- 06 5月, 2009 1 次提交
-
-
由 Steve French 提交于
We were not setting the SMB uid in NTLMSSP authenticate request which could lead to INVALID_PARAMETER error on 2nd session setup. Signed-off-by: NSteve French <sfrench@us.ibm.com>
-
- 04 5月, 2009 1 次提交
-
-
由 Steve French 提交于
The NTLMSSP code was removed from fs/cifs/connect.c and merged (75% smaller, cleaner) into fs/cifs/sess.c As with the old code it requires that cifs be built with CONFIG_CIFS_EXPERIMENTAL, the /proc/fs/cifs/Experimental flag must be set to 2, and mount must turn on extended security (e.g. with sec=krb5). Although NTLMSSP encapsulated in SPNEGO is not enabled yet, "raw" ntlmssp is common and useful in some cases since it offers more complete security negotiation, and is the default way of negotiating security for many Windows systems. SPNEGO encapsulated NTLMSSP will be able to reuse the same code. Signed-off-by: NSteve French <sfrench@us.ibm.com>
-
- 02 5月, 2009 1 次提交
-
-
由 Steve French 提交于
When multiply mounting from the same client to the same server, with different userids, we create a vcnum which should be unique if possible (this is not the same as the smb uid, which is the handle to the security context). We were not endian converting additional (beyond the first which is zero) vcnum properly. CC: Stable <stable@kernel.org> Acked-by: NShirish Pargaonkar <shirishp@us.ibm.com> Acked-by: NJeff Layton <jlayton@redhat.com> Signed-off-by: NSteve French <sfrench@us.ibm.com>
-
- 01 5月, 2009 1 次提交
-
-
由 Steve French 提交于
In most cases, cifs_strndup is converting from Unicode (UCS2 / UTF-32) to the configured local code page for the Linux mount (usually UTF8), so Jeff suggested that to make it more clear that cifs_strndup is doing a conversion not just memory allocation and copy, rename the function to including "from_ucs" (ie Unicode) Signed-off-by: NSteve French <sfrench@us.ibm.com>
-
- 30 4月, 2009 1 次提交
-
-
由 Jeff Layton 提交于
...and change decode_unicode_ssetup to be a void function. It never returns an actual error anyway. Signed-off-by: NJeff Layton <jlayton@redhat.com> Acked-by: NSuresh Jayaraman <sjayaraman@suse.de> Signed-off-by: NSteve French <sfrench@us.ibm.com>
-
- 17 4月, 2009 2 次提交
-
-
由 Jeff Layton 提交于
...to make it easier to find problems in this area in the future. Signed-off-by: NJeff Layton <jlayton@redhat.com> Signed-off-by: NSteve French <sfrench@us.ibm.com>
-
由 Jeff Layton 提交于
The handling of unicode string area alignment is wrong. decode_unicode_ssetup improperly assumes that it will always be preceded by a pad byte. This isn't the case if the string area is already word-aligned. This problem, combined with the bad buffer sizing for the serverDomain string can cause memory corruption. The bad alignment can make it so that the alignment of the characters is off. This can make them translate to characters that are greater than 2 bytes each. If this happens we can overflow the allocation. Fix this by fixing the alignment in CIFS_SessSetup instead so we can verify it against the head of the response. Also, clean up the workaround for improperly terminated strings by checking for a odd-length unicode buffers and then forcibly terminating them. Finally, resize the buffer for serverDomain. Now that we've fixed the alignment, it's probably fine, but a malicious server could overflow it. A better solution for handling these strings is still needed, but this should be a suitable bandaid. Signed-off-by: NJeff Layton <jlayton@redhat.com> CC: Stable <stable@vger.kernel.org> Signed-off-by: NSteve French <sfrench@us.ibm.com>
-
- 21 2月, 2009 2 次提交
-
-
由 Steve French 提交于
When two different users mount the same Windows 2003 Server share using CIFS, the first session mounted can be invalidated. Some servers invalidate the first smb session when a second similar user (e.g. two users who get mapped by server to "guest") authenticates an smb session from the same client. By making sure that we set the 2nd and subsequent vc numbers to nonzero values, this ensures that we will not have this problem. Fixes Samba bug 6004, problem description follows: How to reproduce: - configure an "open share" (full permissions to Guest user) on Windows 2003 Server (I couldn't reproduce the problem with Samba server or Windows older than 2003) - mount the share twice with different users who will be authenticated as guest. noacl,noperm,user=john,dir_mode=0700,domain=DOMAIN,rw noacl,noperm,user=jeff,dir_mode=0700,domain=DOMAIN,rw Result: - just the mount point mounted last is accessible: Signed-off-by: NSteve French <sfrench@us.ibm.com>
-
由 Steve French 提交于
Fixes kernel bug #10451 http://bugzilla.kernel.org/show_bug.cgi?id=10451 Certain NAS appliances do not set the operating system or network operating system fields in the session setup response on the wire. cifs was oopsing on the unexpected zero length response fields (when trying to null terminate a zero length field). This fixes the oops. Acked-by: NJeff Layton <jlayton@redhat.com> CC: stable <stable@kernel.org> Signed-off-by: NSteve French <sfrench@us.ibm.com>
-
- 26 12月, 2008 1 次提交
-
-
由 Jeff Layton 提交于
cifs: have calc_lanman_hash take more granular args We need to use this routine to encrypt passwords associated with the tcon too. Don't assume that the password will be attached to the smb_session. Also, make some of the values in the lower encryption functions const since they aren't changed. Signed-off-by: NJeff Layton <jlayton@redhat.com> Signed-off-by: NSteve French <sfrench@us.ibm.com>
-
- 25 9月, 2008 1 次提交
-
-
由 Jeff Layton 提交于
cifs: explicitly revoke SPNEGO key after session setup The SPNEGO blob returned by an upcall can only be used once. Explicitly revoke it to make sure that we never pick it up again after session setup exits. This doesn't seem to be that big an issue on more recent kernels, but older kernels seem to link keys into the session keyring by default. That said, explicitly revoking the key seems like a reasonable thing to do here. Signed-off-by: NJeff Layton <jlayton@redhat.com> Signed-off-by: NSteve French <sfrench@us.ibm.com>
-
- 28 8月, 2008 1 次提交
-
-
由 Steve French 提交于
LANMAN session setup did not support Unicode (after session setup, unicode can still be used though). Fixes samba bug# 5319 CC: Jeff Layton <jlayton@redhat.com> CC: Stable Kernel <stable@vger.kernel.org> Signed-off-by: NSteve French <sfrench@us.ibm.com>
-
- 26 8月, 2008 1 次提交
-
-
由 Steve French 提交于
Currently, we don't check the version in the SPNEGO upcall response even though one is provided. Jeff and Q have made the corresponding change to the Samba client (cifs.upcall). Acked-by: NJeff Layton <jlayton@redhat.com> Signed-off-by: NSteve French <sfrench@us.ibm.com>
-
- 20 8月, 2008 1 次提交
-
-
由 Steve French 提交于
Properly handle MSKRB5 by passing sec=mskrb5 to the upcall so that the spengo blob can be generated appropriately. Also, make decode_negTokenInit prefer whichever mechanism is first in the list. Needed for some NetApp servers, and possibly some older versions of Windows which treat the two KRB5 mechanisms differently. Signed-off-by: NJeff Layton <jlayton@redhat.com> Signed-off-by: NSteve French <sfrench@us.ibm.com>
-
- 13 2月, 2008 1 次提交
-
-
由 Steve French 提交于
Christoph had noticed too many ifdefs in the CIFS code making it hard to read. This patch removes about a quarter of them from the C files in cifs by improving a few key ifdefs in the .h files. Signed-off-by: NSteve French <sfrench@us.ibm.com>
-
- 31 12月, 2007 2 次提交
-
-
由 Jeff Layton 提交于
Unicode strings need to be word aligned, but the code that handles that is currently not taking the length of the SPNEGO blob into account. Fix it to do so. Signed-off-by: NJeff Layton <jlayton@tupile.poochiereds.net> Signed-off-by: NSteve French <sfrench@us.ibm.com>
-
由 Jeff Layton 提交于
Currently, any new kerberos SMB session overwrites the server's session key. The session key should only be set by the first SMB session set up on the socket. Signed-off-by: NJeff Layton <jlayton@tupile.poochiereds.net> Signed-off-by: NSteve French <sfrench@us.ibm.com>
-
- 17 11月, 2007 1 次提交
-
-
由 Steve French 提交于
Have CIFS_SessSetup call cifs_get_spnego_key when Kerberos is negotiated. Use the info in the key payload to build a session setup request packet. Also clean up how the request buffer in the function is freed on error. With appropriate user space helper (in samba/source/client). Kerberos support (secure session establishment can be done now via Kerberos, previously users would have to use NTLMv2 instead for more secure session setup). Signed-off-by: NJeff Layton <jlayton@redhat.com> Signed-off-by: NSteve French <sfrench@us.ibm.com>
-
- 14 11月, 2007 1 次提交
-
-
由 Steve French 提交于
request In SendReceive() function in transport.c - it memcpy's message payload into a buffer passed via out_buf param. The function assumes that all buffers are of size (CIFSMaxBufSize + MAX_CIFS_HDR_SIZE) , unfortunately it is also called with smaller (MAX_CIFS_SMALL_BUFFER_SIZE) buffers. There are eight callers (SMB worker functions) which are primarily affected by this change: TreeDisconnect, uLogoff, Close, findClose, SetFileSize, SetFileTimes, Lock and PosixLock CC: Dave Kleikamp <shaggy@austin.ibm.com> CC: Przemyslaw Wegrzyn <czajnik@czajsoft.pl> Acked-by: NJeff Layton <jlayton@redhat.com> Signed-off-by: NSteve French <sfrench@us.ibm.com>
-
- 19 10月, 2007 1 次提交
-
-
由 Steve French 提交于
Also returns more accurate errors to mount for the cases of account expired and password expired Acked-by: NJeff Layton <jlayton@redhat.com> Signed-off-by: NSteve French <sfrench@us.ibm.com>
-
- 17 10月, 2007 1 次提交
-
-
由 Jeff Layton 提交于
SPNEGO setup needs only some of these strings. Break up unicode_ssetup_strings so we can call them individually. Signed-off-by: NJeff Layton <jlayton@redhat.com> Signed-off-by: NSteve French <sfrench@us.ibm.com>
-
- 31 8月, 2007 1 次提交
-
-
由 Steve French 提交于
Signed-off-by: NSteve French <sfrench@us.ibm.com>
-
- 18 8月, 2007 1 次提交
-
-
由 Cyrill Gorcunov 提交于
Signed-off-by: NCyrill Gorcunov <gorcunov@gmail.com> Signed-off-by: NSteve French <sfrench@us.ibm.com>
-
- 18 7月, 2007 1 次提交
-
-
由 Steve French 提交于
Signed-off-by: NSteve French <sfrench@us.ibm.com>
-
- 13 7月, 2007 1 次提交
-
-
由 Steve French 提交于
This should be the last big batch of whitespace/formatting fixes. checkpatch warnings for the cifs directory are down about 90% and many of the remaining ones are harder to remove or make the code harder to read. Signed-off-by: NSteve French <sfrench@us.ibm.com>
-
- 09 7月, 2007 1 次提交
-
-
由 Steve French 提交于
Signed-off-by: NYehuda Sadeh Weinraub <Yehuda.Sadeh@expand.com> Signed-off-by: NSteve French <sfrench@us.ibm.com>
-
- 08 7月, 2007 2 次提交
-
-
由 Steve French 提交于
Signed-off-by: NSteve French <sfrench@us.ibm.com>
-
由 Steve French 提交于
Signed-off-by: NSteve French <sfrench@us.ibm.com>
-
- 22 1月, 2007 1 次提交
-
-
由 Steve French 提交于
Fixes RedHat bug 211672 Windows sends one byte (instead of two) of null to terminate final Unicode string (domain name) in session setup response in some cases - this caused cifs to misalign some informational strings (making it hard to convert from UCS16 to UTF8). Thanks to Shaggy for his help and Akemi Yagi for debugging/testing Signed-off-by: NShirish Pargaonkar <shirishp@us.ibm.com> Signed-off-by: NSteve French <sfrench@us.ibm.com>
-
- 09 11月, 2006 1 次提交
-
-
由 Steve French 提交于
Fixes Samba bugzilla #4176 When users do not specify their domain on mount, 2.6.18 started sending default domain instead of a null domain (which was the only way on some servers to use a default domain). Users of 2.6.18 who did not specify their domain name on mounts to certain common Windows servers that were members of a domain, but not the domain controller, would get mount failures which they did not get in 2.6.18 This fixes that issue and should remove complaints about mount behavior changing. Signed-off-by: NSteve French <sfrench@us.ibm.com>
-
- 02 10月, 2006 1 次提交
-
-
由 Serge E. Hallyn 提交于
In some places, particularly drivers and __init code, the init utsns is the appropriate one to use. This patch replaces those with a the init_utsname helper. Changes: Removed several uses of init_utsname(). Hope I picked all the right ones in net/ipv4/ipconfig.c. These are now changed to utsname() (the per-process namespace utsname) in the previous patch (2/7) [akpm@osdl.org: CIFS fix] Signed-off-by: NSerge E. Hallyn <serue@us.ibm.com> Cc: Kirill Korotaev <dev@openvz.org> Cc: "Eric W. Biederman" <ebiederm@xmission.com> Cc: Herbert Poetzl <herbert@13thfloor.at> Cc: Andrey Savochkin <saw@sw.ru> Cc: Serge Hallyn <serue@us.ibm.com> Signed-off-by: NAndrew Morton <akpm@osdl.org> Signed-off-by: NLinus Torvalds <torvalds@osdl.org>
-
- 30 9月, 2006 1 次提交
-
-
由 Steve French 提交于
Fix dialect negotiation to save off when we have negotiated lanman. This allows us to avoid sending some somewhat newer requests that the server can not handle and go directly to the older version (infolevel) of the same call. Make sure we try to negotiate a level which allows us to get the server OS (which we check so we can detect Win9x vs. other legacy servers and eventually work around the Win9x DOS time bug (they reverse date/time fields). Signed-off-by: NSteve French <sfrench@us.ibm.com>
-
- 15 8月, 2006 1 次提交
-
-
由 Steve French 提交于
le16 compared to host-endian constant u8 fed to le32_to_cpu() le16 compared to host-endian constant Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk> Signed-off-by: NSteve French <sfrench@us.ibm.com>
-
- 28 6月, 2006 2 次提交
-
-
由 Steve French 提交于
user specifies it is required or turns of ntlm Signed-off-by: NSteve French <sfrench@us.ibm.com>
-
由 Steve French 提交于
Signed-off-by: NSteve French <sfrench@us.ibm.com>
-
- 27 6月, 2006 1 次提交
-
-
由 Steve French 提交于
longer user and domain names and allow passing sec options on mount Signed-off-by: NSteve French <sfrench@us.ibm.com>
-
- 23 6月, 2006 1 次提交
-
-
由 Steve French 提交于
Signed-off-by: NSteve French <sfrench@us.ibm.com>
-
- 08 6月, 2006 1 次提交
-
-
由 Steve French 提交于
NTLMv2 authentication (stronger authentication than default NTLM) which many servers support now works. There was a problem with the construction of the security blob in the older code. Currently requires /proc/fs/cifs/Experimental to be set to 2 and /proc/fs/cifs/SecurityFlags to be set to 0x4004 (to require using NTLMv2 instead of default of NTLM) Next we will check signing to make sure optional NTLMv2 packet signing also works. Signed-off-by: NSteve French <sfrench@us.ibm.com>
-
- 06 6月, 2006 1 次提交
-
-
由 Steve French 提交于
Response struct filled in exacty for 16 byte hash which we need to check more to make sure it works. Signed-off-by: NSteve French <sfrench@us.ibm.com>
-
- 05 6月, 2006 1 次提交
-
-
由 Steve French 提交于
Still need to fill in response structure and check that hash works Signed-off-by: NSteve French <sfrench@us.ibm.com>
-