aboutsummaryrefslogtreecommitdiffstats
path: root/fs
diff options
context:
space:
mode:
authorJeff Layton <jlayton@redhat.com>2011-01-07 11:30:28 -0500
committerSteve French <sfrench@us.ibm.com>2011-01-09 18:39:17 -0500
commitb4d6fcf13f417464c13c6fde46e87c495ba6b6ee (patch)
tree594e9823fd986969f1118220eb6581669af411ff /fs
parent1397f2ee4be65542fdc3460c7e8b6317779ea680 (diff)
cifs: move "ntlmssp" and "local_leases" options out of experimental code
I see no real need to leave these sorts of options under an EXPERIMENTAL ifdef. Since you need a mount option to turn this code on, that only blows out the testing matrix. local_leases has been under the EXPERIMENTAL tag for some time, but it's only the mount option that's under this label. Move it out from under this tag. The NTLMSSP code is also under EXPERIMENTAL, but it needs a mount option to turn it on, and in the future any distro will reasonably want this enabled. Go ahead and move it out from under the EXPERIMENTAL tag. Signed-off-by: Jeff Layton <jlayton@redhat.com> Acked-by: Suresh Jayaraman <sjayaraman@suse.de> Signed-off-by: Steve French <sfrench@us.ibm.com>
Diffstat (limited to 'fs')
-rw-r--r--fs/cifs/cifssmb.c5
-rw-r--r--fs/cifs/connect.c4
-rw-r--r--fs/cifs/sess.c114
3 files changed, 55 insertions, 68 deletions
diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c
index 67acfb3acad2..2f6795e524d3 100644
--- a/fs/cifs/cifssmb.c
+++ b/fs/cifs/cifssmb.c
@@ -401,15 +401,12 @@ CIFSSMBNegotiate(unsigned int xid, struct cifsSesInfo *ses)
401 else if ((secFlags & CIFSSEC_AUTH_MASK) == CIFSSEC_MAY_KRB5) { 401 else if ((secFlags & CIFSSEC_AUTH_MASK) == CIFSSEC_MAY_KRB5) {
402 cFYI(1, "Kerberos only mechanism, enable extended security"); 402 cFYI(1, "Kerberos only mechanism, enable extended security");
403 pSMB->hdr.Flags2 |= SMBFLG2_EXT_SEC; 403 pSMB->hdr.Flags2 |= SMBFLG2_EXT_SEC;
404 } 404 } else if ((secFlags & CIFSSEC_MUST_NTLMSSP) == CIFSSEC_MUST_NTLMSSP)
405#ifdef CONFIG_CIFS_EXPERIMENTAL
406 else if ((secFlags & CIFSSEC_MUST_NTLMSSP) == CIFSSEC_MUST_NTLMSSP)
407 pSMB->hdr.Flags2 |= SMBFLG2_EXT_SEC; 405 pSMB->hdr.Flags2 |= SMBFLG2_EXT_SEC;
408 else if ((secFlags & CIFSSEC_AUTH_MASK) == CIFSSEC_MAY_NTLMSSP) { 406 else if ((secFlags & CIFSSEC_AUTH_MASK) == CIFSSEC_MAY_NTLMSSP) {
409 cFYI(1, "NTLMSSP only mechanism, enable extended security"); 407 cFYI(1, "NTLMSSP only mechanism, enable extended security");
410 pSMB->hdr.Flags2 |= SMBFLG2_EXT_SEC; 408 pSMB->hdr.Flags2 |= SMBFLG2_EXT_SEC;
411 } 409 }
412#endif
413 410
414 count = 0; 411 count = 0;
415 for (i = 0; i < CIFS_NUM_PROT; i++) { 412 for (i = 0; i < CIFS_NUM_PROT; i++) {
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
index 5e7a7bcc39a6..a65d311d163a 100644
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -984,13 +984,11 @@ cifs_parse_mount_options(char *options, const char *devname,
984 return 1; 984 return 1;
985 } else if (strnicmp(value, "krb5", 4) == 0) { 985 } else if (strnicmp(value, "krb5", 4) == 0) {
986 vol->secFlg |= CIFSSEC_MAY_KRB5; 986 vol->secFlg |= CIFSSEC_MAY_KRB5;
987#ifdef CONFIG_CIFS_EXPERIMENTAL
988 } else if (strnicmp(value, "ntlmsspi", 8) == 0) { 987 } else if (strnicmp(value, "ntlmsspi", 8) == 0) {
989 vol->secFlg |= CIFSSEC_MAY_NTLMSSP | 988 vol->secFlg |= CIFSSEC_MAY_NTLMSSP |
990 CIFSSEC_MUST_SIGN; 989 CIFSSEC_MUST_SIGN;
991 } else if (strnicmp(value, "ntlmssp", 7) == 0) { 990 } else if (strnicmp(value, "ntlmssp", 7) == 0) {
992 vol->secFlg |= CIFSSEC_MAY_NTLMSSP; 991 vol->secFlg |= CIFSSEC_MAY_NTLMSSP;
993#endif
994 } else if (strnicmp(value, "ntlmv2i", 7) == 0) { 992 } else if (strnicmp(value, "ntlmv2i", 7) == 0) {
995 vol->secFlg |= CIFSSEC_MAY_NTLMV2 | 993 vol->secFlg |= CIFSSEC_MAY_NTLMV2 |
996 CIFSSEC_MUST_SIGN; 994 CIFSSEC_MUST_SIGN;
@@ -1341,10 +1339,8 @@ cifs_parse_mount_options(char *options, const char *devname,
1341 vol->no_psx_acl = 0; 1339 vol->no_psx_acl = 0;
1342 } else if (strnicmp(data, "noacl", 5) == 0) { 1340 } else if (strnicmp(data, "noacl", 5) == 0) {
1343 vol->no_psx_acl = 1; 1341 vol->no_psx_acl = 1;
1344#ifdef CONFIG_CIFS_EXPERIMENTAL
1345 } else if (strnicmp(data, "locallease", 6) == 0) { 1342 } else if (strnicmp(data, "locallease", 6) == 0) {
1346 vol->local_lease = 1; 1343 vol->local_lease = 1;
1347#endif
1348 } else if (strnicmp(data, "sign", 4) == 0) { 1344 } else if (strnicmp(data, "sign", 4) == 0) {
1349 vol->secFlg |= CIFSSEC_MUST_SIGN; 1345 vol->secFlg |= CIFSSEC_MUST_SIGN;
1350 } else if (strnicmp(data, "seal", 4) == 0) { 1346 } else if (strnicmp(data, "seal", 4) == 0) {
diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c
index 54d9f76deff9..eb746486e49e 100644
--- a/fs/cifs/sess.c
+++ b/fs/cifs/sess.c
@@ -420,7 +420,6 @@ static int decode_ntlmssp_challenge(char *bcc_ptr, int blob_len,
420 return 0; 420 return 0;
421} 421}
422 422
423#ifdef CONFIG_CIFS_EXPERIMENTAL
424/* BB Move to ntlmssp.c eventually */ 423/* BB Move to ntlmssp.c eventually */
425 424
426/* We do not malloc the blob, it is passed in pbuffer, because 425/* We do not malloc the blob, it is passed in pbuffer, because
@@ -564,7 +563,6 @@ setup_ntlmv2_ret:
564 *buflen = tmp - pbuffer; 563 *buflen = tmp - pbuffer;
565 return rc; 564 return rc;
566} 565}
567#endif
568 566
569int 567int
570CIFS_SessSetup(unsigned int xid, struct cifsSesInfo *ses, 568CIFS_SessSetup(unsigned int xid, struct cifsSesInfo *ses,
@@ -806,74 +804,70 @@ ssetup_ntlmssp_authenticate:
806 rc = -ENOSYS; 804 rc = -ENOSYS;
807 goto ssetup_exit; 805 goto ssetup_exit;
808#endif /* CONFIG_CIFS_UPCALL */ 806#endif /* CONFIG_CIFS_UPCALL */
809 } else { 807 } else if (type == RawNTLMSSP) {
810#ifdef CONFIG_CIFS_EXPERIMENTAL 808 if ((pSMB->req.hdr.Flags2 & SMBFLG2_UNICODE) == 0) {
811 if (type == RawNTLMSSP) { 809 cERROR(1, "NTLMSSP requires Unicode support");
812 if ((pSMB->req.hdr.Flags2 & SMBFLG2_UNICODE) == 0) { 810 rc = -ENOSYS;
813 cERROR(1, "NTLMSSP requires Unicode support"); 811 goto ssetup_exit;
814 rc = -ENOSYS; 812 }
813
814 cFYI(1, "ntlmssp session setup phase %d", phase);
815 pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC;
816 capabilities |= CAP_EXTENDED_SECURITY;
817 pSMB->req.Capabilities |= cpu_to_le32(capabilities);
818 switch(phase) {
819 case NtLmNegotiate:
820 build_ntlmssp_negotiate_blob(
821 pSMB->req.SecurityBlob, ses);
822 iov[1].iov_len = sizeof(NEGOTIATE_MESSAGE);
823 iov[1].iov_base = pSMB->req.SecurityBlob;
824 pSMB->req.SecurityBlobLength =
825 cpu_to_le16(sizeof(NEGOTIATE_MESSAGE));
826 break;
827 case NtLmAuthenticate:
828 /*
829 * 5 is an empirical value, large enough to hold
830 * authenticate message plus max 10 of av paris,
831 * domain, user, workstation names, flags, etc.
832 */
833 ntlmsspblob = kzalloc(
834 5*sizeof(struct _AUTHENTICATE_MESSAGE),
835 GFP_KERNEL);
836 if (!ntlmsspblob) {
837 cERROR(1, "Can't allocate NTLMSSP blob");
838 rc = -ENOMEM;
815 goto ssetup_exit; 839 goto ssetup_exit;
816 } 840 }
817 841
818 cFYI(1, "ntlmssp session setup phase %d", phase); 842 rc = build_ntlmssp_auth_blob(ntlmsspblob,
819 pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC; 843 &blob_len, ses, nls_cp);
820 capabilities |= CAP_EXTENDED_SECURITY; 844 if (rc)
821 pSMB->req.Capabilities |= cpu_to_le32(capabilities);
822 if (phase == NtLmNegotiate) {
823 build_ntlmssp_negotiate_blob(
824 pSMB->req.SecurityBlob, ses);
825 iov[1].iov_len = sizeof(NEGOTIATE_MESSAGE);
826 iov[1].iov_base = pSMB->req.SecurityBlob;
827 pSMB->req.SecurityBlobLength =
828 cpu_to_le16(sizeof(NEGOTIATE_MESSAGE));
829 } else if (phase == NtLmAuthenticate) {
830 /* 5 is an empirical value, large enought to
831 * hold authenticate message, max 10 of
832 * av paris, doamin,user,workstation mames,
833 * flags etc..
834 */
835 ntlmsspblob = kzalloc(
836 5*sizeof(struct _AUTHENTICATE_MESSAGE),
837 GFP_KERNEL);
838 if (!ntlmsspblob) {
839 cERROR(1, "Can't allocate NTLMSSP");
840 rc = -ENOMEM;
841 goto ssetup_exit;
842 }
843
844 rc = build_ntlmssp_auth_blob(ntlmsspblob,
845 &blob_len, ses, nls_cp);
846 if (rc)
847 goto ssetup_exit;
848 iov[1].iov_len = blob_len;
849 iov[1].iov_base = ntlmsspblob;
850 pSMB->req.SecurityBlobLength =
851 cpu_to_le16(blob_len);
852 /* Make sure that we tell the server that we
853 are using the uid that it just gave us back
854 on the response (challenge) */
855 smb_buf->Uid = ses->Suid;
856 } else {
857 cERROR(1, "invalid phase %d", phase);
858 rc = -ENOSYS;
859 goto ssetup_exit; 845 goto ssetup_exit;
860 } 846 iov[1].iov_len = blob_len;
861 /* unicode strings must be word aligned */ 847 iov[1].iov_base = ntlmsspblob;
862 if ((iov[0].iov_len + iov[1].iov_len) % 2) { 848 pSMB->req.SecurityBlobLength = cpu_to_le16(blob_len);
863 *bcc_ptr = 0; 849 /*
864 bcc_ptr++; 850 * Make sure that we tell the server that we are using
865 } 851 * the uid that it just gave us back on the response
866 unicode_oslm_strings(&bcc_ptr, nls_cp); 852 * (challenge)
867 } else { 853 */
868 cERROR(1, "secType %d not supported!", type); 854 smb_buf->Uid = ses->Suid;
855 break;
856 default:
857 cERROR(1, "invalid phase %d", phase);
869 rc = -ENOSYS; 858 rc = -ENOSYS;
870 goto ssetup_exit; 859 goto ssetup_exit;
871 } 860 }
872#else 861 /* unicode strings must be word aligned */
862 if ((iov[0].iov_len + iov[1].iov_len) % 2) {
863 *bcc_ptr = 0;
864 bcc_ptr++;
865 }
866 unicode_oslm_strings(&bcc_ptr, nls_cp);
867 } else {
873 cERROR(1, "secType %d not supported!", type); 868 cERROR(1, "secType %d not supported!", type);
874 rc = -ENOSYS; 869 rc = -ENOSYS;
875 goto ssetup_exit; 870 goto ssetup_exit;
876#endif
877 } 871 }
878 872
879 iov[2].iov_base = str_area; 873 iov[2].iov_base = str_area;