
      and Shirish found a bug in the earlier authentication overhaul
      (setting signing flags properly) - but those can be done in followon
      patches.
      Signed-off-by: NShirish Pargaonkar <shirishpargaonkar@gmail.com>
      Signed-off-by: NSteve French <smfrench@gmail.com>
      429b46f4
  10. 24 6月, 2013 2 次提交
  11. 13 2月, 2013 1 次提交
    • E
      cifs: Use kuids and kgids SID to uid/gid mapping · 8abf2775
      Eric W. Biederman 提交于
      Update id_mode_to_cifs_acl to take a kuid_t and a kgid_t.
      
      Replace NO_CHANGE_32 with INVALID_UID and INVALID_GID, and tests for
      NO_CHANGE_32 with uid_valid and gid_valid.
      
      Carefully unpack the value returned from request_key.  memcpy the
      value into the expected type.  The convert the uid/gid into a
      kuid/kgid.  And then only if the result is a valid kuid or kgid update
      fuid/fgid.
      
      Cc: Steve French <smfrench@gmail.com>
      Signed-off-by: N"Eric W. Biederman" <ebiederm@xmission.com>
      8abf2775
  12. 25 9月, 2012 1 次提交
  13. 28 10月, 2011 1 次提交
  14. 20 10月, 2011 1 次提交
  15. 19 5月, 2011 3 次提交
  16. 21 1月, 2011 2 次提交
  17. 27 10月, 2010 2 次提交
    • S
      NTLM auth and sign - Define crypto hash functions and create and send keys needed for key exchange · d2b91521
      Shirish Pargaonkar 提交于
      Mark dependency on crypto modules in Kconfig.
      
      Defining per structures sdesc and cifs_secmech which are used to store
      crypto hash functions and contexts.  They are stored per smb connection
      and used for all auth mechs to genereate hash values and signatures.
      
      Allocate crypto hashing functions, security descriptiors, and respective
      contexts when a smb/tcp connection is established.
      Release them when a tcp/smb connection is taken down.
      
      md5 and hmac-md5 are two crypto hashing functions that are used
      throught the life of an smb/tcp connection by various functions that
      calcualte signagure and ntlmv2 hash, HMAC etc.
      
      structure ntlmssp_auth is defined as per smb connection.
      
      ntlmssp_auth holds ciphertext which is genereated by rc4/arc4 encryption of
      secondary key, a nonce using ntlmv2 session key and sent in the session key
      field of the type 3 message sent by the client during ntlmssp
      negotiation/exchange
      
      A key is exchanged with the server if client indicates so in flags in
      type 1 messsage and server agrees in flag in type 2 message of ntlmssp
      negotiation.  If both client and agree, a key sent by client in
      type 3 message of ntlmssp negotiation in the session key field.
      The key is a ciphertext generated off of secondary key, a nonce, using
      ntlmv2 hash via rc4/arc4.
      
      Signing works for ntlmssp in this patch. The sequence number within
      the server structure needs to be zero until session is established
      i.e. till type 3 packet of ntlmssp exchange of a to be very first
      smb session on that smb connection is sent.
      Acked-by: NJeff Layton <jlayton@redhat.com>
      Signed-off-by: NShirish Pargaonkar <shirishpargaonkar@gmail.com>
      Signed-off-by: NSteve French <sfrench@us.ibm.com>
      d2b91521
    • S
      NTLM auth and sign - Allocate session key/client response dynamically · 21e73393
      Shirish Pargaonkar 提交于
      Start calculating auth response within a session.  Move/Add pertinet
      data structures like session key, server challenge and ntlmv2_hash in
      a session structure.  We should do the calculations within a session
      before copying session key and response over to server data
      structures because a session setup can fail.
      
      Only after a very first smb session succeeds, it copy/make its
      session key, session key of smb connection.  This key stays with
      the smb connection throughout its life.
      sequence_number within server is set to 0x2.
      
      The authentication Message Authentication Key (mak) which consists
      of session key followed by client response within structure session_key
      is now dynamic.  Every authentication type allocates the key + response
      sized memory within its session structure and later either assigns or
      frees it once the client response is sent and if session's session key
      becomes connetion's session key.
      
      ntlm/ntlmi authentication functions are rearranged.  A function
      named setup_ntlm_resp(), similar to setup_ntlmv2_resp(), replaces
      function cifs_calculate_session_key().
      
      size of CIFS_SESS_KEY_SIZE is changed to 16, to reflect the byte size
      of the key it holds.
      Reviewed-by: NJeff Layton <jlayton@samba.org>
      Signed-off-by: NShirish Pargaonkar <shirishpargaonkar@gmail.com>
      Signed-off-by: NSteve French <sfrench@us.ibm.com>
      21e73393
  18. 30 9月, 2010 1 次提交
    • S
      cifs NTLMv2/NTLMSSP ntlmv2 within ntlmssp autentication code · 2b149f11
      Shirish Pargaonkar 提交于
      Attribue Value (AV) pairs or Target Info (TI) pairs are part of
      ntlmv2 authentication.
      Structure ntlmv2_resp had only definition for two av pairs.
      So removed it, and now allocation of av pairs is dynamic.
      For servers like Windows 7/2008, av pairs sent by server in
      challege packet (type 2 in the ntlmssp exchange/negotiation) can
      vary.
      
      Server sends them during ntlmssp negotiation. So when ntlmssp is used
      as an authentication mechanism, type 2 challenge packet from server
      has this information.  Pluck it and use the entire blob for
      authenticaiton purpose.  If user has not specified, extract
      (netbios) domain name from the av pairs which is used to calculate
      ntlmv2 hash.  Servers like Windows 7 are particular about the AV pair
      blob.
      
      Servers like Windows 2003, are not very strict about the contents
      of av pair blob used during ntlmv2 authentication.
      So when security mechanism such as ntlmv2 is used (not ntlmv2 in ntlmssp),
      there is no negotiation and so genereate a minimal blob that gets
      used in ntlmv2 authentication as well as gets sent.
      
      Fields tilen and tilbob are session specific.  AV pair values are defined.
      
      To calculate ntlmv2 response we need ti/av pair blob.
      
      For sec mech like ntlmssp, the blob is plucked from type 2 response from
      the server.  From this blob, netbios name of the domain is retrieved,
      if user has not already provided, to be included in the Target String
      as part of ntlmv2 hash calculations.
      
      For sec mech like ntlmv2, create a minimal, two av pair blob.
      
      The allocated blob is freed in case of error.  In case there is no error,
      this blob is used in calculating ntlmv2 response (in CalcNTLMv2_response)
      and is also copied on the response to the server, and then freed.
      
      The type 3 ntlmssp response is prepared on a buffer,
      5 * sizeof of struct _AUTHENTICATE_MESSAGE, an empirical value large
      enough to hold _AUTHENTICATE_MESSAGE plus a blob with max possible
      10 values as part of ntlmv2 response and lmv2 keys and domain, user,
      workstation  names etc.
      
      Also, kerberos gets selected as a default mechanism if server supports it,
      over the other security mechanisms.
      Signed-off-by: NShirish Pargaonkar <shirishpargaonkar@gmail.com>
      Signed-off-by: NSteve French <sfrench@us.ibm.com>
      2b149f11
  19. 09 9月, 2010 1 次提交
  20. 21 8月, 2010 1 次提交
  21. 24 2月, 2010 1 次提交
  22. 05 12月, 2009 1 次提交
  23. 02 7月, 2009 1 次提交
    • J
      cifs: add new cifs_iget function and convert unix codepath to use it · cc0bad75
      Jeff Layton 提交于
      cifs: add new cifs_iget function and convert unix codepath to use it
      
      In order to unify some codepaths, introduce a common cifs_fattr struct
      for storing inode attributes. The different codepaths (unix, legacy,
      normal, etc...) can fill out this struct with inode info. It can then be
      passed as an arg to a common set of routines to get and update inodes.
      
      Add a new cifs_iget function that uses iget5_locked to identify inodes.
      This will compare inodes based on the uniqueid value in a cifs_fattr
      struct.
      
      Rather than filling out an already-created inode, have
      cifs_get_inode_info_unix instead fill out cifs_fattr and hand that off
      to cifs_iget. cifs_iget can then properly look for hardlinked inodes.
      
      On the readdir side, add a new cifs_readdir_lookup function that spawns
      populated dentries. Redefine FILE_UNIX_INFO so that it's basically a
      FILE_UNIX_BASIC_INFO that has a few fields wrapped around it. This
      allows us to more easily use the same function for filling out the fattr
      as the non-readdir codepath.
      
      With this, we should then have proper hardlink detection and can
      eventually get rid of some nasty CIFS-specific hacks for handing them.
      Signed-off-by: NJeff Layton <jlayton@redhat.com>
      Reviewed-by: NChristoph Hellwig <hch@lst.de>
      Signed-off-by: NSteve French <sfrench@us.ibm.com>
      cc0bad75
  24. 17 4月, 2009 1 次提交
  25. 12 3月, 2009 3 次提交
  26. 26 12月, 2008 1 次提交
  27. 06 8月, 2008 1 次提交
  28. 24 7月, 2008 1 次提交
  29. 24 5月, 2008 1 次提交
  30. 17 5月, 2008 2 次提交
  31. 12 5月, 2008 1 次提交
    • J
      [CIFS] when not using unix extensions, check for and set ATTR_READONLY on create and mkdir · 67750fb9
      Jeff Layton 提交于
      When creating a directory on a CIFS share without POSIX extensions,
      and the given mode has no write bits set, set the ATTR_READONLY bit.
      
      When creating a file, set ATTR_READONLY if the create mode has no write
      bits set and we're not using unix extensions.
      
      There are some comments about this being problematic due to the VFS
      splitting creates into 2 parts. I'm not sure what that's actually
      talking about, but I'm assuming that it has something to do with how
      mknod is implemented. In the simple case where we have no unix
      extensions and we're just creating a regular file, there's no reason
      we can't set ATTR_READONLY.
      Signed-off-by: NJeff Layton <jlayton@redhat.com>
      Signed-off-by: NSteve French <sfrench@us.ibm.com>
      67750fb9