diff options
Diffstat (limited to 'fs/cifs')
| -rw-r--r-- | fs/cifs/cifssmb.c | 5 | ||||
| -rw-r--r-- | fs/cifs/connect.c | 4 | ||||
| -rw-r--r-- | fs/cifs/sess.c | 114 |
3 files changed, 55 insertions, 68 deletions
diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c index 67acfb3acad2..2f6795e524d3 100644 --- a/fs/cifs/cifssmb.c +++ b/fs/cifs/cifssmb.c | |||
| @@ -401,15 +401,12 @@ CIFSSMBNegotiate(unsigned int xid, struct cifsSesInfo *ses) | |||
| 401 | else if ((secFlags & CIFSSEC_AUTH_MASK) == CIFSSEC_MAY_KRB5) { | 401 | else if ((secFlags & CIFSSEC_AUTH_MASK) == CIFSSEC_MAY_KRB5) { |
| 402 | cFYI(1, "Kerberos only mechanism, enable extended security"); | 402 | cFYI(1, "Kerberos only mechanism, enable extended security"); |
| 403 | pSMB->hdr.Flags2 |= SMBFLG2_EXT_SEC; | 403 | pSMB->hdr.Flags2 |= SMBFLG2_EXT_SEC; |
| 404 | } | 404 | } else if ((secFlags & CIFSSEC_MUST_NTLMSSP) == CIFSSEC_MUST_NTLMSSP) |
| 405 | #ifdef CONFIG_CIFS_EXPERIMENTAL | ||
| 406 | else if ((secFlags & CIFSSEC_MUST_NTLMSSP) == CIFSSEC_MUST_NTLMSSP) | ||
| 407 | pSMB->hdr.Flags2 |= SMBFLG2_EXT_SEC; | 405 | pSMB->hdr.Flags2 |= SMBFLG2_EXT_SEC; |
| 408 | else if ((secFlags & CIFSSEC_AUTH_MASK) == CIFSSEC_MAY_NTLMSSP) { | 406 | else if ((secFlags & CIFSSEC_AUTH_MASK) == CIFSSEC_MAY_NTLMSSP) { |
| 409 | cFYI(1, "NTLMSSP only mechanism, enable extended security"); | 407 | cFYI(1, "NTLMSSP only mechanism, enable extended security"); |
| 410 | pSMB->hdr.Flags2 |= SMBFLG2_EXT_SEC; | 408 | pSMB->hdr.Flags2 |= SMBFLG2_EXT_SEC; |
| 411 | } | 409 | } |
| 412 | #endif | ||
| 413 | 410 | ||
| 414 | count = 0; | 411 | count = 0; |
| 415 | for (i = 0; i < CIFS_NUM_PROT; i++) { | 412 | for (i = 0; i < CIFS_NUM_PROT; i++) { |
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c index 5e7a7bcc39a6..a65d311d163a 100644 --- a/fs/cifs/connect.c +++ b/fs/cifs/connect.c | |||
| @@ -984,13 +984,11 @@ cifs_parse_mount_options(char *options, const char *devname, | |||
| 984 | return 1; | 984 | return 1; |
| 985 | } else if (strnicmp(value, "krb5", 4) == 0) { | 985 | } else if (strnicmp(value, "krb5", 4) == 0) { |
| 986 | vol->secFlg |= CIFSSEC_MAY_KRB5; | 986 | vol->secFlg |= CIFSSEC_MAY_KRB5; |
| 987 | #ifdef CONFIG_CIFS_EXPERIMENTAL | ||
| 988 | } else if (strnicmp(value, "ntlmsspi", 8) == 0) { | 987 | } else if (strnicmp(value, "ntlmsspi", 8) == 0) { |
| 989 | vol->secFlg |= CIFSSEC_MAY_NTLMSSP | | 988 | vol->secFlg |= CIFSSEC_MAY_NTLMSSP | |
| 990 | CIFSSEC_MUST_SIGN; | 989 | CIFSSEC_MUST_SIGN; |
| 991 | } else if (strnicmp(value, "ntlmssp", 7) == 0) { | 990 | } else if (strnicmp(value, "ntlmssp", 7) == 0) { |
| 992 | vol->secFlg |= CIFSSEC_MAY_NTLMSSP; | 991 | vol->secFlg |= CIFSSEC_MAY_NTLMSSP; |
| 993 | #endif | ||
| 994 | } else if (strnicmp(value, "ntlmv2i", 7) == 0) { | 992 | } else if (strnicmp(value, "ntlmv2i", 7) == 0) { |
| 995 | vol->secFlg |= CIFSSEC_MAY_NTLMV2 | | 993 | vol->secFlg |= CIFSSEC_MAY_NTLMV2 | |
| 996 | CIFSSEC_MUST_SIGN; | 994 | CIFSSEC_MUST_SIGN; |
| @@ -1341,10 +1339,8 @@ cifs_parse_mount_options(char *options, const char *devname, | |||
| 1341 | vol->no_psx_acl = 0; | 1339 | vol->no_psx_acl = 0; |
| 1342 | } else if (strnicmp(data, "noacl", 5) == 0) { | 1340 | } else if (strnicmp(data, "noacl", 5) == 0) { |
| 1343 | vol->no_psx_acl = 1; | 1341 | vol->no_psx_acl = 1; |
| 1344 | #ifdef CONFIG_CIFS_EXPERIMENTAL | ||
| 1345 | } else if (strnicmp(data, "locallease", 6) == 0) { | 1342 | } else if (strnicmp(data, "locallease", 6) == 0) { |
| 1346 | vol->local_lease = 1; | 1343 | vol->local_lease = 1; |
| 1347 | #endif | ||
| 1348 | } else if (strnicmp(data, "sign", 4) == 0) { | 1344 | } else if (strnicmp(data, "sign", 4) == 0) { |
| 1349 | vol->secFlg |= CIFSSEC_MUST_SIGN; | 1345 | vol->secFlg |= CIFSSEC_MUST_SIGN; |
| 1350 | } else if (strnicmp(data, "seal", 4) == 0) { | 1346 | } else if (strnicmp(data, "seal", 4) == 0) { |
diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c index 54d9f76deff9..eb746486e49e 100644 --- a/fs/cifs/sess.c +++ b/fs/cifs/sess.c | |||
| @@ -420,7 +420,6 @@ static int decode_ntlmssp_challenge(char *bcc_ptr, int blob_len, | |||
| 420 | return 0; | 420 | return 0; |
| 421 | } | 421 | } |
| 422 | 422 | ||
| 423 | #ifdef CONFIG_CIFS_EXPERIMENTAL | ||
| 424 | /* BB Move to ntlmssp.c eventually */ | 423 | /* BB Move to ntlmssp.c eventually */ |
| 425 | 424 | ||
| 426 | /* We do not malloc the blob, it is passed in pbuffer, because | 425 | /* We do not malloc the blob, it is passed in pbuffer, because |
| @@ -564,7 +563,6 @@ setup_ntlmv2_ret: | |||
| 564 | *buflen = tmp - pbuffer; | 563 | *buflen = tmp - pbuffer; |
| 565 | return rc; | 564 | return rc; |
| 566 | } | 565 | } |
| 567 | #endif | ||
| 568 | 566 | ||
| 569 | int | 567 | int |
| 570 | CIFS_SessSetup(unsigned int xid, struct cifsSesInfo *ses, | 568 | CIFS_SessSetup(unsigned int xid, struct cifsSesInfo *ses, |
| @@ -806,74 +804,70 @@ ssetup_ntlmssp_authenticate: | |||
| 806 | rc = -ENOSYS; | 804 | rc = -ENOSYS; |
| 807 | goto ssetup_exit; | 805 | goto ssetup_exit; |
| 808 | #endif /* CONFIG_CIFS_UPCALL */ | 806 | #endif /* CONFIG_CIFS_UPCALL */ |
| 809 | } else { | 807 | } else if (type == RawNTLMSSP) { |
| 810 | #ifdef CONFIG_CIFS_EXPERIMENTAL | 808 | if ((pSMB->req.hdr.Flags2 & SMBFLG2_UNICODE) == 0) { |
| 811 | if (type == RawNTLMSSP) { | 809 | cERROR(1, "NTLMSSP requires Unicode support"); |
| 812 | if ((pSMB->req.hdr.Flags2 & SMBFLG2_UNICODE) == 0) { | 810 | rc = -ENOSYS; |
| 813 | cERROR(1, "NTLMSSP requires Unicode support"); | 811 | goto ssetup_exit; |
| 814 | rc = -ENOSYS; | 812 | } |
| 813 | |||
| 814 | cFYI(1, "ntlmssp session setup phase %d", phase); | ||
| 815 | pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC; | ||
| 816 | capabilities |= CAP_EXTENDED_SECURITY; | ||
| 817 | pSMB->req.Capabilities |= cpu_to_le32(capabilities); | ||
| 818 | switch(phase) { | ||
| 819 | case NtLmNegotiate: | ||
| 820 | build_ntlmssp_negotiate_blob( | ||
| 821 | pSMB->req.SecurityBlob, ses); | ||
| 822 | iov[1].iov_len = sizeof(NEGOTIATE_MESSAGE); | ||
| 823 | iov[1].iov_base = pSMB->req.SecurityBlob; | ||
| 824 | pSMB->req.SecurityBlobLength = | ||
| 825 | cpu_to_le16(sizeof(NEGOTIATE_MESSAGE)); | ||
| 826 | break; | ||
| 827 | case NtLmAuthenticate: | ||
| 828 | /* | ||
| 829 | * 5 is an empirical value, large enough to hold | ||
| 830 | * authenticate message plus max 10 of av paris, | ||
| 831 | * domain, user, workstation names, flags, etc. | ||
| 832 | */ | ||
| 833 | ntlmsspblob = kzalloc( | ||
| 834 | 5*sizeof(struct _AUTHENTICATE_MESSAGE), | ||
| 835 | GFP_KERNEL); | ||
| 836 | if (!ntlmsspblob) { | ||
| 837 | cERROR(1, "Can't allocate NTLMSSP blob"); | ||
| 838 | rc = -ENOMEM; | ||
| 815 | goto ssetup_exit; | 839 | goto ssetup_exit; |
| 816 | } | 840 | } |
| 817 | 841 | ||
| 818 | cFYI(1, "ntlmssp session setup phase %d", phase); | 842 | rc = build_ntlmssp_auth_blob(ntlmsspblob, |
| 819 | pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC; | 843 | &blob_len, ses, nls_cp); |
| 820 | capabilities |= CAP_EXTENDED_SECURITY; | 844 | if (rc) |
| 821 | pSMB->req.Capabilities |= cpu_to_le32(capabilities); | ||
| 822 | if (phase == NtLmNegotiate) { | ||
| 823 | build_ntlmssp_negotiate_blob( | ||
| 824 | pSMB->req.SecurityBlob, ses); | ||
| 825 | iov[1].iov_len = sizeof(NEGOTIATE_MESSAGE); | ||
| 826 | iov[1].iov_base = pSMB->req.SecurityBlob; | ||
| 827 | pSMB->req.SecurityBlobLength = | ||
| 828 | cpu_to_le16(sizeof(NEGOTIATE_MESSAGE)); | ||
| 829 | } else if (phase == NtLmAuthenticate) { | ||
| 830 | /* 5 is an empirical value, large enought to | ||
| 831 | * hold authenticate message, max 10 of | ||
| 832 | * av paris, doamin,user,workstation mames, | ||
| 833 | * flags etc.. | ||
| 834 | */ | ||
| 835 | ntlmsspblob = kzalloc( | ||
| 836 | 5*sizeof(struct _AUTHENTICATE_MESSAGE), | ||
| 837 | GFP_KERNEL); | ||
| 838 | if (!ntlmsspblob) { | ||
| 839 | cERROR(1, "Can't allocate NTLMSSP"); | ||
| 840 | rc = -ENOMEM; | ||
| 841 | goto ssetup_exit; | ||
| 842 | } | ||
| 843 | |||
| 844 | rc = build_ntlmssp_auth_blob(ntlmsspblob, | ||
| 845 | &blob_len, ses, nls_cp); | ||
| 846 | if (rc) | ||
| 847 | goto ssetup_exit; | ||
| 848 | iov[1].iov_len = blob_len; | ||
| 849 | iov[1].iov_base = ntlmsspblob; | ||
| 850 | pSMB->req.SecurityBlobLength = | ||
| 851 | cpu_to_le16(blob_len); | ||
| 852 | /* Make sure that we tell the server that we | ||
| 853 | are using the uid that it just gave us back | ||
| 854 | on the response (challenge) */ | ||
| 855 | smb_buf->Uid = ses->Suid; | ||
| 856 | } else { | ||
| 857 | cERROR(1, "invalid phase %d", phase); | ||
| 858 | rc = -ENOSYS; | ||
| 859 | goto ssetup_exit; | 845 | goto ssetup_exit; |
| 860 | } | 846 | iov[1].iov_len = blob_len; |
| 861 | /* unicode strings must be word aligned */ | 847 | iov[1].iov_base = ntlmsspblob; |
| 862 | if ((iov[0].iov_len + iov[1].iov_len) % 2) { | 848 | pSMB->req.SecurityBlobLength = cpu_to_le16(blob_len); |
| 863 | *bcc_ptr = 0; | 849 | /* |
| 864 | bcc_ptr++; | 850 | * Make sure that we tell the server that we are using |
| 865 | } | 851 | * the uid that it just gave us back on the response |
| 866 | unicode_oslm_strings(&bcc_ptr, nls_cp); | 852 | * (challenge) |
| 867 | } else { | 853 | */ |
| 868 | cERROR(1, "secType %d not supported!", type); | 854 | smb_buf->Uid = ses->Suid; |
| 855 | break; | ||
| 856 | default: | ||
| 857 | cERROR(1, "invalid phase %d", phase); | ||
| 869 | rc = -ENOSYS; | 858 | rc = -ENOSYS; |
| 870 | goto ssetup_exit; | 859 | goto ssetup_exit; |
| 871 | } | 860 | } |
| 872 | #else | 861 | /* unicode strings must be word aligned */ |
| 862 | if ((iov[0].iov_len + iov[1].iov_len) % 2) { | ||
| 863 | *bcc_ptr = 0; | ||
| 864 | bcc_ptr++; | ||
| 865 | } | ||
| 866 | unicode_oslm_strings(&bcc_ptr, nls_cp); | ||
| 867 | } else { | ||
| 873 | cERROR(1, "secType %d not supported!", type); | 868 | cERROR(1, "secType %d not supported!", type); |
| 874 | rc = -ENOSYS; | 869 | rc = -ENOSYS; |
| 875 | goto ssetup_exit; | 870 | goto ssetup_exit; |
| 876 | #endif | ||
| 877 | } | 871 | } |
| 878 | 872 | ||
| 879 | iov[2].iov_base = str_area; | 873 | iov[2].iov_base = str_area; |