24 Aug, 2018
1 commit
-
The kmalloc was not being checked - if it fails issue a warning
and return -ENOMEM to the caller.Signed-off-by: Nicholas Mc Guire
Fixes: b8da344b74c8 ("cifs: dynamic allocation of ntlmssp blob")
Signed-off-by: Steve French
Reviewed-by: Pavel Shilovsky
cc: Stable `
03 Mar, 2017
1 commit
-
If the security type specified using a mount option is not supported,
the SMB2 session setup code changes the security type to RawNTLMSSP. We
should instead fail the mount and return an error.The patch changes the code for SMB2 to make it similar to the code used
for SMB1. Like in SMB1, we now use the global security flags to select
the security method to be used when no security method is specified and
to return an error when the requested auth method is not available.For SMB2, we also use ntlmv2 as a synonym for nltmssp.
Signed-off-by: Sachin Prabhu
Acked-by: Pavel Shilovsky
Acked-by: Jeff Layton
Signed-off-by: Steve French
02 Feb, 2017
2 commits
-
In order to allow encryption on SMB connection we need to exchange
a session key and generate encryption and decryption keys.Signed-off-by: Pavel Shilovsky
-
Now SendReceive2 frees the first iov and returns a response buffer
in it that increases a code complexity. Simplify this by making
a caller responsible for freeing request buffer itself and returning
a response buffer in a separate iov.Signed-off-by: Pavel Shilovsky
24 Jun, 2016
3 commits
-
calc_lanman_hash() could return -ENOMEM or other errors, we should check
that everything went fine before using the calculated key.Signed-off-by: Luis de Bethencourt
Signed-off-by: Steve French -
In sess_auth_rawntlmssp_authenticate(), the ntlmssp blob is allocated
statically and its size is an "empirical" 5*sizeof(struct
_AUTHENTICATE_MESSAGE) (320B on x86_64). I don't know where this value
comes from or if it was ever appropriate, but it is currently
insufficient: the user and domain name in UTF16 could take 1kB by
themselves. Because of that, build_ntlmssp_auth_blob() might corrupt
memory (out-of-bounds write). The size of ntlmssp_blob in
SMB2_sess_setup() is too small too (sizeof(struct _NEGOTIATE_MESSAGE)
+ 500).This patch allocates the blob dynamically in
build_ntlmssp_auth_blob().Signed-off-by: Jerome Marchand
Signed-off-by: Steve French
CC: Stable -
Currently in build_ntlmssp_auth_blob(), when converting the domain
name to UTF16, CIFS_MAX_USERNAME_LEN limit is used. It should be
CIFS_MAX_DOMAINNAME_LEN. This patch fixes this.Signed-off-by: Jerome Marchand
Signed-off-by: Steve French
18 May, 2016
4 commits
-
Only server which map unknown users to guest will allow
access using a non-null NTLMv2_Response.For Samba it's the "map to guest = bad user" option.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11913
Signed-off-by: Stefan Metzmacher
CC: Stable
Signed-off-by: Steve French -
Only server which map unknown users to guest will allow
access using a non-null NTChallengeResponse.For Samba it's the "map to guest = bad user" option.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11913
Signed-off-by: Stefan Metzmacher
CC: Stable
Signed-off-by: Steve French -
Only server which map unknown users to guest will allow
access using a non-null LMChallengeResponse.For Samba it's the "map to guest = bad user" option.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11913
Signed-off-by: Stefan Metzmacher
CC: Stable
Signed-off-by: Steve French -
See [MS-NLMP] 3.2.5.1.2 Server Receives an AUTHENTICATE_MESSAGE from the Client:
...
Set NullSession to FALSE
If (AUTHENTICATE_MESSAGE.UserNameLen == 0 AND
AUTHENTICATE_MESSAGE.NtChallengeResponse.Length == 0 AND
(AUTHENTICATE_MESSAGE.LmChallengeResponse == Z(1)
OR
AUTHENTICATE_MESSAGE.LmChallengeResponse.Length == 0))
-- Special case: client requested anonymous authentication
Set NullSession to TRUE
...Only server which map unknown users to guest will allow
access using a non-null NTChallengeResponse.For Samba it's the "map to guest = bad user" option.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11913
CC: Stable
Signed-off-by: Stefan Metzmacher
Signed-off-by: Steve French
21 Oct, 2015
1 commit
-
Merge the type-specific data with the payload data into one four-word chunk
as it seems pointless to keep them separate.Use user_key_payload() for accessing the payloads of overloaded
user-defined keys.Signed-off-by: David Howells
cc: linux-cifs@vger.kernel.org
cc: ecryptfs@vger.kernel.org
cc: linux-ext4@vger.kernel.org
cc: linux-f2fs-devel@lists.sourceforge.net
cc: linux-nfs@vger.kernel.org
cc: ceph-devel@vger.kernel.org
cc: linux-ima-devel@lists.sourceforge.net
11 Dec, 2014
2 commits
-
Merge first patchbomb from Andrew Morton:
- a few minor cifs fixes
- dma-debug upadtes
- ocfs2
- slab
- about half of MM
- procfs
- kernel/exit.c
- panic.c tweaks
- printk upates
- lib/ updates
- checkpatch updates
- fs/binfmt updates
- the drivers/rtc tree
- nilfs
- kmod fixes
- more kernel/exit.c
- various other misc tweaks and fixes* emailed patches from Andrew Morton : (190 commits)
exit: pidns: fix/update the comments in zap_pid_ns_processes()
exit: pidns: alloc_pid() leaks pid_namespace if child_reaper is exiting
exit: exit_notify: re-use "dead" list to autoreap current
exit: reparent: call forget_original_parent() under tasklist_lock
exit: reparent: avoid find_new_reaper() if no children
exit: reparent: introduce find_alive_thread()
exit: reparent: introduce find_child_reaper()
exit: reparent: document the ->has_child_subreaper checks
exit: reparent: s/while_each_thread/for_each_thread/ in find_new_reaper()
exit: reparent: fix the cross-namespace PR_SET_CHILD_SUBREAPER reparenting
exit: reparent: fix the dead-parent PR_SET_CHILD_SUBREAPER reparenting
exit: proc: don't try to flush /proc/tgid/task/tgid
exit: release_task: fix the comment about group leader accounting
exit: wait: drop tasklist_lock before psig->c* accounting
exit: wait: don't use zombie->real_parent
exit: wait: cleanup the ptrace_reparented() checks
usermodehelper: kill the kmod_thread_locker logic
usermodehelper: don't use CLONE_VFORK for ____call_usermodehelper()
fs/hfs/catalog.c: fix comparison bug in hfs_cat_keycmp
nilfs2: fix the nilfs_iget() vs. nilfs_new_inode() races
... -
Replace all __constant_foo to foo() except in smb2status.h (1700 lines to
update).Signed-off-by: Fabian Frederick
Cc: Steve French
Cc: Jeff Layton
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
08 Dec, 2014
1 commit
-
A user complained that they were unable to login to their cifs share
after a kernel update. From the wiretrace we can see that the server
returns different UIDs as response to NTLMSSP_NEGOTIATE and NTLMSSP_AUTH
phases.With changes in the authentication code, we no longer set the
cifs_sess->Suid returned in response to the NTLM_AUTH phase and continue
to use the UID sent in response to the NTLMSSP_NEGOTIATE phase. This
results in the server denying access to the user when the user attempts
to do a tcon connect.See https://bugzilla.redhat.com/show_bug.cgi?id=1163927
A test kernel containing patch was tested successfully by the user.
Signed-off-by: Sachin Prabhu
Signed-off-by: Steve French
16 Sep, 2014
1 commit
-
cifs provides two dummy functions 'sess_auth_lanman' and
'sess_auth_kerberos' for the case in which the respective
features are not defined. However, the caller is also under
an #ifdef, so we just get warnings about unused code:fs/cifs/sess.c:1109:1: warning: 'sess_auth_kerberos' defined but not used [-Wunused-function]
sess_auth_kerberos(struct sess_data *sess_data)Removing the dead functions gets rid of the warnings without
any downsides that I can see.(Yalin Wang reported the identical problem and fix so added him)
Signed-off-by: Arnd Bergmann
Signed-off-by: Yalin Wang
Signed-off-by: Steve French
22 Aug, 2014
1 commit
-
When kzalloc fails, we will end up doing NULL pointer derefrence
Signed-off-by: Namjae Jeon
Signed-off-by: Ashish Sangwan
Signed-off-by: Steve French
02 Aug, 2014
1 commit
-
The recent session setup patch set
(cifs-Separate-rawntlmssp-auth-from-CIFS_SessSetup.patch)
had introduced a trivial sparse build warning.Signed-off-by: Steve French
Cc: Sachin Prabhu
01 Aug, 2014
4 commits
-
Separate rawntlmssp authentication from CIFS_SessSetup(). Also cleanup
CIFS_SessSetup() since we no longer do any auth within it.Signed-off-by: Sachin Prabhu
Reviewed-by: Shirish Pargaonkar
Signed-off-by: Steve French -
Signed-off-by: Sachin Prabhu
Reviewed-by: Shirish Pargaonkar
Signed-off-by: Steve French -
Signed-off-by: Sachin Prabhu
Reviewed-by: Shirish Pargaonkar
Signed-off-by: Steve French -
In preparation for splitting CIFS_SessSetup() into smaller more
manageable chunks, we first add helper functions.We then proceed to split out lanman auth out of CIFS_SessSetup()
Signed-off-by: Sachin Prabhu
Reviewed-by: Shirish Pargaonkar
Signed-off-by: Steve French
07 Oct, 2013
1 commit
-
This allows users to use LANMAN authentication on servers which support
unencapsulated authentication.The patch fixes a regression where users using plaintext authentication
were no longer able to do so because of changed bought in by patch
3f618223dc0bdcbc8d510350e78ee2195ff93768https://bugzilla.redhat.com/show_bug.cgi?id=1011621
Reported-by: Panos Kavalagios
Reviewed-by: Jeff Layton
Signed-off-by: Sachin Prabhu
Signed-off-by: Steve French
18 Sep, 2013
1 commit
-
Currently, we try to ensure that we use vcnum of 0 on the first
established session on a connection and then try to use a different
vcnum on each session after that.This is a little odd, since there's no real reason to use a different
vcnum for each SMB session. I can only assume there was some confusion
between SMB sessions and VCs. That's somewhat understandable since they
both get created during SESSION_SETUP, but the documentation indicates
that they are really orthogonal. The comment on max_vcs in particular
looks quite misguided. An SMB session is already uniquely identified
by the SMB UID value -- there's no need to again uniquely ID with a
VC.Furthermore, a vcnum of 0 is a cue to the server that it should release
any resources that were previously held by the client. This sounds like
a good thing, until you consider that:a) it totally ignores the fact that other programs on the box (e.g.
smbclient) might have connections established to the server. Using a
vcnum of 0 causes them to get kicked off.b) it causes problems with NAT. If several clients are connected to the
same server via the same NAT'ed address, whenever one connects to the
server it kicks off all the others, which then reconnect and kick off
the first one...ad nauseum.I don't see any reason to ignore the advice in "Implementing CIFS" which
has a comprehensive treatment of virtual circuits. In there, it states
"...and contrary to the specs the client should always use a VcNumber of
one, never zero."Have the client just use a hardcoded vcnum of 1, and stop abusing the
special behavior of vcnum 0.Reported-by: Sauron99@gmx.de
Signed-off-by: Jeff Layton
Reviewed-by: Volker Lendecke
Signed-off-by: Steve French
09 Sep, 2013
3 commits
-
Add a variable specific to NTLMSSP authentication to determine
whether to exchange keys during negotiation and authentication phases.Since session key for smb1 is per smb connection, once a very first
sesion is established, there is no need for key exchange during
subsequent session setups. As a result, smb1 session setup code sets this
variable as false.Since session key for smb2 and smb3 is per smb connection, we need to
exchange keys to generate session key for every sesion being established.
As a result, smb2/3 session setup code sets this variable as true.Acked-by: Jeff Layton
Signed-off-by: Shirish Pargaonkar
Signed-off-by: Steve French -
Move the post (successful) session setup code to respective dialect routines.
For smb1, session key is per smb connection.
For smb2/smb3, session key is per smb session.If client and server do not require signing, free session key for smb1/2/3.
If client and server require signing
smb1 - Copy (kmemdup) session key for the first session to connection.
Free session key of that and subsequent sessions on this connection.
smb2 - For every session, keep the session key and free it when the
session is being shutdown.
smb3 - For every session, generate the smb3 signing key using the session key
and then free the session key.There are two unrelated line formatting changes as well.
Reviewed-by: Jeff Layton
Signed-off-by: Shirish Pargaonkar
Signed-off-by: Steve French -
The max string length definitions for user name, domain name, password,
and share name have been moved into their own header file in uapi so the
mount helper can use autoconf to define them instead of keeping the
kernel side and userland side definitions in sync manually. The names
have also been standardized with a "CIFS" prefix and "LEN" suffix.Signed-off-by: Scott Lovenberg
Reviewed-by: Chen Gang
Signed-off-by: Steve French
31 Jul, 2013
1 commit
-
For cifs_set_cifscreds() in "fs/cifs/connect.c", 'desc' buffer length
is 'CIFSCREDS_DESC_SIZE' (56 is less than 256), and 'ses->domainName'
length may be "255 + '\0'".The related sprintf() may cause memory overflow, so need extend related
buffer enough to hold all things.It is also necessary to be sure of 'ses->domainName' must be less than
256, and define the related macro instead of hard code number '256'.Signed-off-by: Chen Gang
Reviewed-by: Jeff Layton
Reviewed-by: Shirish Pargaonkar
Reviewed-by: Scott Lovenberg
CC:
Signed-off-by: Steve French
24 Jun, 2013
5 commits
-
Now that we track what sort of NEGOTIATE response was received, stop
mandating that every session on a socket use the same type of auth.Push that decision out into the session setup code, and make the sectype
a per-session property. This should allow us to mix multiple sectypes on
a socket as long as they are compatible with the NEGOTIATE response.With this too, we can now eliminate the ses->secFlg field since that
info is redundant and harder to work with than a securityEnum.Signed-off-by: Jeff Layton
Acked-by: Pavel Shilovsky
Signed-off-by: Steve French -
Currently, we determine this according to flags in the sec_mode, flags
in the global_secflags and via other methods. That makes the semantics
very hard to follow and there are corner cases where we don't handle
this correctly.Add a new bool to the TCP_Server_Info that acts as a simple flag to tell
us whether signing is enabled on this connection or not, and fix up the
places that need to determine this to use that flag.This is a bit weird for the SMB2 case, where signing is per-session.
SMB2 needs work in this area already though. The existing SMB2 code has
similar logic to what we're using here, so there should be no real
change in behavior. These changes should make it easier to implement
per-session signing in the future though.Signed-off-by: Jeff Layton
Reviewed-by: Pavel Shilovsky
Signed-off-by: Steve French -
This field is completely unused:
CIFS_SES_W9X is completely unused. CIFS_SES_LANMAN and CIFS_SES_OS2
are set but never checked. CIFS_SES_NT4 is checked, but never set.Signed-off-by: Jeff Layton
Acked-by: Pavel Shilovsky
Signed-off-by: Steve French -
These look pretty cargo-culty to me, but let's be certain. Leave
them in place for now. Pop a WARN if it ever does happen. Also,
move to a more standard idiom for setting the "server" pointer.Signed-off-by: Jeff Layton
Reviewed-by: Pavel Shilovsky
Signed-off-by: Steve French -
...rc is always set to 0.
Signed-off-by: Jeff Layton
Acked-by: Pavel Shilovsky
Signed-off-by: Steve French
05 May, 2013
2 commits
-
It's not obvious from reading the macro names that these macros
are for debugging. Convert the names to a single more typical
kernel style cifs_dbg macro.cERROR(1, ...) -> cifs_dbg(VFS, ...)
cFYI(1, ...) -> cifs_dbg(FYI, ...)
cFYI(DBG2, ...) -> cifs_dbg(NOISY, ...)Move the terminating format newline from the macro to the call site.
Add CONFIG_CIFS_DEBUG function cifs_vfs_err to emit the
"CIFS VFS: " prefix for VFS messages.Size is reduced ~ 1% when CONFIG_CIFS_DEBUG is set (default y)
$ size fs/cifs/cifs.ko*
text data bss dec hex filename
265245 2525 132 267902 4167e fs/cifs/cifs.ko.new
268359 2525 132 271016 422a8 fs/cifs/cifs.ko.oldOther miscellaneous changes around these conversions:
o Miscellaneous typo fixes
o Add terminating \n's to almost all formats and remove them
from the macros to be more kernel style like. A few formats
previously had defective \n's
o Remove unnecessary OOM messages as kmalloc() calls dump_stack
o Coalesce formats to make grep easier,
added missing spaces when coalescing formats
o Use %s, __func__ instead of embedded function name
o Removed unnecessary "cifs: " prefixes
o Convert kzalloc with multiply to kcalloc
o Remove unused cifswarn macroSigned-off-by: Joe Perches
Signed-off-by: Jeff Layton
Signed-off-by: Steve French -
This replaces calls to kmalloc followed by memcpy with a single call to
kmemdup. This was found via make coccicheck.Signed-off-by: Silviu-Mihai Popescu
Signed-off-by: Steve French
Signed-off-by: Steve French
27 Sep, 2012
1 commit
-
Signed-off-by: Pavel Shilovsky
Signed-off-by: Steve French
25 Jul, 2012
1 commit
-
Signed-off-by: Pavel Shilovsky
Signed-off-by: Steve French
24 Jul, 2012
3 commits
-
Reviewed-by: Jeff Layton
Signed-off-by: Pavel Shilovsky
Signed-off-by: Steve French -
Reviewed-by: Jeff Layton
Signed-off-by: Pavel Shilovsky
Signed-off-by: Steve French -
Calling key_revoke here isn't ideal as further requests for the key will
end up returning -EKEYREVOKED until it gets purged from the cache. What we
really intend here is to force a new upcall on the next request_key.Cc: David Howells
Signed-off-by: Jeff Layton
Signed-off-by: Steve French
