aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSteve French <sfrench@us.ibm.com>2006-06-02 18:57:13 -0400
committerSteve French <sfrench@us.ibm.com>2006-06-02 18:57:13 -0400
commitbdc4bf6e8ac8cc29c61c2f0dc61d9776ef9a8ed4 (patch)
tree60e8cd01fa1a5a8c5bc00c920db629232191ccf1
parent43411d699e8cf3293674da558d31a02e0012aa9d (diff)
[CIFS] Support for older servers which require plaintext passwords
disabled by default, but can be enabled via proc for servers which require such support. Also includes support for setting security flags for cifs. See fs/cifs/README Signed-off-by: Steve French <sfrench@us.ibm.com>
-rw-r--r--fs/cifs/cifs_debug.c56
-rw-r--r--fs/cifs/cifsencrypt.c9
-rw-r--r--fs/cifs/cifssmb.c7
3 files changed, 56 insertions, 16 deletions
diff --git a/fs/cifs/cifs_debug.c b/fs/cifs/cifs_debug.c
index 4e10e21c54fd..7c0015a96959 100644
--- a/fs/cifs/cifs_debug.c
+++ b/fs/cifs/cifs_debug.c
@@ -445,8 +445,8 @@ static read_proc_t traceSMB_read;
445static write_proc_t traceSMB_write; 445static write_proc_t traceSMB_write;
446static read_proc_t multiuser_mount_read; 446static read_proc_t multiuser_mount_read;
447static write_proc_t multiuser_mount_write; 447static write_proc_t multiuser_mount_write;
448static read_proc_t extended_security_read; 448static read_proc_t security_flags_read;
449static write_proc_t extended_security_write; 449static write_proc_t security_flags_write;
450/* static read_proc_t ntlmv2_enabled_read; 450/* static read_proc_t ntlmv2_enabled_read;
451static write_proc_t ntlmv2_enabled_write; 451static write_proc_t ntlmv2_enabled_write;
452static read_proc_t packet_signing_enabled_read; 452static read_proc_t packet_signing_enabled_read;
@@ -509,9 +509,9 @@ cifs_proc_init(void)
509 509
510 pde = 510 pde =
511 create_proc_read_entry("SecurityFlags", 0, proc_fs_cifs, 511 create_proc_read_entry("SecurityFlags", 0, proc_fs_cifs,
512 extended_security_read, NULL); 512 security_flags_read, NULL);
513 if (pde) 513 if (pde)
514 pde->write_proc = extended_security_write; 514 pde->write_proc = security_flags_write;
515 515
516 pde = 516 pde =
517 create_proc_read_entry("LookupCacheEnabled", 0, proc_fs_cifs, 517 create_proc_read_entry("LookupCacheEnabled", 0, proc_fs_cifs,
@@ -832,7 +832,7 @@ multiuser_mount_write(struct file *file, const char __user *buffer,
832} 832}
833 833
834static int 834static int
835extended_security_read(char *page, char **start, off_t off, 835security_flags_read(char *page, char **start, off_t off,
836 int count, int *eof, void *data) 836 int count, int *eof, void *data)
837{ 837{
838 int len; 838 int len;
@@ -853,26 +853,50 @@ extended_security_read(char *page, char **start, off_t off,
853 return len; 853 return len;
854} 854}
855static int 855static int
856extended_security_write(struct file *file, const char __user *buffer, 856security_flags_write(struct file *file, const char __user *buffer,
857 unsigned long count, void *data) 857 unsigned long count, void *data)
858{ 858{
859 unsigned int flags;
860 char flags_string[12];
859 char c; 861 char c;
860 int rc; 862
861 cERROR(1,("size %ld",count)); /* BB removeme BB */ 863 cERROR(1,("size %ld",count)); /* BB removeme BB */
862 if((count < 2) || (count > 8)) 864
865 if((count < 1) || (count > 11))
863 return -EINVAL; 866 return -EINVAL;
864 867
865 rc = get_user(c, buffer); 868 memset(flags_string, 0, 12);
866 869
867/* BB fixme need to parse more characters in order to handle CIFSSEC flags */ 870 if(copy_from_user(flags_string, buffer, count))
871 return -EFAULT;
868 872
869 if (rc) 873 if(count < 3) {
870 return rc; 874 /* single char or single char followed by null */
871 if (c == '0' || c == 'n' || c == 'N') 875 c = flags_string[0];
872 extended_security = CIFSSEC_DEF; /* default */ 876 if (c == '0' || c == 'n' || c == 'N')
873 else if (c == '1' || c == 'y' || c == 'Y') 877 extended_security = CIFSSEC_DEF; /* default */
874 extended_security = CIFSSEC_MAX; 878 else if (c == '1' || c == 'y' || c == 'Y')
879 extended_security = CIFSSEC_MAX;
880 return count;
881 }
882 /* else we have a number */
883
884 flags = simple_strtoul(flags_string, NULL, 0);
885
886 cERROR(1,("sec flags 0x%x", flags)); /* BB FIXME make cFYI */
887
888 if(flags <= 0) {
889 cERROR(1,("invalid security flags %s",flags_string));
890 return -EINVAL;
891 }
875 892
893 if((flags & CIFSSEC_MASK) != CIFSSEC_MASK) {
894 cERROR(1,("attempt to set unsupported security flags 0x%d",
895 flags & ~CIFSSEC_MASK));
896 return -EINVAL;
897 }
898 /* flags look ok - update the global security flags for cifs module */
899 extended_security = flags;
876 return count; 900 return count;
877} 901}
878 902
diff --git a/fs/cifs/cifsencrypt.c b/fs/cifs/cifsencrypt.c
index e11d8c6bb227..3ae964bbfdc3 100644
--- a/fs/cifs/cifsencrypt.c
+++ b/fs/cifs/cifsencrypt.c
@@ -271,9 +271,18 @@ void calc_lanman_hash(struct cifsSesInfo * ses, char * lnm_session_key)
271 int i; 271 int i;
272 char password_with_pad[CIFS_ENCPWD_SIZE]; 272 char password_with_pad[CIFS_ENCPWD_SIZE];
273 273
274 if(ses->server == NULL)
275 return;
276
274 memset(password_with_pad, 0, CIFS_ENCPWD_SIZE); 277 memset(password_with_pad, 0, CIFS_ENCPWD_SIZE);
275 strncpy(password_with_pad, ses->password, CIFS_ENCPWD_SIZE); 278 strncpy(password_with_pad, ses->password, CIFS_ENCPWD_SIZE);
276 279
280 if((ses->server->secMode & SECMODE_PW_ENCRYPT) == 0)
281 if(extended_security & CIFSSEC_MAY_PLNTXT) {
282 memcpy(lnm_session_key, password_with_pad, CIFS_ENCPWD_SIZE);
283 return;
284 }
285
277 /* calculate old style session key */ 286 /* calculate old style session key */
278 /* calling toupper is less broken than repeatedly 287 /* calling toupper is less broken than repeatedly
279 calling nls_toupper would be since that will never 288 calling nls_toupper would be since that will never
diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c
index b8c236be4d85..77cca3809467 100644
--- a/fs/cifs/cifssmb.c
+++ b/fs/cifs/cifssmb.c
@@ -492,6 +492,13 @@ CIFSSMBNegotiate(unsigned int xid, struct cifsSesInfo *ses)
492 server->secMode = pSMBr->SecurityMode; 492 server->secMode = pSMBr->SecurityMode;
493 if((server->secMode & SECMODE_USER) == 0) 493 if((server->secMode & SECMODE_USER) == 0)
494 cFYI(1,("share mode security")); 494 cFYI(1,("share mode security"));
495
496 if((server->secMode & SECMODE_PW_ENCRYPT) == 0)
497#ifdef CONFIG_CIFS_WEAK_PW_HASH
498 if ((extended_security & CIFSSEC_MAY_PLNTXT) == 0)
499#endif /* CIFS_WEAK_PW_HASH */
500 cERROR(1,("Server requests plain text password"
501 " but client support disabled"));
495 502
496 if(extended_security & CIFSSEC_MUST_NTLMV2) 503 if(extended_security & CIFSSEC_MUST_NTLMV2)
497 server->secType = NTLMv2; 504 server->secType = NTLMv2;