1. 03 8月, 2011 1 次提交
  2. 01 8月, 2011 1 次提交
  3. 13 7月, 2011 1 次提交
  4. 27 5月, 2011 1 次提交
  5. 19 5月, 2011 3 次提交
    • J
      cifs: keep BCC in little-endian format · 820a803f
      Jeff Layton 提交于
      This is the same patch as originally posted, just with some merge
      conflicts fixed up...
      
      Currently, the ByteCount is usually converted to host-endian on receive.
      This is confusing however, as we need to keep two sets of routines for
      accessing it, and keep track of when to use each routine. Munging
      received packets like this also limits when the signature can be
      calulated.
      
      Simplify the code by keeping the received ByteCount in little-endian
      format. This allows us to eliminate a set of routines for accessing it
      and we can now drop the *_le suffixes from the accessor functions since
      that's now implied.
      
      While we're at it, switch all of the places that read the ByteCount
      directly to use the get_bcc inline which should also clean up some
      unaligned accesses.
      Signed-off-by: NJeff Layton <jlayton@redhat.com>
      Signed-off-by: NSteve French <sfrench@us.ibm.com>
      820a803f
    • S
      consistently use smb_buf_length as be32 for cifs (try 3) · be8e3b00
      Steve French 提交于
             There is one big endian field in the cifs protocol, the RFC1001
             length, which cifs code (unlike in the smb2 code) had been handling as
             u32 until the last possible moment, when it was converted to be32 (its
             native form) before sending on the wire.   To remove the last sparse
             endian warning, and to make this consistent with the smb2
             implementation  (which always treats the fields in their
             native size and endianness), convert all uses of smb_buf_length to
             be32.
      
             This version incorporates Christoph's comment about
             using be32_add_cpu, and fixes a typo in the second
             version of the patch.
      Signed-off-by: NSteve French <sfrench@us.ibm.com>
      Signed-off-by: NPavel Shilovsky <piastry@etersoft.ru>
      Signed-off-by: NSteve French <sfrench@us.ibm.com>
      be8e3b00
    • S
      [CIFS] Use ecb des kernel crypto APIs instead of · 43988d76
      Steve French 提交于
       local cifs functions (repost)
      
      Using kernel crypto APIs for DES encryption during LM and NT hash generation
      instead of local functions within cifs.
      Source file smbdes.c is deleted sans four functions, one of which
      uses ecb des functionality provided by kernel crypto APIs.
      
      Remove function SMBOWFencrypt.
      
      Add return codes to various functions such as calc_lanman_hash,
      SMBencrypt, and SMBNTencrypt.  Includes fix noticed by Dan Carpenter.
      Signed-off-by: NShirish Pargaonkar <shirishpargaonkar@gmail.com>
      CC: Dan Carpenter <error27@gmail.com>
      Acked-by: NJeff Layton <jlayton@redhat.com>
      Signed-off-by: NSteve French <sfrench@us.ibm.com>
      43988d76
  6. 29 4月, 2011 2 次提交
  7. 12 4月, 2011 2 次提交
    • S
      various endian fixes to cifs · 5443d130
      Steve French 提交于
      make modules C=2 M=fs/cifs CF=-D__CHECK_ENDIAN__
      
      Found for example:
      
       CHECK   fs/cifs/cifssmb.c
      fs/cifs/cifssmb.c:728:22: warning: incorrect type in assignment (different base types)
      fs/cifs/cifssmb.c:728:22:    expected unsigned short [unsigned] [usertype] Tid
      fs/cifs/cifssmb.c:728:22:    got restricted __le16 [usertype] <noident>
      fs/cifs/cifssmb.c:1883:45: warning: incorrect type in assignment (different base types)
      fs/cifs/cifssmb.c:1883:45:    expected long long [signed] [usertype] fl_start
      fs/cifs/cifssmb.c:1883:45:    got restricted __le64 [usertype] start
      fs/cifs/cifssmb.c:1884:54: warning: restricted __le64 degrades to integer
      fs/cifs/cifssmb.c:1885:58: warning: restricted __le64 degrades to integer
      fs/cifs/cifssmb.c:1886:43: warning: incorrect type in assignment (different base types)
      fs/cifs/cifssmb.c:1886:43:    expected unsigned int [unsigned] fl_pid
      fs/cifs/cifssmb.c:1886:43:    got restricted __le32 [usertype] pid
      
      In checking new smb2 code for missing endian conversions, I noticed
      some endian errors had crept in over the last few releases into the
      cifs code (symlink, ntlmssp, posix lock, and also a less problematic warning
      in fscache).  A followon patch will address a few smb2 endian
      problems.
      Reviewed-by: NJeff Layton <jlayton@redhat.com>
      Signed-off-by: NSteve French <sfrench@us.ibm.com>
      5443d130
    • S
      Allow user names longer than 32 bytes · 8727c8a8
      Steve French 提交于
      We artificially limited the user name to 32 bytes, but modern servers handle
      larger.  Set the maximum length to a reasonable 256, and make the user name
      string dynamically allocated rather than a fixed size in session structure.
      Also clean up old checkpatch warning.
      Signed-off-by: NSteve French <sfrench@us.ibm.com>
      8727c8a8
  8. 22 2月, 2011 1 次提交
  9. 21 1月, 2011 2 次提交
  10. 10 1月, 2011 1 次提交
  11. 07 1月, 2011 1 次提交
  12. 29 10月, 2010 2 次提交
    • S
      cifs: Cleanup and thus reduce smb session structure and fields used during authentication · d3686d54
      Shirish Pargaonkar 提交于
      Removed following fields from smb session structure
       cryptkey, ntlmv2_hash, tilen, tiblob
      and ntlmssp_auth structure is allocated dynamically only if the auth mech
      in NTLMSSP.
      
      response field within a session_key structure is used to initially store the
      target info (either plucked from type 2 challenge packet in case of NTLMSSP
      or fabricated in case of NTLMv2 without extended security) and then to store
      Message Authentication Key (mak) (session key + client response).
      
      Server challenge or cryptkey needed during a NTLMSSP authentication
      is now part of ntlmssp_auth structure which gets allocated and freed
      once authenticaiton process is done.
      Signed-off-by: NShirish Pargaonkar <shirishpargaonkar@gmail.com>
      Signed-off-by: NSteve French <sfrench@us.ibm.com>
      d3686d54
    • S
      NTLM auth and sign - Use appropriate server challenge · d3ba50b1
      Shirish Pargaonkar 提交于
      Need to have cryptkey or server challenge in smb connection
      (struct TCP_Server_Info) for ntlm and ntlmv2 auth types for which
      cryptkey (Encryption Key) is supplied just once in Negotiate Protocol
      response during an smb connection setup for all the smb sessions over
      that smb connection.
      
      For ntlmssp, cryptkey or server challenge is provided for every
      smb session in type 2 packet of ntlmssp negotiation, the cryptkey
      provided during Negotiation Protocol response before smb connection
      does not count.
      
      Rename cryptKey to cryptkey and related changes.
      Signed-off-by: NShirish Pargaonkar <shirishpargaonkar@gmail.com>
      Signed-off-by: NSteve French <sfrench@us.ibm.com>
      d3ba50b1
  13. 27 10月, 2010 3 次提交
    • S
      NTLM auth and sign - minor error corrections and cleanup · f7c5445a
      Shirish Pargaonkar 提交于
      Minor cleanup - Fix spelling mistake, make meaningful (goto) label
      
      In function setup_ntlmv2_rsp(), do not return 0 and leak memory,
      let the tiblob get freed.
      
      For function find_domain_name(), pass already available nls table pointer
      instead of loading and unloading the table again in this function.
      
      For ntlmv2, the case sensitive password length is the length of the
      response, so subtract session key length (16 bytes) from the .len.
      Signed-off-by: NShirish Pargaonkar <shirishpargaonkar@gmail.com>
      Signed-off-by: NSteve French <sfrench@us.ibm.com>
      f7c5445a
    • S
      NTLM auth and sign - Define crypto hash functions and create and send keys needed for key exchange · d2b91521
      Shirish Pargaonkar 提交于
      Mark dependency on crypto modules in Kconfig.
      
      Defining per structures sdesc and cifs_secmech which are used to store
      crypto hash functions and contexts.  They are stored per smb connection
      and used for all auth mechs to genereate hash values and signatures.
      
      Allocate crypto hashing functions, security descriptiors, and respective
      contexts when a smb/tcp connection is established.
      Release them when a tcp/smb connection is taken down.
      
      md5 and hmac-md5 are two crypto hashing functions that are used
      throught the life of an smb/tcp connection by various functions that
      calcualte signagure and ntlmv2 hash, HMAC etc.
      
      structure ntlmssp_auth is defined as per smb connection.
      
      ntlmssp_auth holds ciphertext which is genereated by rc4/arc4 encryption of
      secondary key, a nonce using ntlmv2 session key and sent in the session key
      field of the type 3 message sent by the client during ntlmssp
      negotiation/exchange
      
      A key is exchanged with the server if client indicates so in flags in
      type 1 messsage and server agrees in flag in type 2 message of ntlmssp
      negotiation.  If both client and agree, a key sent by client in
      type 3 message of ntlmssp negotiation in the session key field.
      The key is a ciphertext generated off of secondary key, a nonce, using
      ntlmv2 hash via rc4/arc4.
      
      Signing works for ntlmssp in this patch. The sequence number within
      the server structure needs to be zero until session is established
      i.e. till type 3 packet of ntlmssp exchange of a to be very first
      smb session on that smb connection is sent.
      Acked-by: NJeff Layton <jlayton@redhat.com>
      Signed-off-by: NShirish Pargaonkar <shirishpargaonkar@gmail.com>
      Signed-off-by: NSteve French <sfrench@us.ibm.com>
      d2b91521
    • S
      NTLM auth and sign - Allocate session key/client response dynamically · 21e73393
      Shirish Pargaonkar 提交于
      Start calculating auth response within a session.  Move/Add pertinet
      data structures like session key, server challenge and ntlmv2_hash in
      a session structure.  We should do the calculations within a session
      before copying session key and response over to server data
      structures because a session setup can fail.
      
      Only after a very first smb session succeeds, it copy/make its
      session key, session key of smb connection.  This key stays with
      the smb connection throughout its life.
      sequence_number within server is set to 0x2.
      
      The authentication Message Authentication Key (mak) which consists
      of session key followed by client response within structure session_key
      is now dynamic.  Every authentication type allocates the key + response
      sized memory within its session structure and later either assigns or
      frees it once the client response is sent and if session's session key
      becomes connetion's session key.
      
      ntlm/ntlmi authentication functions are rearranged.  A function
      named setup_ntlm_resp(), similar to setup_ntlmv2_resp(), replaces
      function cifs_calculate_session_key().
      
      size of CIFS_SESS_KEY_SIZE is changed to 16, to reflect the byte size
      of the key it holds.
      Reviewed-by: NJeff Layton <jlayton@samba.org>
      Signed-off-by: NShirish Pargaonkar <shirishpargaonkar@gmail.com>
      Signed-off-by: NSteve French <sfrench@us.ibm.com>
      21e73393
  14. 21 10月, 2010 1 次提交
    • S
      cifs: convert cifs_tcp_ses_lock from a rwlock to a spinlock · 3f9bcca7
      Suresh Jayaraman 提交于
      cifs_tcp_ses_lock is a rwlock with protects the cifs_tcp_ses_list,
      server->smb_ses_list and the ses->tcon_list. It also protects a few
      ref counters in server, ses and tcon. In most cases the critical section
      doesn't seem to be large, in a few cases where it is slightly large, there
      seem to be really no benefit from concurrent access. I briefly considered RCU
      mechanism but it appears to me that there is no real need.
      
      Replace it with a spinlock and get rid of the last rwlock in the cifs code.
      Signed-off-by: NSuresh Jayaraman <sjayaraman@suse.de>
      Signed-off-by: NSteve French <sfrench@us.ibm.com>
      3f9bcca7
  15. 20 10月, 2010 1 次提交
  16. 15 10月, 2010 1 次提交
  17. 07 10月, 2010 1 次提交
  18. 30 9月, 2010 2 次提交
    • S
      cifs NTLMv2/NTLMSSP ntlmv2 within ntlmssp autentication code · 2b149f11
      Shirish Pargaonkar 提交于
      Attribue Value (AV) pairs or Target Info (TI) pairs are part of
      ntlmv2 authentication.
      Structure ntlmv2_resp had only definition for two av pairs.
      So removed it, and now allocation of av pairs is dynamic.
      For servers like Windows 7/2008, av pairs sent by server in
      challege packet (type 2 in the ntlmssp exchange/negotiation) can
      vary.
      
      Server sends them during ntlmssp negotiation. So when ntlmssp is used
      as an authentication mechanism, type 2 challenge packet from server
      has this information.  Pluck it and use the entire blob for
      authenticaiton purpose.  If user has not specified, extract
      (netbios) domain name from the av pairs which is used to calculate
      ntlmv2 hash.  Servers like Windows 7 are particular about the AV pair
      blob.
      
      Servers like Windows 2003, are not very strict about the contents
      of av pair blob used during ntlmv2 authentication.
      So when security mechanism such as ntlmv2 is used (not ntlmv2 in ntlmssp),
      there is no negotiation and so genereate a minimal blob that gets
      used in ntlmv2 authentication as well as gets sent.
      
      Fields tilen and tilbob are session specific.  AV pair values are defined.
      
      To calculate ntlmv2 response we need ti/av pair blob.
      
      For sec mech like ntlmssp, the blob is plucked from type 2 response from
      the server.  From this blob, netbios name of the domain is retrieved,
      if user has not already provided, to be included in the Target String
      as part of ntlmv2 hash calculations.
      
      For sec mech like ntlmv2, create a minimal, two av pair blob.
      
      The allocated blob is freed in case of error.  In case there is no error,
      this blob is used in calculating ntlmv2 response (in CalcNTLMv2_response)
      and is also copied on the response to the server, and then freed.
      
      The type 3 ntlmssp response is prepared on a buffer,
      5 * sizeof of struct _AUTHENTICATE_MESSAGE, an empirical value large
      enough to hold _AUTHENTICATE_MESSAGE plus a blob with max possible
      10 values as part of ntlmv2 response and lmv2 keys and domain, user,
      workstation  names etc.
      
      Also, kerberos gets selected as a default mechanism if server supports it,
      over the other security mechanisms.
      Signed-off-by: NShirish Pargaonkar <shirishpargaonkar@gmail.com>
      Signed-off-by: NSteve French <sfrench@us.ibm.com>
      2b149f11
    • S
      cifs NTLMv2/NTLMSSP Change variable name mac_key to session key to reflect the key it holds · 5f98ca9a
      Shirish Pargaonkar 提交于
      Change name of variable mac_key to session key.
      The reason mac_key was changed to session key is, this structure does not
      hold message authentication code, it holds the session key (for ntlmv2,
      ntlmv1 etc.).  mac is generated as a signature in cifs_calc* functions.
      Signed-off-by: NShirish Pargaonkar <shirishpargaonkar@gmail.com>
      Signed-off-by: NSteve French <sfrench@us.ibm.com>
      5f98ca9a
  19. 09 9月, 2010 3 次提交
  20. 26 8月, 2010 1 次提交
  21. 24 8月, 2010 1 次提交
  22. 21 8月, 2010 1 次提交
  23. 17 6月, 2010 1 次提交
    • J
      cifs: remove bogus first_time check in NTLMv2 session setup code · 8a224d48
      Jeff Layton 提交于
      This bug appears to be the result of a cut-and-paste mistake from the
      NTLMv1 code. The function to generate the MAC key was commented out, but
      not the conditional above it. The conditional then ended up causing the
      session setup key not to be copied to the buffer unless this was the
      first session on the socket, and that made all but the first NTLMv2
      session setup fail.
      
      Fix this by removing the conditional and all of the commented clutter
      that made it difficult to see.
      
      Cc: Stable <stable@kernel.org>
      Reported-by: NGunther Deschner <gdeschne@redhat.com>
      Signed-off-by: NJeff Layton <jlayton@redhat.com>
      8a224d48
  24. 06 5月, 2010 1 次提交
  25. 28 4月, 2010 1 次提交
  26. 21 4月, 2010 1 次提交
    • J
      [CIFS] Neaten cERROR and cFYI macros, reduce text space · b6b38f70
      Joe Perches 提交于
      Neaten cERROR and cFYI macros, reduce text space
      ~2.5K
      
      Convert '__FILE__ ": " fmt' to '"%s: " fmt', __FILE__' to save text space
      Surround macros with do {} while
      Add parentheses to macros
      Make statement expression macro from macro with assign
      Remove now unnecessary parentheses from cFYI and cERROR uses
      
      defconfig with CIFS support old
      $ size fs/cifs/built-in.o
         text	   data	    bss	    dec	    hex	filename
       156012	   1760	    148	 157920	  268e0	fs/cifs/built-in.o
      
      defconfig with CIFS support old
      $ size fs/cifs/built-in.o
         text	   data	    bss	    dec	    hex	filename
       153508	   1760	    148	 155416	  25f18	fs/cifs/built-in.o
      
      allyesconfig old:
      $ size fs/cifs/built-in.o
         text	   data	    bss	    dec	    hex	filename
       309138	   3864	  74824	 387826	  5eaf2	fs/cifs/built-in.o
      
      allyesconfig new
      $ size fs/cifs/built-in.o
         text	   data	    bss	    dec	    hex	filename
       305655	   3864	  74824	 384343	  5dd57	fs/cifs/built-in.o
      Signed-off-by: NJoe Perches <joe@perches.com>
      Signed-off-by: NSteve French <sfrench@us.ibm.com>
      b6b38f70
  27. 30 3月, 2010 1 次提交
    • T
      include cleanup: Update gfp.h and slab.h includes to prepare for breaking... · 5a0e3ad6
      Tejun Heo 提交于
      include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h
      
      percpu.h is included by sched.h and module.h and thus ends up being
      included when building most .c files.  percpu.h includes slab.h which
      in turn includes gfp.h making everything defined by the two files
      universally available and complicating inclusion dependencies.
      
      percpu.h -> slab.h dependency is about to be removed.  Prepare for
      this change by updating users of gfp and slab facilities include those
      headers directly instead of assuming availability.  As this conversion
      needs to touch large number of source files, the following script is
      used as the basis of conversion.
      
        http://userweb.kernel.org/~tj/misc/slabh-sweep.py
      
      The script does the followings.
      
      * Scan files for gfp and slab usages and update includes such that
        only the necessary includes are there.  ie. if only gfp is used,
        gfp.h, if slab is used, slab.h.
      
      * When the script inserts a new include, it looks at the include
        blocks and try to put the new include such that its order conforms
        to its surrounding.  It's put in the include block which contains
        core kernel includes, in the same order that the rest are ordered -
        alphabetical, Christmas tree, rev-Xmas-tree or at the end if there
        doesn't seem to be any matching order.
      
      * If the script can't find a place to put a new include (mostly
        because the file doesn't have fitting include block), it prints out
        an error message indicating which .h file needs to be added to the
        file.
      
      The conversion was done in the following steps.
      
      1. The initial automatic conversion of all .c files updated slightly
         over 4000 files, deleting around 700 includes and adding ~480 gfp.h
         and ~3000 slab.h inclusions.  The script emitted errors for ~400
         files.
      
      2. Each error was manually checked.  Some didn't need the inclusion,
         some needed manual addition while adding it to implementation .h or
         embedding .c file was more appropriate for others.  This step added
         inclusions to around 150 files.
      
      3. The script was run again and the output was compared to the edits
         from #2 to make sure no file was left behind.
      
      4. Several build tests were done and a couple of problems were fixed.
         e.g. lib/decompress_*.c used malloc/free() wrappers around slab
         APIs requiring slab.h to be added manually.
      
      5. The script was run on all .h files but without automatically
         editing them as sprinkling gfp.h and slab.h inclusions around .h
         files could easily lead to inclusion dependency hell.  Most gfp.h
         inclusion directives were ignored as stuff from gfp.h was usually
         wildly available and often used in preprocessor macros.  Each
         slab.h inclusion directive was examined and added manually as
         necessary.
      
      6. percpu.h was updated not to include slab.h.
      
      7. Build test were done on the following configurations and failures
         were fixed.  CONFIG_GCOV_KERNEL was turned off for all tests (as my
         distributed build env didn't work with gcov compiles) and a few
         more options had to be turned off depending on archs to make things
         build (like ipr on powerpc/64 which failed due to missing writeq).
      
         * x86 and x86_64 UP and SMP allmodconfig and a custom test config.
         * powerpc and powerpc64 SMP allmodconfig
         * sparc and sparc64 SMP allmodconfig
         * ia64 SMP allmodconfig
         * s390 SMP allmodconfig
         * alpha SMP allmodconfig
         * um on x86_64 SMP allmodconfig
      
      8. percpu.h modifications were reverted so that it could be applied as
         a separate patch and serve as bisection point.
      
      Given the fact that I had only a couple of failures from tests on step
      6, I'm fairly confident about the coverage of this conversion patch.
      If there is a breakage, it's likely to be something in one of the arch
      headers which should be easily discoverable easily on most builds of
      the specific arch.
      Signed-off-by: NTejun Heo <tj@kernel.org>
      Guess-its-ok-by: NChristoph Lameter <cl@linux-foundation.org>
      Cc: Ingo Molnar <mingo@redhat.com>
      Cc: Lee Schermerhorn <Lee.Schermerhorn@hp.com>
      5a0e3ad6
  28. 06 2月, 2010 1 次提交
    • S
      [CIFS] Maximum username length check in session setup does not match · 301a6a31
      Steve French 提交于
      Fix length check reported by D. Binderman (see below)
      
      d binderman <dcb314@hotmail.com> wrote:
      >
      > I just ran the sourceforge tool cppcheck over the source code of the
      > new Linux kernel 2.6.33-rc6
      >
      > It said
      >
      > [./cifs/sess.c:250]: (error) Buffer access out-of-bounds
      
      May turn out to be harmless, but best to be safe. Note max
      username length is defined to 32 due to Linux (Windows
      maximum is 20).
      Signed-off-by: NSteve French <sfrench@us.ibm.com>
      301a6a31
  29. 25 6月, 2009 1 次提交