1. 06 5月, 2009 1 次提交
  2. 04 5月, 2009 1 次提交
    • S
      [CIFS] NTLMSSP reenabled after move from connect.c to sess.c · 0b3cc858
      Steve French 提交于
      The NTLMSSP code was removed from fs/cifs/connect.c and merged
      (75% smaller, cleaner) into fs/cifs/sess.c
      
      As with the old code it requires that cifs be built with
      CONFIG_CIFS_EXPERIMENTAL, the /proc/fs/cifs/Experimental flag
      must be set to 2, and mount must turn on extended security
      (e.g. with sec=krb5).
      
      Although NTLMSSP encapsulated in SPNEGO is not enabled yet,
      "raw" ntlmssp is common and useful in some cases since it
      offers more complete security negotiation, and is the
      default way of negotiating security for many Windows systems.
      SPNEGO encapsulated NTLMSSP will be able to reuse the same
      code.
      Signed-off-by: NSteve French <sfrench@us.ibm.com>
      0b3cc858
  3. 02 5月, 2009 1 次提交
  4. 01 5月, 2009 1 次提交
    • S
      [CIFS] rename cifs_strndup to cifs_strndup_from_ucs · d185cda7
      Steve French 提交于
      In most cases, cifs_strndup is converting from Unicode (UCS2 / UTF-32) to
      the configured local code page for the Linux mount (usually UTF8), so
      Jeff suggested that to make it more clear that cifs_strndup is doing
      a conversion not just memory allocation and copy, rename the function
      to including "from_ucs" (ie Unicode)
      Signed-off-by: NSteve French <sfrench@us.ibm.com>
      d185cda7
  5. 30 4月, 2009 1 次提交
  6. 17 4月, 2009 2 次提交
    • J
      cifs: add cFYI messages with some of the saved strings from ssetup/tcon · 313fecfa
      Jeff Layton 提交于
      ...to make it easier to find problems in this area in the future.
      Signed-off-by: NJeff Layton <jlayton@redhat.com>
      Signed-off-by: NSteve French <sfrench@us.ibm.com>
      313fecfa
    • J
      cifs: fix unicode string area word alignment in session setup · 27b87fe5
      Jeff Layton 提交于
      The handling of unicode string area alignment is wrong.
      decode_unicode_ssetup improperly assumes that it will always be preceded
      by a pad byte. This isn't the case if the string area is already
      word-aligned.
      
      This problem, combined with the bad buffer sizing for the serverDomain
      string can cause memory corruption. The bad alignment can make it so
      that the alignment of the characters is off. This can make them
      translate to characters that are greater than 2 bytes each. If this
      happens we can overflow the allocation.
      
      Fix this by fixing the alignment in CIFS_SessSetup instead so we can
      verify it against the head of the response. Also, clean up the
      workaround for improperly terminated strings by checking for a
      odd-length unicode buffers and then forcibly terminating them.
      
      Finally, resize the buffer for serverDomain. Now that we've fixed
      the alignment, it's probably fine, but a malicious server could
      overflow it.
      
      A better solution for handling these strings is still needed, but
      this should be a suitable bandaid.
      Signed-off-by: NJeff Layton <jlayton@redhat.com>
      CC: Stable <stable@vger.kernel.org>
      Signed-off-by: NSteve French <sfrench@us.ibm.com>
      27b87fe5
  7. 21 2月, 2009 2 次提交
    • S
      [CIFS] Fix multiuser mounts so server does not invalidate earlier security contexts · eca6acf9
      Steve French 提交于
      When two different users mount the same Windows 2003 Server share using CIFS,
      the first session mounted can be invalidated.  Some servers invalidate the first
      smb session when a second similar user (e.g. two users who get mapped by server to "guest")
      authenticates an smb session from the same client.
      
      By making sure that we set the 2nd and subsequent vc numbers to nonzero values,
      this ensures that we will not have this problem.
      
      Fixes Samba bug 6004, problem description follows:
      How to reproduce:
      
      - configure an "open share" (full permissions to Guest user) on Windows 2003
      Server (I couldn't reproduce the problem with Samba server or Windows older
      than 2003)
      - mount the share twice with different users who will be authenticated as guest.
      
       noacl,noperm,user=john,dir_mode=0700,domain=DOMAIN,rw
       noacl,noperm,user=jeff,dir_mode=0700,domain=DOMAIN,rw
      
      Result:
      
      - just the mount point mounted last is accessible:
      Signed-off-by: NSteve French <sfrench@us.ibm.com>
      eca6acf9
    • S
      [CIFS] Fix oops in cifs_strfromUCS_le mounting to servers which do not specify their OS · 69765529
      Steve French 提交于
      Fixes kernel bug #10451 http://bugzilla.kernel.org/show_bug.cgi?id=10451
      
      Certain NAS appliances do not set the operating system or network operating system
      fields in the session setup response on the wire.  cifs was oopsing on the unexpected
      zero length response fields (when trying to null terminate a zero length field).
      
      This fixes the oops.
      Acked-by: NJeff Layton <jlayton@redhat.com>
      CC: stable <stable@kernel.org>
      Signed-off-by: NSteve French <sfrench@us.ibm.com>
      69765529
  8. 26 12月, 2008 1 次提交
  9. 25 9月, 2008 1 次提交
    • J
      cifs: explicitly revoke SPNEGO key after session setup · dfd15c46
      Jeff Layton 提交于
      cifs: explicitly revoke SPNEGO key after session setup
      
      The SPNEGO blob returned by an upcall can only be used once. Explicitly
      revoke it to make sure that we never pick it up again after session
      setup exits.
      
      This doesn't seem to be that big an issue on more recent kernels, but
      older kernels seem to link keys into the session keyring by default.
      That said, explicitly revoking the key seems like a reasonable thing
      to do here.
      Signed-off-by: NJeff Layton <jlayton@redhat.com>
      Signed-off-by: NSteve French <sfrench@us.ibm.com>
      dfd15c46
  10. 28 8月, 2008 1 次提交
  11. 26 8月, 2008 1 次提交
  12. 20 8月, 2008 1 次提交
  13. 13 2月, 2008 1 次提交
  14. 31 12月, 2007 2 次提交
  15. 17 11月, 2007 1 次提交
  16. 14 11月, 2007 1 次提交
    • S
      [CIFS] Fix buffer overflow if server sends corrupt response to small · 133672ef
      Steve French 提交于
      request
      
      In SendReceive() function in transport.c - it memcpy's
      message payload into a buffer passed via out_buf param. The function
      assumes that all buffers are of size (CIFSMaxBufSize +
      MAX_CIFS_HDR_SIZE) , unfortunately it is also called with smaller
      (MAX_CIFS_SMALL_BUFFER_SIZE) buffers.  There are eight callers
      (SMB worker functions) which are primarily affected by this change:
      
      TreeDisconnect, uLogoff, Close, findClose, SetFileSize, SetFileTimes,
      Lock and PosixLock
      
      CC: Dave Kleikamp <shaggy@austin.ibm.com>
      CC: Przemyslaw Wegrzyn <czajnik@czajsoft.pl>
      Acked-by: NJeff Layton <jlayton@redhat.com>
      Signed-off-by: NSteve French <sfrench@us.ibm.com>
      133672ef
  17. 19 10月, 2007 1 次提交
  18. 17 10月, 2007 1 次提交
  19. 31 8月, 2007 1 次提交
  20. 18 8月, 2007 1 次提交
  21. 18 7月, 2007 1 次提交
  22. 13 7月, 2007 1 次提交
  23. 09 7月, 2007 1 次提交
  24. 08 7月, 2007 2 次提交
  25. 22 1月, 2007 1 次提交
  26. 09 11月, 2006 1 次提交
    • S
      [CIFS] Fix mount failure when domain not specified · 6e659c63
      Steve French 提交于
          Fixes Samba bugzilla #4176
      
          When users do not specify their domain on mount, 2.6.18 started sending
          default domain instead of a null domain (which was the only way on some
          servers to use a default domain).  Users of 2.6.18 who did not specify
          their domain name on mounts to certain common Windows servers that were
          members of a domain, but not the domain controller, would get mount
          failures which they did not get in 2.6.18
      
          This fixes that issue and should remove complaints about mount
          behavior changing.
      Signed-off-by: NSteve French <sfrench@us.ibm.com>
      6e659c63
  27. 02 10月, 2006 1 次提交
    • S
      [PATCH] namespaces: utsname: use init_utsname when appropriate · 96b644bd
      Serge E. Hallyn 提交于
      In some places, particularly drivers and __init code, the init utsns is the
      appropriate one to use.  This patch replaces those with a the init_utsname
      helper.
      
      Changes: Removed several uses of init_utsname().  Hope I picked all the
      	right ones in net/ipv4/ipconfig.c.  These are now changed to
      	utsname() (the per-process namespace utsname) in the previous
      	patch (2/7)
      
      [akpm@osdl.org: CIFS fix]
      Signed-off-by: NSerge E. Hallyn <serue@us.ibm.com>
      Cc: Kirill Korotaev <dev@openvz.org>
      Cc: "Eric W. Biederman" <ebiederm@xmission.com>
      Cc: Herbert Poetzl <herbert@13thfloor.at>
      Cc: Andrey Savochkin <saw@sw.ru>
      Cc: Serge Hallyn <serue@us.ibm.com>
      Signed-off-by: NAndrew Morton <akpm@osdl.org>
      Signed-off-by: NLinus Torvalds <torvalds@osdl.org>
      96b644bd
  28. 30 9月, 2006 1 次提交
    • S
      [CIFS] Do not send newer QFSInfo to legacy servers which can not support it · 9ac00b7d
      Steve French 提交于
      Fix dialect negotiation to save off when we have negotiated lanman.
      This allows us to avoid sending some somewhat newer requests that the server
      can not handle and go directly to the older version (infolevel) of the same
      call. Make sure we try to negotiate a level which allows us to get the
      server OS (which we check so we can detect Win9x vs. other legacy servers
      and eventually work around the Win9x DOS time bug (they reverse date/time
      fields).
      Signed-off-by: NSteve French <sfrench@us.ibm.com>
      9ac00b7d
  29. 15 8月, 2006 1 次提交
  30. 28 6月, 2006 2 次提交
  31. 27 6月, 2006 1 次提交
  32. 23 6月, 2006 1 次提交
  33. 08 6月, 2006 1 次提交
    • S
      [CIFS] NTLMv2 support part 5 · 1717ffc5
      Steve French 提交于
      NTLMv2 authentication (stronger authentication than default NTLM) which
      many servers support now works.  There was a problem with the construction
      of the security blob in the older code.  Currently requires
      	/proc/fs/cifs/Experimental to be set to 2
      and
      	/proc/fs/cifs/SecurityFlags to be set to 0x4004 (to require using
      	NTLMv2 instead of default of NTLM)
      
      Next we will check signing to make sure optional NTLMv2 packet signing also
      works.
      Signed-off-by: NSteve French <sfrench@us.ibm.com>
      1717ffc5
  34. 06 6月, 2006 1 次提交
  35. 05 6月, 2006 1 次提交