CIFS] Support for older servers which require plaintext passwords - part 2

Signed-off-by: Steve French <sfrench@us.ibm.com>
author: Steve French <sfrench@us.ibm.com> 2006-06-04 01:53:15 -0400
committer: Steve French <sfrench@us.ibm.com> 2006-06-04 01:53:15 -0400
commit: 254e55ed03e2e8d23089b4a468eec2fd2e1ead9b (patch)
tree: af99361609403301ab1c758e2988e79dc155a710 /fs/cifs
parent: bdc4bf6e8ac8cc29c61c2f0dc61d9776ef9a8ed4 (diff)
5 files changed, 184 insertions, 151 deletions
diff --git a/fs/cifs/README b/fs/cifs/README
index 0355003f4f0a..a68f8e3db2d2 100644
--- a/fs/cifs/README
+++ b/fs/cifs/README
@@ -485,14 +485,34 @@ PacketSigningEnabled	If set to one, cifs packet signing is enabled
                        it.  If set to two, cifs packet signing is
                        required even if the server considers packet
                        signing optional. (default 1)
+SecurityFlags           Flags which control security negotiation and
+                        also packet signing. Authentication (may/must)
+                        flags (e.g. for NTLM and/or NTLMv2) may be combined with
+                        the signing flags.  Specifying two different password
+                        hashing mechanisms (as "must use") on the other hand 
+                        does not make much sense. Default flags are 
+                                0x07007 
+                        (NTLM, NTLMv2 and packet signing allowed).  Maximum 
+                        allowable flags if you want to allow mounts to servers
+                        using weaker password hashes is 0x37037 (lanman,
+                        plaintext, ntlm, ntlmv2, signing allowed):
+ 
+                        may use packet signing                          0x00001
+                        must use packet signing                         0x01001
+                        may use NTLM (most common password hash)        0x00002
+                        must use NTLM                                   0x02002
+                        may use NTLMv2                                  0x00004
+                        must use NTLMv2                                 0x04004
+                        may use Kerberos security (not implemented yet) 0x00008
+                        must use Kerberos (not implemented yet)         0x08008
+                        may use lanman (weak) password hash             0x00010
+                        must use lanman password hash                   0x10010
+                        may use plaintext passwords                     0x00020
+                        must use plaintext passwords                    0x20020
+                        (reserved for future packet encryption)         0x00040
 cifsFYI                 If set to one, additional debug information is
                        logged to the system error log. (default 0)
-ExtendedSecurity        If set to one, SPNEGO session establishment
-                        is allowed which enables more advanced 
-                        secure CIFS session establishment (default 0)
-NTLMV2Enabled           If set to one, more secure password hashes
-                        are used when the server supports them and
-                        when kerberos is not negotiated (default 0)
 traceSMB                If set to one, debug information is logged to the
                        system error log with the start of smb requests
                        and responses (default 0)
diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h
index 975e69a2e1c4..87453a6bcaf8 100644
--- a/fs/cifs/cifsglob.h
+++ b/fs/cifs/cifsglob.h
@@ -212,12 +212,12 @@ struct cifsTconInfo {
        struct list_head openFileList;
        struct semaphore tconSem;
        struct cifsSesInfo *ses;        /* pointer to session associated with */
-        char treeName[MAX_TREE_SIZE + 1]; /* UNC name of resource (in ASCII not UTF) */
+        char treeName[MAX_TREE_SIZE + 1]; /* UNC name of resource in ASCII */
        char *nativeFileSystem;
        __u16 tid;              /* The 2 byte tree id */
        __u16 Flags;            /* optional support bits */
        enum statusEnum tidStatus;
-        atomic_t useCount;      /* how many mounts (explicit or implicit) to this share */
+        atomic_t useCount;      /* how many explicit/implicit mounts to share */
 #ifdef CONFIG_CIFS_STATS
        atomic_t num_smbs_sent;
        atomic_t num_writes;
@@ -257,7 +257,7 @@ struct cifsTconInfo {
        spinlock_t stat_lock;
 #endif /* CONFIG_CIFS_STATS */
        FILE_SYSTEM_DEVICE_INFO fsDevInfo;
-        FILE_SYSTEM_ATTRIBUTE_INFO fsAttrInfo;  /* ok if file system name truncated */
+        FILE_SYSTEM_ATTRIBUTE_INFO fsAttrInfo; /* ok if fs name truncated */
        FILE_SYSTEM_UNIX_INFO fsUnixInfo;
        unsigned retry:1;
        unsigned nocase:1;
@@ -308,7 +308,6 @@ struct cifsFileInfo {
        atomic_t wrtPending;   /* handle in use - defer close */
        struct semaphore fh_sem; /* prevents reopen race after dead ses*/
        char * search_resume_name; /* BB removeme BB */
-        unsigned int resume_name_length; /* BB removeme - field renamed and moved BB */
        struct cifs_search_info srch_inf;
 };
@@ -523,16 +522,16 @@ GLOBAL_EXTERN rwlock_t GlobalSMBSeslock;  /* protects list inserts on 3 above */
 GLOBAL_EXTERN struct list_head GlobalOplock_Q;
 GLOBAL_EXTERN struct list_head GlobalDnotifyReqList; /* Outstanding dir notify requests */
-GLOBAL_EXTERN struct list_head GlobalDnotifyRsp_Q; /* Dir notify response queue */
+GLOBAL_EXTERN struct list_head GlobalDnotifyRsp_Q;/* DirNotify response queue */
 /*
 * Global transaction id (XID) information
 */
 GLOBAL_EXTERN unsigned int GlobalCurrentXid;    /* protected by GlobalMid_Sem */
-GLOBAL_EXTERN unsigned int GlobalTotalActiveXid;        /* prot by GlobalMid_Sem */
+GLOBAL_EXTERN unsigned int GlobalTotalActiveXid; /* prot by GlobalMid_Sem */
 GLOBAL_EXTERN unsigned int GlobalMaxActiveXid;  /* prot by GlobalMid_Sem */
-GLOBAL_EXTERN spinlock_t GlobalMid_Lock;  /* protects above and list operations */
+GLOBAL_EXTERN spinlock_t GlobalMid_Lock;  /* protects above & list operations */
-                                        /* on midQ entries */
+                                          /* on midQ entries */
 GLOBAL_EXTERN char Local_System_Name[15];
 /*
@@ -554,7 +553,7 @@ GLOBAL_EXTERN atomic_t smBufAllocCount;
 GLOBAL_EXTERN atomic_t midCount;
 /* Misc globals */
-GLOBAL_EXTERN unsigned int multiuser_mount;     /* if enabled allows new sessions
+GLOBAL_EXTERN unsigned int multiuser_mount; /* if enabled allows new sessions
                                to be established on existing mount if we
                                have the uid/password or Kerberos credential 
                                or equivalent for current user */
diff --git a/fs/cifs/cifspdu.h b/fs/cifs/cifspdu.h
index 135941738d9d..e714803a52dc 100644
--- a/fs/cifs/cifspdu.h
+++ b/fs/cifs/cifspdu.h
@@ -426,6 +426,10 @@ typedef struct lanman_neg_rsp {
        unsigned char EncryptionKey[1];
 } __attribute__((packed)) LANMAN_NEG_RSP;
+#define READ_RAW_ENABLE 1
+#define WRITE_RAW_ENABLE 2
+#define RAW_ENABLE (READ_RAW_ENABLE | WRITE_RAW_ENABLE)
 typedef struct negotiate_rsp {
        struct smb_hdr hdr;     /* wct = 17 */
        __le16 DialectIndex;
diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c
index 77cca3809467..0442c3b36799 100644
--- a/fs/cifs/cifssmb.c
+++ b/fs/cifs/cifssmb.c
@@ -411,8 +411,8 @@ CIFSSMBNegotiate(unsigned int xid, struct cifsSesInfo *ses)
                return rc;
        pSMB->hdr.Mid = GetNextMid(server);
        pSMB->hdr.Flags2 |= SMBFLG2_UNICODE;
-/*      if (extended_security)
+        if((extended_security & CIFSSEC_MUST_KRB5) == CIFSSEC_MUST_KRB5)
-                pSMB->hdr.Flags2 |= SMBFLG2_EXT_SEC;*/
+                pSMB->hdr.Flags2 |= SMBFLG2_EXT_SEC;
        
        count = 0;
        for(i=0;i<CIFS_NUM_PROT;i++) {
@@ -425,162 +425,171 @@ CIFSSMBNegotiate(unsigned int xid, struct cifsSesInfo *ses)
        rc = SendReceive(xid, ses, (struct smb_hdr *) pSMB,
                         (struct smb_hdr *) pSMBr, &bytes_returned, 0);
-        if (rc == 0) {
+        if (rc != 0) 
-                cFYI(1,("Dialect: %d", pSMBr->DialectIndex));
+                goto neg_err_exit;
-                /* Check wct = 1 error case */
-                if((pSMBr->hdr.WordCount < 13)  
+        cFYI(1,("Dialect: %d", pSMBr->DialectIndex));
-                        || (pSMBr->DialectIndex == BAD_PROT)) {
+        /* Check wct = 1 error case */
-                        /* core returns wct = 1, but we do not ask for
+        if((pSMBr->hdr.WordCount < 13) || (pSMBr->DialectIndex == BAD_PROT)) {
-                        core - otherwise it just comes when dialect
+                /* core returns wct = 1, but we do not ask for core - otherwise
-                        index is -1 indicating we could not negotiate
+                small wct just comes when dialect index is -1 indicating we 
-                        a common dialect */
+                could not negotiate a common dialect */
+                rc = -EOPNOTSUPP;
+                goto neg_err_exit;
+#ifdef CONFIG_CIFS_WEAK_PW_HASH 
+        } else if((pSMBr->hdr.WordCount == 13)
+                        && (pSMBr->DialectIndex == LANMAN_PROT)) {
+                struct lanman_neg_rsp * rsp = (struct lanman_neg_rsp *)pSMBr;
+                if((extended_security & CIFSSEC_MAY_LANMAN) || 
+                        (extended_security & CIFSSEC_MAY_PLNTXT))
+                        server->secType = LANMAN;
+                else {
+                        cERROR(1, ("mount failed weak security disabled"
+                                   " in /proc/fs/cifs/SecurityFlags"));
                        rc = -EOPNOTSUPP;
                        goto neg_err_exit;
-#ifdef CONFIG_CIFS_WEAK_PW_HASH 
+                }       
-                } else if((pSMBr->hdr.WordCount == 13)
+                server->secMode = (__u8)le16_to_cpu(rsp->SecurityMode);
-                                && (pSMBr->DialectIndex == LANMAN_PROT)) {
+                server->maxReq = le16_to_cpu(rsp->MaxMpxCount);
-                        struct lanman_neg_rsp * rsp = 
+                server->maxBuf = min((__u32)le16_to_cpu(rsp->MaxBufSize),
-                                (struct lanman_neg_rsp *)pSMBr;
-                        if((extended_security & CIFSSEC_MAY_LANMAN) || 
-                                (extended_security & CIFSSEC_MAY_PLNTXT))
-                                server->secType = LANMAN;
-                        else {
-                                cERROR(1, ("mount failed weak security disabled"
-                                        " in /proc/fs/cifs/SecurityFlags"));
-                                rc = -EOPNOTSUPP;
-                                goto neg_err_exit;
-                        }       
-                        server->secMode = (__u8)le16_to_cpu(rsp->SecurityMode);
-                        server->maxReq = le16_to_cpu(rsp->MaxMpxCount);
-                        server->maxBuf = min((__u32)le16_to_cpu(rsp->MaxBufSize),
                                (__u32)CIFSMaxBufSize + MAX_CIFS_HDR_SIZE);
+                GETU32(server->sessid) = le32_to_cpu(rsp->SessionKey);
+                /* even though we do not use raw we might as well set this
+                accurately, in case we ever find a need for it */
+                if((le16_to_cpu(rsp->RawMode) & RAW_ENABLE) == RAW_ENABLE) {
+                        server->maxRw = 0xFF00;
+                        server->capabilities = CAP_MPX_MODE | CAP_RAW_MODE;
+                } else {
+                        server->maxRw = 0;/* we do not need to use raw anyway */
+                        server->capabilities = CAP_MPX_MODE;
+                }
+                server->timeZone = le16_to_cpu(rsp->ServerTimeZone);
-                        /* BB what do we do with raw mode? BB */
+                /* BB get server time for time conversions and add
-                        server->timeZone = le16_to_cpu(rsp->ServerTimeZone);
+                code to use it and timezone since this is not UTC */    
-                        /* Do we have to set signing flags? no signing
-                        was available LANMAN - default should be ok */
-                        /* BB FIXME set default dummy capabilities since
-                        they are not returned by the server in this dialect */
-                        /* get server time for time conversions and add
-                        code to use it and timezone since this is not UTC */    
-                        if (rsp->EncryptionKeyLength == CIFS_CRYPTO_KEY_SIZE) {
+                if (rsp->EncryptionKeyLength == CIFS_CRYPTO_KEY_SIZE) {
-                                memcpy(server->cryptKey, rsp->EncryptionKey,
+                        memcpy(server->cryptKey, rsp->EncryptionKey,
-                                        CIFS_CRYPTO_KEY_SIZE);
+                                CIFS_CRYPTO_KEY_SIZE);
-                        } else {
+                } else if (server->secMode & SECMODE_PW_ENCRYPT) {
-                                rc = -EIO;
+                        rc = -EIO; /* need cryptkey unless plain text */
-                                goto neg_err_exit;
+                        goto neg_err_exit;
-                        }
+                }
-                        cFYI(1,("LANMAN negotiated")); /* BB removeme BB */
+                cFYI(1,("LANMAN negotiated"));
+                /* we will not end up setting signing flags - as no signing
+                was in LANMAN and server did not return the flags on */
+                goto signing_check;
 #else /* weak security disabled */
-                } else if(pSMBr->hdr.WordCount == 13) {
+        } else if(pSMBr->hdr.WordCount == 13) {
-                        cERROR(1,("mount failed, cifs module not built "
+                cERROR(1,("mount failed, cifs module not built "
-                                "with CIFS_WEAK_PW_HASH support"));
+                          "with CIFS_WEAK_PW_HASH support"));
                        rc = -EOPNOTSUPP;
 #endif /* WEAK_PW_HASH */
-                        goto neg_err_exit;
+                goto neg_err_exit;
-                } else if(pSMBr->hdr.WordCount != 17) {
+        } else if(pSMBr->hdr.WordCount != 17) {
-                        /* unknown wct */
+                /* unknown wct */
-                        rc = -EOPNOTSUPP;
+                rc = -EOPNOTSUPP;
-                        goto neg_err_exit;
+                goto neg_err_exit;
-                }
+        }
+        /* else wct == 17 NTLM */
-                server->secMode = pSMBr->SecurityMode;
+        server->secMode = pSMBr->SecurityMode;
-                if((server->secMode & SECMODE_USER) == 0)
+        if((server->secMode & SECMODE_USER) == 0)
-                        cFYI(1,("share mode security"));
+                cFYI(1,("share mode security"));
-                if((server->secMode & SECMODE_PW_ENCRYPT) == 0)
+        if((server->secMode & SECMODE_PW_ENCRYPT) == 0)
 #ifdef CONFIG_CIFS_WEAK_PW_HASH
-                        if ((extended_security & CIFSSEC_MAY_PLNTXT) == 0)
+                if ((extended_security & CIFSSEC_MAY_PLNTXT) == 0)
 #endif /* CIFS_WEAK_PW_HASH */
-                                cERROR(1,("Server requests plain text password"
+                        cERROR(1,("Server requests plain text password"
-                                        " but client support disabled"));
+                                  " but client support disabled"));
                
-                if(extended_security & CIFSSEC_MUST_NTLMV2)
+        if(extended_security & CIFSSEC_MUST_NTLMV2)
-                        server->secType = NTLMv2;
+                server->secType = NTLMv2;
-                else
+        else
-                        server->secType = NTLM;
+                server->secType = NTLM;
-                /* else krb5 ... */
+        /* else krb5 ... */
-                /* one byte - no need to convert this or EncryptionKeyLen
+        /* one byte, so no need to convert this or EncryptionKeyLen from
-                   from little endian */
+           little endian */
-                server->maxReq = le16_to_cpu(pSMBr->MaxMpxCount);
+        server->maxReq = le16_to_cpu(pSMBr->MaxMpxCount);
-                /* probably no need to store and check maxvcs */
+        /* probably no need to store and check maxvcs */
-                server->maxBuf =
+        server->maxBuf = min(le32_to_cpu(pSMBr->MaxBufferSize),
-                        min(le32_to_cpu(pSMBr->MaxBufferSize),
                        (__u32) CIFSMaxBufSize + MAX_CIFS_HDR_SIZE);
-                server->maxRw = le32_to_cpu(pSMBr->MaxRawSize);
+        server->maxRw = le32_to_cpu(pSMBr->MaxRawSize);
-                cFYI(0, ("Max buf = %d", ses->server->maxBuf));
+        cFYI(0, ("Max buf = %d", ses->server->maxBuf));
-                GETU32(ses->server->sessid) = le32_to_cpu(pSMBr->SessionKey);
+        GETU32(ses->server->sessid) = le32_to_cpu(pSMBr->SessionKey);
-                server->capabilities = le32_to_cpu(pSMBr->Capabilities);
+        server->capabilities = le32_to_cpu(pSMBr->Capabilities);
-                server->timeZone = le16_to_cpu(pSMBr->ServerTimeZone);  
+        server->timeZone = le16_to_cpu(pSMBr->ServerTimeZone);  
-        /* BB with UTC do we ever need to be using srvr timezone? */
+        if (pSMBr->EncryptionKeyLength == CIFS_CRYPTO_KEY_SIZE) {
-                if (pSMBr->EncryptionKeyLength == CIFS_CRYPTO_KEY_SIZE) {
+                memcpy(server->cryptKey, pSMBr->u.EncryptionKey,
-                        memcpy(server->cryptKey, pSMBr->u.EncryptionKey,
+                       CIFS_CRYPTO_KEY_SIZE);
-                               CIFS_CRYPTO_KEY_SIZE);
+        } else if ((pSMBr->hdr.Flags2 & SMBFLG2_EXT_SEC)
-                } else if ((pSMBr->hdr.Flags2 & SMBFLG2_EXT_SEC)
+                        && (pSMBr->EncryptionKeyLength == 0)) {
-                           && (pSMBr->EncryptionKeyLength == 0)) {
+                /* decode security blob */
-                        /* decode security blob */
+        } else if (server->secMode & SECMODE_PW_ENCRYPT) {
-                } else
+                rc = -EIO; /* no crypt key only if plain text pwd */
-                        rc = -EIO;
+                goto neg_err_exit;
+        }
-                /* BB might be helpful to save off the domain of server here */
+        /* BB might be helpful to save off the domain of server here */
-                if ((pSMBr->hdr.Flags2 & SMBFLG2_EXT_SEC) && 
+        if ((pSMBr->hdr.Flags2 & SMBFLG2_EXT_SEC) && 
-                        (server->capabilities & CAP_EXTENDED_SECURITY)) {
+                (server->capabilities & CAP_EXTENDED_SECURITY)) {
-                        count = pSMBr->ByteCount;
+                count = pSMBr->ByteCount;
-                        if (count < 16)
+                if (count < 16)
-                                rc = -EIO;
+                        rc = -EIO;
-                        else if (count == 16) {
+                else if (count == 16) {
-                                server->secType = RawNTLMSSP;
+                        server->secType = RawNTLMSSP;
-                                if (server->socketUseCount.counter > 1) {
+                        if (server->socketUseCount.counter > 1) {
-                                        if (memcmp
+                                if (memcmp(server->server_GUID,
-                                                (server->server_GUID,
+                                           pSMBr->u.extended_response.
-                                                pSMBr->u.extended_response.
+                                           GUID, 16) != 0) {
-                                                GUID, 16) != 0) {
+                                        cFYI(1, ("server UID changed"));
-                                                cFYI(1, ("server UID changed"));
-                                                memcpy(server->
-                                                        server_GUID,
-                                                        pSMBr->u.
-                                                        extended_response.
-                                                        GUID, 16);
-                                        }
-                                } else
                                        memcpy(server->server_GUID,
-                                               pSMBr->u.extended_response.
+                                                pSMBr->u.extended_response.GUID,
-                                               GUID, 16);
+                                                16);
-                        } else {
-                                rc = decode_negTokenInit(pSMBr->u.
-                                                         extended_response.
-                                                         SecurityBlob,
-                                                         count - 16,
-                                                         &server->secType);
-                                if(rc == 1) {
-                                /* BB Need to fill struct for sessetup here */
-                                        rc = -EOPNOTSUPP;
-                                } else {
-                                        rc = -EINVAL;
                                }
+                        } else
+                                memcpy(server->server_GUID,
+                                       pSMBr->u.extended_response.GUID, 16);
+                } else {
+                        rc = decode_negTokenInit(pSMBr->u.extended_response.
+                                                 SecurityBlob,
+                                                 count - 16,
+                                                 &server->secType);
+                        if(rc == 1) {
+                        /* BB Need to fill struct for sessetup here */
+                                rc = -EOPNOTSUPP;
+                        } else {
+                                rc = -EINVAL;
                        }
-                } else
-                        server->capabilities &= ~CAP_EXTENDED_SECURITY;
-                if(sign_CIFS_PDUs == FALSE) {        
-                        if(server->secMode & SECMODE_SIGN_REQUIRED)
-                                cERROR(1,
-                                 ("Server requires /proc/fs/cifs/PacketSigningEnabled"));
-                        server->secMode &= ~(SECMODE_SIGN_ENABLED | SECMODE_SIGN_REQUIRED);
-                } else if(sign_CIFS_PDUs == 1) {
-                        if((server->secMode & SECMODE_SIGN_REQUIRED) == 0)
-                                server->secMode &= ~(SECMODE_SIGN_ENABLED | SECMODE_SIGN_REQUIRED);
                }
-                                
+        } else
+                server->capabilities &= ~CAP_EXTENDED_SECURITY;
+signing_check:
+        if(sign_CIFS_PDUs == FALSE) {        
+                if(server->secMode & SECMODE_SIGN_REQUIRED)
+                        cERROR(1,("Server requires "
+                                 "/proc/fs/cifs/PacketSigningEnabled to be on"));
+                server->secMode &= 
+                        ~(SECMODE_SIGN_ENABLED | SECMODE_SIGN_REQUIRED);
+        } else if(sign_CIFS_PDUs == 1) {
+                if((server->secMode & SECMODE_SIGN_REQUIRED) == 0)
+                        server->secMode &= 
+                                ~(SECMODE_SIGN_ENABLED | SECMODE_SIGN_REQUIRED);
+        } else if(sign_CIFS_PDUs == 2) {
+                if((server->secMode & 
+                        (SECMODE_SIGN_ENABLED | SECMODE_SIGN_REQUIRED)) == 0) {
+                        cERROR(1,("signing required but server lacks support"));
+                }
        }
 neg_err_exit:   
        cifs_buf_release(pSMB);
+        cFYI(1,("negprot rc %d",rc));
        return rc;
 }
diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c
index a52aacb3feff..76a09f5f804f 100644
--- a/fs/cifs/sess.c
+++ b/fs/cifs/sess.c
@@ -323,7 +323,8 @@ CIFS_SessSetup(unsigned int xid, struct cifsSesInfo *ses, int first_time,
        enum securityEnum type;
        __u16 action;
        int bytes_remaining;
-        
+        cFYI(1,("new sess setup"));
        if(ses == NULL)
                return -EINVAL;
author	Steve French <sfrench@us.ibm.com>	2006-06-04 01:53:15 -0400
committer	Steve French <sfrench@us.ibm.com>	2006-06-04 01:53:15 -0400
commit	254e55ed03e2e8d23089b4a468eec2fd2e1ead9b (patch)
tree	af99361609403301ab1c758e2988e79dc155a710 /fs/cifs
parent	bdc4bf6e8ac8cc29c61c2f0dc61d9776ef9a8ed4 (diff)

diff --git a/fs/cifs/README b/fs/cifs/README index 0355003f4f0a..a68f8e3db2d2 100644 --- a/fs/cifs/README +++ b/fs/cifs/README
@@ -485,14 +485,34 @@ PacketSigningEnabled If set to one, cifs packet signing is enabled
485	it. If set to two, cifs packet signing is	485	it. If set to two, cifs packet signing is
486	required even if the server considers packet	486	required even if the server considers packet
487	signing optional. (default 1)	487	signing optional. (default 1)
		488	SecurityFlags Flags which control security negotiation and
		489	also packet signing. Authentication (may/must)
		490	flags (e.g. for NTLM and/or NTLMv2) may be combined with
		491	the signing flags. Specifying two different password
		492	hashing mechanisms (as "must use") on the other hand
		493	does not make much sense. Default flags are
		494	0x07007
		495	(NTLM, NTLMv2 and packet signing allowed). Maximum
		496	allowable flags if you want to allow mounts to servers
		497	using weaker password hashes is 0x37037 (lanman,
		498	plaintext, ntlm, ntlmv2, signing allowed):
		499
		500	may use packet signing 0x00001
		501	must use packet signing 0x01001
		502	may use NTLM (most common password hash) 0x00002
		503	must use NTLM 0x02002
		504	may use NTLMv2 0x00004
		505	must use NTLMv2 0x04004
		506	may use Kerberos security (not implemented yet) 0x00008
		507	must use Kerberos (not implemented yet) 0x08008
		508	may use lanman (weak) password hash 0x00010
		509	must use lanman password hash 0x10010
		510	may use plaintext passwords 0x00020
		511	must use plaintext passwords 0x20020
		512	(reserved for future packet encryption) 0x00040
		513
488	cifsFYI If set to one, additional debug information is	514	cifsFYI If set to one, additional debug information is
489	logged to the system error log. (default 0)	515	logged to the system error log. (default 0)
490	ExtendedSecurity If set to one, SPNEGO session establishment
491	is allowed which enables more advanced
492	secure CIFS session establishment (default 0)
493	NTLMV2Enabled If set to one, more secure password hashes
494	are used when the server supports them and
495	when kerberos is not negotiated (default 0)
496	traceSMB If set to one, debug information is logged to the	516	traceSMB If set to one, debug information is logged to the
497	system error log with the start of smb requests	517	system error log with the start of smb requests
498	and responses (default 0)	518	and responses (default 0)


diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h index 975e69a2e1c4..87453a6bcaf8 100644 --- a/fs/cifs/cifsglob.h +++ b/fs/cifs/cifsglob.h
@@ -212,12 +212,12 @@ struct cifsTconInfo {
212	struct list_head openFileList;	212	struct list_head openFileList;
213	struct semaphore tconSem;	213	struct semaphore tconSem;
214	struct cifsSesInfo ses; / pointer to session associated with */	214	struct cifsSesInfo ses; / pointer to session associated with */
215	char treeName[MAX_TREE_SIZE + 1]; /* UNC name of resource (in ASCII not UTF) */	215	char treeName[MAX_TREE_SIZE + 1]; /* UNC name of resource in ASCII */
216	char *nativeFileSystem;	216	char *nativeFileSystem;
217	__u16 tid; /* The 2 byte tree id */	217	__u16 tid; /* The 2 byte tree id */
218	__u16 Flags; /* optional support bits */	218	__u16 Flags; /* optional support bits */
219	enum statusEnum tidStatus;	219	enum statusEnum tidStatus;
220	atomic_t useCount; /* how many mounts (explicit or implicit) to this share */	220	atomic_t useCount; /* how many explicit/implicit mounts to share */
221	#ifdef CONFIG_CIFS_STATS	221	#ifdef CONFIG_CIFS_STATS
222	atomic_t num_smbs_sent;	222	atomic_t num_smbs_sent;
223	atomic_t num_writes;	223	atomic_t num_writes;
@@ -257,7 +257,7 @@ struct cifsTconInfo {
257	spinlock_t stat_lock;	257	spinlock_t stat_lock;
258	#endif /* CONFIG_CIFS_STATS */	258	#endif /* CONFIG_CIFS_STATS */
259	FILE_SYSTEM_DEVICE_INFO fsDevInfo;	259	FILE_SYSTEM_DEVICE_INFO fsDevInfo;
260	FILE_SYSTEM_ATTRIBUTE_INFO fsAttrInfo; /* ok if file system name truncated */	260	FILE_SYSTEM_ATTRIBUTE_INFO fsAttrInfo; /* ok if fs name truncated */
261	FILE_SYSTEM_UNIX_INFO fsUnixInfo;	261	FILE_SYSTEM_UNIX_INFO fsUnixInfo;
262	unsigned retry:1;	262	unsigned retry:1;
263	unsigned nocase:1;	263	unsigned nocase:1;
@@ -308,7 +308,6 @@ struct cifsFileInfo {
308	atomic_t wrtPending; /* handle in use - defer close */	308	atomic_t wrtPending; /* handle in use - defer close */
309	struct semaphore fh_sem; /* prevents reopen race after dead ses*/	309	struct semaphore fh_sem; /* prevents reopen race after dead ses*/
310	char * search_resume_name; /* BB removeme BB */	310	char * search_resume_name; /* BB removeme BB */
311	unsigned int resume_name_length; /* BB removeme - field renamed and moved BB */
312	struct cifs_search_info srch_inf;	311	struct cifs_search_info srch_inf;
313	};	312	};
314		313
@@ -523,16 +522,16 @@ GLOBAL_EXTERN rwlock_t GlobalSMBSeslock; /* protects list inserts on 3 above */
523	GLOBAL_EXTERN struct list_head GlobalOplock_Q;	522	GLOBAL_EXTERN struct list_head GlobalOplock_Q;
524		523
525	GLOBAL_EXTERN struct list_head GlobalDnotifyReqList; /* Outstanding dir notify requests */	524	GLOBAL_EXTERN struct list_head GlobalDnotifyReqList; /* Outstanding dir notify requests */
526	GLOBAL_EXTERN struct list_head GlobalDnotifyRsp_Q; /* Dir notify response queue */	525	GLOBAL_EXTERN struct list_head GlobalDnotifyRsp_Q;/* DirNotify response queue */
527		526
528	/*	527	/*
529	* Global transaction id (XID) information	528	* Global transaction id (XID) information
530	*/	529	*/
531	GLOBAL_EXTERN unsigned int GlobalCurrentXid; /* protected by GlobalMid_Sem */	530	GLOBAL_EXTERN unsigned int GlobalCurrentXid; /* protected by GlobalMid_Sem */
532	GLOBAL_EXTERN unsigned int GlobalTotalActiveXid; /* prot by GlobalMid_Sem */	531	GLOBAL_EXTERN unsigned int GlobalTotalActiveXid; /* prot by GlobalMid_Sem */
533	GLOBAL_EXTERN unsigned int GlobalMaxActiveXid; /* prot by GlobalMid_Sem */	532	GLOBAL_EXTERN unsigned int GlobalMaxActiveXid; /* prot by GlobalMid_Sem */
534	GLOBAL_EXTERN spinlock_t GlobalMid_Lock; /* protects above and list operations */	533	GLOBAL_EXTERN spinlock_t GlobalMid_Lock; /* protects above & list operations */
535	/* on midQ entries */	534	/* on midQ entries */
536	GLOBAL_EXTERN char Local_System_Name[15];	535	GLOBAL_EXTERN char Local_System_Name[15];
537		536
538	/*	537	/*
@@ -554,7 +553,7 @@ GLOBAL_EXTERN atomic_t smBufAllocCount;
554	GLOBAL_EXTERN atomic_t midCount;	553	GLOBAL_EXTERN atomic_t midCount;
555		554
556	/* Misc globals */	555	/* Misc globals */
557	GLOBAL_EXTERN unsigned int multiuser_mount; /* if enabled allows new sessions	556	GLOBAL_EXTERN unsigned int multiuser_mount; /* if enabled allows new sessions
558	to be established on existing mount if we	557	to be established on existing mount if we
559	have the uid/password or Kerberos credential	558	have the uid/password or Kerberos credential
560	or equivalent for current user */	559	or equivalent for current user */


diff --git a/fs/cifs/cifspdu.h b/fs/cifs/cifspdu.h index 135941738d9d..e714803a52dc 100644 --- a/fs/cifs/cifspdu.h +++ b/fs/cifs/cifspdu.h
@@ -426,6 +426,10 @@ typedef struct lanman_neg_rsp {
426	unsigned char EncryptionKey[1];	426	unsigned char EncryptionKey[1];
427	} __attribute__((packed)) LANMAN_NEG_RSP;	427	} __attribute__((packed)) LANMAN_NEG_RSP;
428		428
		429	#define READ_RAW_ENABLE 1
		430	#define WRITE_RAW_ENABLE 2
		431	#define RAW_ENABLE (READ_RAW_ENABLE \| WRITE_RAW_ENABLE)
		432
429	typedef struct negotiate_rsp {	433	typedef struct negotiate_rsp {
430	struct smb_hdr hdr; /* wct = 17 */	434	struct smb_hdr hdr; /* wct = 17 */
431	__le16 DialectIndex;	435	__le16 DialectIndex;


diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c index 77cca3809467..0442c3b36799 100644 --- a/fs/cifs/cifssmb.c +++ b/fs/cifs/cifssmb.c
@@ -411,8 +411,8 @@ CIFSSMBNegotiate(unsigned int xid, struct cifsSesInfo *ses)
411	return rc;	411	return rc;
412	pSMB->hdr.Mid = GetNextMid(server);	412	pSMB->hdr.Mid = GetNextMid(server);
413	pSMB->hdr.Flags2 \|= SMBFLG2_UNICODE;	413	pSMB->hdr.Flags2 \|= SMBFLG2_UNICODE;
414	/* if (extended_security)	414	if((extended_security & CIFSSEC_MUST_KRB5) == CIFSSEC_MUST_KRB5)
415	pSMB->hdr.Flags2 \|= SMBFLG2_EXT_SEC;*/	415	pSMB->hdr.Flags2 \|= SMBFLG2_EXT_SEC;
416		416
417	count = 0;	417	count = 0;
418	for(i=0;i<CIFS_NUM_PROT;i++) {	418	for(i=0;i<CIFS_NUM_PROT;i++) {
@@ -425,162 +425,171 @@ CIFSSMBNegotiate(unsigned int xid, struct cifsSesInfo *ses)
425		425
426	rc = SendReceive(xid, ses, (struct smb_hdr *) pSMB,	426	rc = SendReceive(xid, ses, (struct smb_hdr *) pSMB,
427	(struct smb_hdr *) pSMBr, &bytes_returned, 0);	427	(struct smb_hdr *) pSMBr, &bytes_returned, 0);
428	if (rc == 0) {	428	if (rc != 0)
429	cFYI(1,("Dialect: %d", pSMBr->DialectIndex));	429	goto neg_err_exit;
430	/* Check wct = 1 error case */	430
431	if((pSMBr->hdr.WordCount < 13)	431	cFYI(1,("Dialect: %d", pSMBr->DialectIndex));
432	\|\| (pSMBr->DialectIndex == BAD_PROT)) {	432	/* Check wct = 1 error case */
433	/* core returns wct = 1, but we do not ask for	433	if((pSMBr->hdr.WordCount < 13) \|\| (pSMBr->DialectIndex == BAD_PROT)) {
434	core - otherwise it just comes when dialect	434	/* core returns wct = 1, but we do not ask for core - otherwise
435	index is -1 indicating we could not negotiate	435	small wct just comes when dialect index is -1 indicating we
436	a common dialect */	436	could not negotiate a common dialect */
		437	rc = -EOPNOTSUPP;
		438	goto neg_err_exit;
		439	#ifdef CONFIG_CIFS_WEAK_PW_HASH
		440	} else if((pSMBr->hdr.WordCount == 13)
		441	&& (pSMBr->DialectIndex == LANMAN_PROT)) {
		442	struct lanman_neg_rsp * rsp = (struct lanman_neg_rsp *)pSMBr;
		443
		444	if((extended_security & CIFSSEC_MAY_LANMAN) \|\|
		445	(extended_security & CIFSSEC_MAY_PLNTXT))
		446	server->secType = LANMAN;
		447	else {
		448	cERROR(1, ("mount failed weak security disabled"
		449	" in /proc/fs/cifs/SecurityFlags"));
437	rc = -EOPNOTSUPP;	450	rc = -EOPNOTSUPP;
438	goto neg_err_exit;	451	goto neg_err_exit;
439	#ifdef CONFIG_CIFS_WEAK_PW_HASH	452	}
440	} else if((pSMBr->hdr.WordCount == 13)	453	server->secMode = (__u8)le16_to_cpu(rsp->SecurityMode);
441	&& (pSMBr->DialectIndex == LANMAN_PROT)) {	454	server->maxReq = le16_to_cpu(rsp->MaxMpxCount);
442	struct lanman_neg_rsp * rsp =	455	server->maxBuf = min((__u32)le16_to_cpu(rsp->MaxBufSize),
443	(struct lanman_neg_rsp *)pSMBr;
444
445	if((extended_security & CIFSSEC_MAY_LANMAN) \|\|
446	(extended_security & CIFSSEC_MAY_PLNTXT))
447	server->secType = LANMAN;
448	else {
449	cERROR(1, ("mount failed weak security disabled"
450	" in /proc/fs/cifs/SecurityFlags"));
451	rc = -EOPNOTSUPP;
452	goto neg_err_exit;
453	}
454	server->secMode = (__u8)le16_to_cpu(rsp->SecurityMode);
455	server->maxReq = le16_to_cpu(rsp->MaxMpxCount);
456	server->maxBuf = min((__u32)le16_to_cpu(rsp->MaxBufSize),
457	(__u32)CIFSMaxBufSize + MAX_CIFS_HDR_SIZE);	456	(__u32)CIFSMaxBufSize + MAX_CIFS_HDR_SIZE);
		457	GETU32(server->sessid) = le32_to_cpu(rsp->SessionKey);
		458	/* even though we do not use raw we might as well set this
		459	accurately, in case we ever find a need for it */
		460	if((le16_to_cpu(rsp->RawMode) & RAW_ENABLE) == RAW_ENABLE) {
		461	server->maxRw = 0xFF00;
		462	server->capabilities = CAP_MPX_MODE \| CAP_RAW_MODE;
		463	} else {
		464	server->maxRw = 0;/* we do not need to use raw anyway */
		465	server->capabilities = CAP_MPX_MODE;
		466	}
		467	server->timeZone = le16_to_cpu(rsp->ServerTimeZone);
458		468
459	/* BB what do we do with raw mode? BB */	469	/* BB get server time for time conversions and add
460	server->timeZone = le16_to_cpu(rsp->ServerTimeZone);	470	code to use it and timezone since this is not UTC */
461	/* Do we have to set signing flags? no signing
462	was available LANMAN - default should be ok */
463
464	/* BB FIXME set default dummy capabilities since
465	they are not returned by the server in this dialect */
466
467	/* get server time for time conversions and add
468	code to use it and timezone since this is not UTC */
469		471
470	if (rsp->EncryptionKeyLength == CIFS_CRYPTO_KEY_SIZE) {	472	if (rsp->EncryptionKeyLength == CIFS_CRYPTO_KEY_SIZE) {
471	memcpy(server->cryptKey, rsp->EncryptionKey,	473	memcpy(server->cryptKey, rsp->EncryptionKey,
472	CIFS_CRYPTO_KEY_SIZE);	474	CIFS_CRYPTO_KEY_SIZE);
473	} else {	475	} else if (server->secMode & SECMODE_PW_ENCRYPT) {
474	rc = -EIO;	476	rc = -EIO; /* need cryptkey unless plain text */
475	goto neg_err_exit;	477	goto neg_err_exit;
476	}	478	}
477		479
478	cFYI(1,("LANMAN negotiated")); /* BB removeme BB */	480	cFYI(1,("LANMAN negotiated"));
		481	/* we will not end up setting signing flags - as no signing
		482	was in LANMAN and server did not return the flags on */
		483	goto signing_check;
479	#else /* weak security disabled */	484	#else /* weak security disabled */
480	} else if(pSMBr->hdr.WordCount == 13) {	485	} else if(pSMBr->hdr.WordCount == 13) {
481	cERROR(1,("mount failed, cifs module not built "	486	cERROR(1,("mount failed, cifs module not built "
482	"with CIFS_WEAK_PW_HASH support"));	487	"with CIFS_WEAK_PW_HASH support"));
483	rc = -EOPNOTSUPP;	488	rc = -EOPNOTSUPP;
484	#endif /* WEAK_PW_HASH */	489	#endif /* WEAK_PW_HASH */
485	goto neg_err_exit;	490	goto neg_err_exit;
486	} else if(pSMBr->hdr.WordCount != 17) {	491	} else if(pSMBr->hdr.WordCount != 17) {
487	/* unknown wct */	492	/* unknown wct */
488	rc = -EOPNOTSUPP;	493	rc = -EOPNOTSUPP;
489	goto neg_err_exit;	494	goto neg_err_exit;
490	}	495	}
491		496	/* else wct == 17 NTLM */
492	server->secMode = pSMBr->SecurityMode;	497	server->secMode = pSMBr->SecurityMode;
493	if((server->secMode & SECMODE_USER) == 0)	498	if((server->secMode & SECMODE_USER) == 0)
494	cFYI(1,("share mode security"));	499	cFYI(1,("share mode security"));
495		500
496	if((server->secMode & SECMODE_PW_ENCRYPT) == 0)	501	if((server->secMode & SECMODE_PW_ENCRYPT) == 0)
497	#ifdef CONFIG_CIFS_WEAK_PW_HASH	502	#ifdef CONFIG_CIFS_WEAK_PW_HASH
498	if ((extended_security & CIFSSEC_MAY_PLNTXT) == 0)	503	if ((extended_security & CIFSSEC_MAY_PLNTXT) == 0)
499	#endif /* CIFS_WEAK_PW_HASH */	504	#endif /* CIFS_WEAK_PW_HASH */
500	cERROR(1,("Server requests plain text password"	505	cERROR(1,("Server requests plain text password"
501	" but client support disabled"));	506	" but client support disabled"));
502		507
503	if(extended_security & CIFSSEC_MUST_NTLMV2)	508	if(extended_security & CIFSSEC_MUST_NTLMV2)
504	server->secType = NTLMv2;	509	server->secType = NTLMv2;
505	else	510	else
506	server->secType = NTLM;	511	server->secType = NTLM;
507	/* else krb5 ... */	512	/* else krb5 ... */
508		513
509	/* one byte - no need to convert this or EncryptionKeyLen	514	/* one byte, so no need to convert this or EncryptionKeyLen from
510	from little endian */	515	little endian */
511	server->maxReq = le16_to_cpu(pSMBr->MaxMpxCount);	516	server->maxReq = le16_to_cpu(pSMBr->MaxMpxCount);
512	/* probably no need to store and check maxvcs */	517	/* probably no need to store and check maxvcs */
513	server->maxBuf =	518	server->maxBuf = min(le32_to_cpu(pSMBr->MaxBufferSize),
514	min(le32_to_cpu(pSMBr->MaxBufferSize),
515	(__u32) CIFSMaxBufSize + MAX_CIFS_HDR_SIZE);	519	(__u32) CIFSMaxBufSize + MAX_CIFS_HDR_SIZE);
516	server->maxRw = le32_to_cpu(pSMBr->MaxRawSize);	520	server->maxRw = le32_to_cpu(pSMBr->MaxRawSize);
517	cFYI(0, ("Max buf = %d", ses->server->maxBuf));	521	cFYI(0, ("Max buf = %d", ses->server->maxBuf));
518	GETU32(ses->server->sessid) = le32_to_cpu(pSMBr->SessionKey);	522	GETU32(ses->server->sessid) = le32_to_cpu(pSMBr->SessionKey);
519	server->capabilities = le32_to_cpu(pSMBr->Capabilities);	523	server->capabilities = le32_to_cpu(pSMBr->Capabilities);
520	server->timeZone = le16_to_cpu(pSMBr->ServerTimeZone);	524	server->timeZone = le16_to_cpu(pSMBr->ServerTimeZone);
521	/* BB with UTC do we ever need to be using srvr timezone? */	525	if (pSMBr->EncryptionKeyLength == CIFS_CRYPTO_KEY_SIZE) {
522	if (pSMBr->EncryptionKeyLength == CIFS_CRYPTO_KEY_SIZE) {	526	memcpy(server->cryptKey, pSMBr->u.EncryptionKey,
523	memcpy(server->cryptKey, pSMBr->u.EncryptionKey,	527	CIFS_CRYPTO_KEY_SIZE);
524	CIFS_CRYPTO_KEY_SIZE);	528	} else if ((pSMBr->hdr.Flags2 & SMBFLG2_EXT_SEC)
525	} else if ((pSMBr->hdr.Flags2 & SMBFLG2_EXT_SEC)	529	&& (pSMBr->EncryptionKeyLength == 0)) {
526	&& (pSMBr->EncryptionKeyLength == 0)) {	530	/* decode security blob */
527	/* decode security blob */	531	} else if (server->secMode & SECMODE_PW_ENCRYPT) {
528	} else	532	rc = -EIO; /* no crypt key only if plain text pwd */
529	rc = -EIO;	533	goto neg_err_exit;
		534	}
530		535
531	/* BB might be helpful to save off the domain of server here */	536	/* BB might be helpful to save off the domain of server here */
532		537
533	if ((pSMBr->hdr.Flags2 & SMBFLG2_EXT_SEC) &&	538	if ((pSMBr->hdr.Flags2 & SMBFLG2_EXT_SEC) &&
534	(server->capabilities & CAP_EXTENDED_SECURITY)) {	539	(server->capabilities & CAP_EXTENDED_SECURITY)) {
535	count = pSMBr->ByteCount;	540	count = pSMBr->ByteCount;
536	if (count < 16)	541	if (count < 16)
537	rc = -EIO;	542	rc = -EIO;
538	else if (count == 16) {	543	else if (count == 16) {
539	server->secType = RawNTLMSSP;	544	server->secType = RawNTLMSSP;
540	if (server->socketUseCount.counter > 1) {	545	if (server->socketUseCount.counter > 1) {
541	if (memcmp	546	if (memcmp(server->server_GUID,
542	(server->server_GUID,	547	pSMBr->u.extended_response.
543	pSMBr->u.extended_response.	548	GUID, 16) != 0) {
544	GUID, 16) != 0) {	549	cFYI(1, ("server UID changed"));
545	cFYI(1, ("server UID changed"));
546	memcpy(server->
547	server_GUID,
548	pSMBr->u.
549	extended_response.
550	GUID, 16);
551	}
552	} else
553	memcpy(server->server_GUID,	550	memcpy(server->server_GUID,
554	pSMBr->u.extended_response.	551	pSMBr->u.extended_response.GUID,
555	GUID, 16);	552	16);
556	} else {
557	rc = decode_negTokenInit(pSMBr->u.
558	extended_response.
559	SecurityBlob,
560	count - 16,
561	&server->secType);
562	if(rc == 1) {
563	/* BB Need to fill struct for sessetup here */
564	rc = -EOPNOTSUPP;
565	} else {
566	rc = -EINVAL;
567	}	553	}
		554	} else
		555	memcpy(server->server_GUID,
		556	pSMBr->u.extended_response.GUID, 16);
		557	} else {
		558	rc = decode_negTokenInit(pSMBr->u.extended_response.
		559	SecurityBlob,
		560	count - 16,
		561	&server->secType);
		562	if(rc == 1) {
		563	/* BB Need to fill struct for sessetup here */
		564	rc = -EOPNOTSUPP;
		565	} else {
		566	rc = -EINVAL;
568	}	567	}
569	} else
570	server->capabilities &= ~CAP_EXTENDED_SECURITY;
571	if(sign_CIFS_PDUs == FALSE) {
572	if(server->secMode & SECMODE_SIGN_REQUIRED)
573	cERROR(1,
574	("Server requires /proc/fs/cifs/PacketSigningEnabled"));
575	server->secMode &= ~(SECMODE_SIGN_ENABLED \| SECMODE_SIGN_REQUIRED);
576	} else if(sign_CIFS_PDUs == 1) {
577	if((server->secMode & SECMODE_SIGN_REQUIRED) == 0)
578	server->secMode &= ~(SECMODE_SIGN_ENABLED \| SECMODE_SIGN_REQUIRED);
579	}	568	}
580		569	} else
		570	server->capabilities &= ~CAP_EXTENDED_SECURITY;
		571
		572	signing_check:
		573	if(sign_CIFS_PDUs == FALSE) {
		574	if(server->secMode & SECMODE_SIGN_REQUIRED)
		575	cERROR(1,("Server requires "
		576	"/proc/fs/cifs/PacketSigningEnabled to be on"));
		577	server->secMode &=
		578	~(SECMODE_SIGN_ENABLED \| SECMODE_SIGN_REQUIRED);
		579	} else if(sign_CIFS_PDUs == 1) {
		580	if((server->secMode & SECMODE_SIGN_REQUIRED) == 0)
		581	server->secMode &=
		582	~(SECMODE_SIGN_ENABLED \| SECMODE_SIGN_REQUIRED);
		583	} else if(sign_CIFS_PDUs == 2) {
		584	if((server->secMode &
		585	(SECMODE_SIGN_ENABLED \| SECMODE_SIGN_REQUIRED)) == 0) {
		586	cERROR(1,("signing required but server lacks support"));
		587	}
581	}	588	}
582	neg_err_exit:	589	neg_err_exit:
583	cifs_buf_release(pSMB);	590	cifs_buf_release(pSMB);
		591
		592	cFYI(1,("negprot rc %d",rc));
584	return rc;	593	return rc;
585	}	594	}
586		595


diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c index a52aacb3feff..76a09f5f804f 100644 --- a/fs/cifs/sess.c +++ b/fs/cifs/sess.c
@@ -323,7 +323,8 @@ CIFS_SessSetup(unsigned int xid, struct cifsSesInfo *ses, int first_time,
323	enum securityEnum type;	323	enum securityEnum type;
324	__u16 action;	324	__u16 action;
325	int bytes_remaining;	325	int bytes_remaining;
326		326
		327	cFYI(1,("new sess setup"));
327	if(ses == NULL)	328	if(ses == NULL)
328	return -EINVAL;	329	return -EINVAL;
329		330