7 files changed, 30 insertions, 10 deletions

diff --git a/fs/cifs/CHANGES b/fs/cifs/CHANGES
index f9e4ad97a79e..06e521a945c3 100644
--- a/fs/cifs/CHANGES
+++ b/fs/cifs/CHANGES
@@ -9,7 +9,10 @@ files (e.g. "cp -a") to Windows servers.  For mkdir and create honor setgid bit
 on parent directory when server supports Unix Extensions but not POSIX
 create. Update cifs.upcall version to handle new Kerberos sec flags
 (this requires update of cifs.upcall program from Samba).  Fix memory leak
-on dns_upcall (resolving DFS referralls).
+on dns_upcall (resolving DFS referralls).  Fix plain text password
+authentication (requires setting SecurityFlags to 0x30030 to enable
+lanman and plain text though).  Fix writes to be at correct offset when
+file is open with O_APPEND and file is on a directio (forcediretio) mount.
 
 Version 1.53
 ------------
diff --git a/fs/cifs/README b/fs/cifs/README
index 68b5c1169d9d..bd2343d4c6a6 100644
--- a/fs/cifs/README
+++ b/fs/cifs/README
@@ -542,10 +542,20 @@ SecurityFlags		Flags which control security negotiation and
                         hashing mechanisms (as "must use") on the other hand 
                         does not make much sense. Default flags are 
                                 0x07007 
-                        (NTLM, NTLMv2 and packet signing allowed).  Maximum 
+                        (NTLM, NTLMv2 and packet signing allowed).  The maximum 
                         allowable flags if you want to allow mounts to servers
                         using weaker password hashes is 0x37037 (lanman,
-                        plaintext, ntlm, ntlmv2, signing allowed):
+                        plaintext, ntlm, ntlmv2, signing allowed).  Some
+                        SecurityFlags require the corresponding menuconfig
+                        options to be enabled (lanman and plaintext require
+                        CONFIG_CIFS_WEAK_PW_HASH for example).  Enabling
+                        plaintext authentication currently requires also
+                        enabling lanman authentication in the security flags
+                        because the cifs module only supports sending
+                        laintext passwords using the older lanman dialect
+                        form of the session setup SMB.  (e.g. for authentication
+                        using plain text passwords, set the SecurityFlags
+                        to 0x30030):
  
                         may use packet signing                          0x00001
                         must use packet signing                         0x01001
diff --git a/fs/cifs/cifsencrypt.c b/fs/cifs/cifsencrypt.c
index 83fd40dc1ef0..bd5f13d38450 100644
--- a/fs/cifs/cifsencrypt.c
+++ b/fs/cifs/cifsencrypt.c
@@ -294,6 +294,7 @@ void calc_lanman_hash(struct cifsSesInfo *ses, char *lnm_session_key)
 
         if ((ses->server->secMode & SECMODE_PW_ENCRYPT) == 0)
                 if (extended_security & CIFSSEC_MAY_PLNTXT) {
+                        memset(lnm_session_key, 0, CIFS_SESS_KEY_SIZE);
                         memcpy(lnm_session_key, password_with_pad,
                                 CIFS_ENCPWD_SIZE);
                         return;
diff --git a/fs/cifs/file.c b/fs/cifs/file.c
index ff14d14903a0..cbefe1f1f9fe 100644
--- a/fs/cifs/file.c
+++ b/fs/cifs/file.c
@@ -833,6 +833,10 @@ ssize_t cifs_user_write(struct file *file, const char __user *write_data,
                 return -EBADF;
         open_file = (struct cifsFileInfo *) file->private_data;
 
+        rc = generic_write_checks(file, poffset, &write_size, 0);
+        if (rc)
+                return rc;
+
         xid = GetXid();
 
         if (*poffset > file->f_path.dentry->d_inode->i_size)
diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c
index b537fad3bf50..252fdc0567f1 100644
--- a/fs/cifs/sess.c
+++ b/fs/cifs/sess.c
@@ -409,6 +409,8 @@ CIFS_SessSetup(unsigned int xid, struct cifsSesInfo *ses, int first_time,
 #ifdef CONFIG_CIFS_WEAK_PW_HASH
                 char lnm_session_key[CIFS_SESS_KEY_SIZE];
 
+                pSMB->req.hdr.Flags2 &= ~SMBFLG2_UNICODE;
+
                 /* no capabilities flags in old lanman negotiation */
 
                 pSMB->old_req.PasswordLength = cpu_to_le16(CIFS_SESS_KEY_SIZE);
diff --git a/fs/nfsd/nfs4acl.c b/fs/nfsd/nfs4acl.c
index b6ed38380ab8..54b8b4140c8f 100644
--- a/fs/nfsd/nfs4acl.c
+++ b/fs/nfsd/nfs4acl.c
@@ -443,7 +443,7 @@ init_state(struct posix_acl_state *state, int cnt)
          * enough space for either:
          */
         alloc = sizeof(struct posix_ace_state_array)
-                + cnt*sizeof(struct posix_ace_state);
+                + cnt*sizeof(struct posix_user_ace_state);
         state->users = kzalloc(alloc, GFP_KERNEL);
         if (!state->users)
                 return -ENOMEM;
diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c
index 2e51adac65de..e5b51ffafc6c 100644
--- a/fs/nfsd/nfs4proc.c
+++ b/fs/nfsd/nfs4proc.c
@@ -867,11 +867,6 @@ nfsd4_proc_compound(struct svc_rqst *rqstp,
         int             slack_bytes;
         __be32          status;
 
-        status = nfserr_resource;
-        cstate = cstate_alloc();
-        if (cstate == NULL)
-                goto out;
-
         resp->xbuf = &rqstp->rq_res;
         resp->p = rqstp->rq_res.head[0].iov_base + rqstp->rq_res.head[0].iov_len;
         resp->tagp = resp->p;
@@ -890,6 +885,11 @@ nfsd4_proc_compound(struct svc_rqst *rqstp,
         if (args->minorversion > NFSD_SUPPORTED_MINOR_VERSION)
                 goto out;
 
+        status = nfserr_resource;
+        cstate = cstate_alloc();
+        if (cstate == NULL)
+                goto out;
+
         status = nfs_ok;
         while (!status && resp->opcnt < args->opcnt) {
                 op = &args->ops[resp->opcnt++];
@@ -957,9 +957,9 @@ encode_op:
                 nfsd4_increment_op_stats(op->opnum);
         }
 
+        cstate_free(cstate);
 out:
         nfsd4_release_compoundargs(args);
-        cstate_free(cstate);
         dprintk("nfsv4 compound returned %d\n", ntohl(status));
         return status;
 }