24 Aug, 2020
1 commit
-
Replace the existing /* fall through */ comments and its variants with
the new pseudo-keyword macro fallthrough[1]. Also, remove unnecessary
fall-through markings when it is the case.[1] https://www.kernel.org/doc/html/v5.7/process/deprecated.html?highlight=fallthrough#implicit-switch-case-fall-through
Signed-off-by: Gustavo A. R. Silva
03 Aug, 2020
2 commits
-
Convert cpu_to_be32(be32_to_cpu(E1) + E2) to use be32_add_cpu().
Signed-off-by: Qinglang Miao
Signed-off-by: Steve French -
Remove the superfuous break, as there is a 'return' before it.
Signed-off-by: Liao Pingfang
Signed-off-by: Yi Wang
Signed-off-by: Steve French
05 Jun, 2020
2 commits
-
first steps in trying to make channels properly reconnect.
* add cifs_ses_find_chan() function to find the enclosing cifs_chan
struct it belongs to
* while we have the session lock and are redoing negprot and
sess.setup in smb2_reconnect() redo the binding of channels.Signed-off-by: Aurelien Aptel
Signed-off-by: Steve French -
Add a cifs_chan pointer in struct cifs_ses that points to the channel
currently being bound if ses->binding is true.Previously it was always the channel past the established count.
This will make reconnecting (and rebinding) a channel easier later on.
Signed-off-by: Aurelien Aptel
Signed-off-by: Steve French
02 Jun, 2020
1 commit
-
Fix four minor typos in comments and log messages
Signed-off-by: Steve French
Reviewed-by: Aurelien Aptel
01 Jun, 2020
1 commit
-
Use pr_fmt to standardize all logging for fs/cifs.
Some logging output had no CIFS: specific prefix.
Now all output has one of three prefixes:
o CIFS:
o CIFS: VFS:
o Root-CIFS:Miscellanea:
o Convert printks to pr_
o Neaten macro definitions
o Remove embedded CIFS: prefixes from formats
o Convert "illegal" to "invalid"
o Coalesce formats
o Add missing '\n' format terminations
o Consolidate multiple cifs_dbg continuations into single calls
o More consistent use of upper case first word output logging
o Multiline statement argument alignment and wrappingSigned-off-by: Joe Perches
Signed-off-by: Steve French
06 Feb, 2020
1 commit
-
When no interfaces are returned by the server we cannot open multiple
channels. Make it more obvious by reporting that to the user at the
VFS log level.Signed-off-by: Aurelien Aptel
Signed-off-by: Steve French
05 Dec, 2019
2 commits
-
iface[0] was accessed regardless of the count value and without
locking.* check count before accessing any ifaces
* make copy of iface list (it's a simple POD array) and use it without
locking.Signed-off-by: Aurelien Aptel
Signed-off-by: Steve French
Reviewed-by: Paulo Alcantara (SUSE) -
With the addition of SMB session channels, we introduced new TCP
server pointers that have no sessions or tcons associated with them.In this case, when we started looking for TCP connections, we might
end up picking session channel rather than the master connection,
hence failing to get either a session or a tcon.In order to fix that, this patch introduces a new "is_channel" field
to TCP_Server_Info structure so we can skip session channels during
lookup of connections.Signed-off-by: Paulo Alcantara (SUSE)
Reviewed-by: Aurelien Aptel
Signed-off-by: Steve French
25 Nov, 2019
3 commits
-
Previously we would only loop over the iface list once.
This patch tries to loop over multiple times until all channels are
opened. It will also try to reuse RSS ifaces.Signed-off-by: Aurelien Aptel
Signed-off-by: Steve French -
After doing mount() successfully we call cifs_try_adding_channels()
which will open as many channels as it can.Channels are closed when the master session is closed.
The master connection becomes the first channel.
,-------------> global cifs_tcp_ses_list
Signed-off-by: Steve French -
Currently a lot of the code to initialize a connection & session uses
the cifs_ses as input. But depending on if we are opening a new session
or a new channel we need to use different server pointers.Add a "binding" flag in cifs_ses and a helper function that returns
the server ptr a session should use (only in the sess establishment
code path).Signed-off-by: Aurelien Aptel
Signed-off-by: Steve French
24 Sep, 2019
1 commit
-
Fixes gcc '-Wunused-but-set-variable' warning:
fs/cifs/sess.c: In function sess_auth_lanman:
fs/cifs/sess.c:910:8: warning: variable capabilities set but not used [-Wunused-but-set-variable]Reported-by: Hulk Robot
Signed-off-by: zhengbin
Signed-off-by: Steve French
28 Aug, 2019
1 commit
-
Using strscpy is cleaner, and avoids some problems with
handling maximum length strings. Linus noticed the
original problem and Aurelien pointed out some additional
problems. Fortunately most of this is SMB1 code (and
in particular the ASCII string handling older, which
is less common).Reported-by: Linus Torvalds
Reviewed-by: Aurelien Aptel
Signed-off-by: Ronnie Sahlberg
Signed-off-by: Steve French
24 Dec, 2018
2 commits
-
Fixes gcc '-Wunused-but-set-variable' warning:
fs/cifs/sess.c: In function '_sess_auth_rawntlmssp_assemble_req':
fs/cifs/sess.c:1157:18: warning:
variable 'smb_buf' set but not used [-Wunused-but-set-variable]It never used since commit cc87c47d9d7a ("cifs: Separate rawntlmssp auth
from CIFS_SessSetup()")Signed-off-by: YueHaibing
Signed-off-by: Steve French -
To avoid the warning:
warning: this statement may fall through [-Wimplicit-fallthrough=]
Signed-off-by: Gustavo A. R. Silva
Reviewed-by: Stephen Rothwell
Signed-off-by: Steve French
24 Aug, 2018
1 commit
-
The kmalloc was not being checked - if it fails issue a warning
and return -ENOMEM to the caller.Signed-off-by: Nicholas Mc Guire
Fixes: b8da344b74c8 ("cifs: dynamic allocation of ntlmssp blob")
Signed-off-by: Steve French
Reviewed-by: Pavel Shilovsky
cc: Stable `
03 Mar, 2017
1 commit
-
If the security type specified using a mount option is not supported,
the SMB2 session setup code changes the security type to RawNTLMSSP. We
should instead fail the mount and return an error.The patch changes the code for SMB2 to make it similar to the code used
for SMB1. Like in SMB1, we now use the global security flags to select
the security method to be used when no security method is specified and
to return an error when the requested auth method is not available.For SMB2, we also use ntlmv2 as a synonym for nltmssp.
Signed-off-by: Sachin Prabhu
Acked-by: Pavel Shilovsky
Acked-by: Jeff Layton
Signed-off-by: Steve French
02 Feb, 2017
2 commits
-
In order to allow encryption on SMB connection we need to exchange
a session key and generate encryption and decryption keys.Signed-off-by: Pavel Shilovsky
-
Now SendReceive2 frees the first iov and returns a response buffer
in it that increases a code complexity. Simplify this by making
a caller responsible for freeing request buffer itself and returning
a response buffer in a separate iov.Signed-off-by: Pavel Shilovsky
24 Jun, 2016
3 commits
-
calc_lanman_hash() could return -ENOMEM or other errors, we should check
that everything went fine before using the calculated key.Signed-off-by: Luis de Bethencourt
Signed-off-by: Steve French -
In sess_auth_rawntlmssp_authenticate(), the ntlmssp blob is allocated
statically and its size is an "empirical" 5*sizeof(struct
_AUTHENTICATE_MESSAGE) (320B on x86_64). I don't know where this value
comes from or if it was ever appropriate, but it is currently
insufficient: the user and domain name in UTF16 could take 1kB by
themselves. Because of that, build_ntlmssp_auth_blob() might corrupt
memory (out-of-bounds write). The size of ntlmssp_blob in
SMB2_sess_setup() is too small too (sizeof(struct _NEGOTIATE_MESSAGE)
+ 500).This patch allocates the blob dynamically in
build_ntlmssp_auth_blob().Signed-off-by: Jerome Marchand
Signed-off-by: Steve French
CC: Stable -
Currently in build_ntlmssp_auth_blob(), when converting the domain
name to UTF16, CIFS_MAX_USERNAME_LEN limit is used. It should be
CIFS_MAX_DOMAINNAME_LEN. This patch fixes this.Signed-off-by: Jerome Marchand
Signed-off-by: Steve French
18 May, 2016
4 commits
-
Only server which map unknown users to guest will allow
access using a non-null NTLMv2_Response.For Samba it's the "map to guest = bad user" option.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11913
Signed-off-by: Stefan Metzmacher
CC: Stable
Signed-off-by: Steve French -
Only server which map unknown users to guest will allow
access using a non-null NTChallengeResponse.For Samba it's the "map to guest = bad user" option.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11913
Signed-off-by: Stefan Metzmacher
CC: Stable
Signed-off-by: Steve French -
Only server which map unknown users to guest will allow
access using a non-null LMChallengeResponse.For Samba it's the "map to guest = bad user" option.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11913
Signed-off-by: Stefan Metzmacher
CC: Stable
Signed-off-by: Steve French -
See [MS-NLMP] 3.2.5.1.2 Server Receives an AUTHENTICATE_MESSAGE from the Client:
...
Set NullSession to FALSE
If (AUTHENTICATE_MESSAGE.UserNameLen == 0 AND
AUTHENTICATE_MESSAGE.NtChallengeResponse.Length == 0 AND
(AUTHENTICATE_MESSAGE.LmChallengeResponse == Z(1)
OR
AUTHENTICATE_MESSAGE.LmChallengeResponse.Length == 0))
-- Special case: client requested anonymous authentication
Set NullSession to TRUE
...Only server which map unknown users to guest will allow
access using a non-null NTChallengeResponse.For Samba it's the "map to guest = bad user" option.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11913
CC: Stable
Signed-off-by: Stefan Metzmacher
Signed-off-by: Steve French
21 Oct, 2015
1 commit
-
Merge the type-specific data with the payload data into one four-word chunk
as it seems pointless to keep them separate.Use user_key_payload() for accessing the payloads of overloaded
user-defined keys.Signed-off-by: David Howells
cc: linux-cifs@vger.kernel.org
cc: ecryptfs@vger.kernel.org
cc: linux-ext4@vger.kernel.org
cc: linux-f2fs-devel@lists.sourceforge.net
cc: linux-nfs@vger.kernel.org
cc: ceph-devel@vger.kernel.org
cc: linux-ima-devel@lists.sourceforge.net
11 Dec, 2014
2 commits
-
Merge first patchbomb from Andrew Morton:
- a few minor cifs fixes
- dma-debug upadtes
- ocfs2
- slab
- about half of MM
- procfs
- kernel/exit.c
- panic.c tweaks
- printk upates
- lib/ updates
- checkpatch updates
- fs/binfmt updates
- the drivers/rtc tree
- nilfs
- kmod fixes
- more kernel/exit.c
- various other misc tweaks and fixes* emailed patches from Andrew Morton : (190 commits)
exit: pidns: fix/update the comments in zap_pid_ns_processes()
exit: pidns: alloc_pid() leaks pid_namespace if child_reaper is exiting
exit: exit_notify: re-use "dead" list to autoreap current
exit: reparent: call forget_original_parent() under tasklist_lock
exit: reparent: avoid find_new_reaper() if no children
exit: reparent: introduce find_alive_thread()
exit: reparent: introduce find_child_reaper()
exit: reparent: document the ->has_child_subreaper checks
exit: reparent: s/while_each_thread/for_each_thread/ in find_new_reaper()
exit: reparent: fix the cross-namespace PR_SET_CHILD_SUBREAPER reparenting
exit: reparent: fix the dead-parent PR_SET_CHILD_SUBREAPER reparenting
exit: proc: don't try to flush /proc/tgid/task/tgid
exit: release_task: fix the comment about group leader accounting
exit: wait: drop tasklist_lock before psig->c* accounting
exit: wait: don't use zombie->real_parent
exit: wait: cleanup the ptrace_reparented() checks
usermodehelper: kill the kmod_thread_locker logic
usermodehelper: don't use CLONE_VFORK for ____call_usermodehelper()
fs/hfs/catalog.c: fix comparison bug in hfs_cat_keycmp
nilfs2: fix the nilfs_iget() vs. nilfs_new_inode() races
... -
Replace all __constant_foo to foo() except in smb2status.h (1700 lines to
update).Signed-off-by: Fabian Frederick
Cc: Steve French
Cc: Jeff Layton
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
08 Dec, 2014
1 commit
-
A user complained that they were unable to login to their cifs share
after a kernel update. From the wiretrace we can see that the server
returns different UIDs as response to NTLMSSP_NEGOTIATE and NTLMSSP_AUTH
phases.With changes in the authentication code, we no longer set the
cifs_sess->Suid returned in response to the NTLM_AUTH phase and continue
to use the UID sent in response to the NTLMSSP_NEGOTIATE phase. This
results in the server denying access to the user when the user attempts
to do a tcon connect.See https://bugzilla.redhat.com/show_bug.cgi?id=1163927
A test kernel containing patch was tested successfully by the user.
Signed-off-by: Sachin Prabhu
Signed-off-by: Steve French
16 Sep, 2014
1 commit
-
cifs provides two dummy functions 'sess_auth_lanman' and
'sess_auth_kerberos' for the case in which the respective
features are not defined. However, the caller is also under
an #ifdef, so we just get warnings about unused code:fs/cifs/sess.c:1109:1: warning: 'sess_auth_kerberos' defined but not used [-Wunused-function]
sess_auth_kerberos(struct sess_data *sess_data)Removing the dead functions gets rid of the warnings without
any downsides that I can see.(Yalin Wang reported the identical problem and fix so added him)
Signed-off-by: Arnd Bergmann
Signed-off-by: Yalin Wang
Signed-off-by: Steve French
22 Aug, 2014
1 commit
-
When kzalloc fails, we will end up doing NULL pointer derefrence
Signed-off-by: Namjae Jeon
Signed-off-by: Ashish Sangwan
Signed-off-by: Steve French
02 Aug, 2014
1 commit
-
The recent session setup patch set
(cifs-Separate-rawntlmssp-auth-from-CIFS_SessSetup.patch)
had introduced a trivial sparse build warning.Signed-off-by: Steve French
Cc: Sachin Prabhu
01 Aug, 2014
4 commits
-
Separate rawntlmssp authentication from CIFS_SessSetup(). Also cleanup
CIFS_SessSetup() since we no longer do any auth within it.Signed-off-by: Sachin Prabhu
Reviewed-by: Shirish Pargaonkar
Signed-off-by: Steve French -
Signed-off-by: Sachin Prabhu
Reviewed-by: Shirish Pargaonkar
Signed-off-by: Steve French -
Signed-off-by: Sachin Prabhu
Reviewed-by: Shirish Pargaonkar
Signed-off-by: Steve French -
In preparation for splitting CIFS_SessSetup() into smaller more
manageable chunks, we first add helper functions.We then proceed to split out lanman auth out of CIFS_SessSetup()
Signed-off-by: Sachin Prabhu
Reviewed-by: Shirish Pargaonkar
Signed-off-by: Steve French
07 Oct, 2013
1 commit
-
This allows users to use LANMAN authentication on servers which support
unencapsulated authentication.The patch fixes a regression where users using plaintext authentication
were no longer able to do so because of changed bought in by patch
3f618223dc0bdcbc8d510350e78ee2195ff93768https://bugzilla.redhat.com/show_bug.cgi?id=1011621
Reported-by: Panos Kavalagios
Reviewed-by: Jeff Layton
Signed-off-by: Sachin Prabhu
Signed-off-by: Steve French