| Commit message (Collapse) | Author | Age |
|
|
|
|
| |
Acked-by: Shirish Pargaonkar <shirishp@us.ibm.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When mounted with the cifsacl mount option, we were
treating any deny ACEs found like allow ACEs and it turns out for
SFU and SUA Windows set these type of access control entries often.
The order of ACEs is important too. The canonical order that most
ACL tools and Windows explorer consruct ACLs with is to begin with
DENY entries then follow with ALLOW, otherwise an allow entry
could be encountered first, making the subsequent deny entry like "dead
code which would be superflous since Windows stops when a match is
made for the operation you are trying to perform for your user
We start with no permissions in the mode and build up as we find
permissions (ie allow ACEs). This fixes deny ACEs so they affect
the mask used to set the subsequent allow ACEs.
Acked-by: Shirish Pargaonkar <shirishp@us.ibm.com>
CC: Alexander Bokovoy <ab@samba.org>
Signed-off-by: Steve French <sfrench@us.ibm.com>
|
|
|
|
|
|
|
|
|
| |
Adds uid to key description fro supporting user mounts
and minor formating changes
Acked-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Igor Mammedov <niallain@gmail.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
|
|
|
|
|
| |
Acked-by: Shirish Pargaonkar <shirishp@us.ibm.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
|
|
|
|
|
| |
Acked-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Also, fix the parser to recognize them and set the secType
accordingly. Make CIFSSMBNegotiate not error out automatically
after parsing the securityBlob.
Also thanks to Q (Igor) and Simo for their help on this
set of kerberos patches (and Dave Howells for help on the
upcall).
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
|
|
|
|
|
| |
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add routines to handle upcalls to userspace via keyctl for the purpose
of getting a SPNEGO blob for a particular uid and server combination.
Clean up the Makefile a bit and set it up to only compile cifs_spnego
if CONFIG_CIFS_UPCALL is set. Also change CONFIG_CIFS_UPCALL to depend
on CONFIG_KEYS rather than CONFIG_CONNECTOR.
cifs_spnego.h defines the communications between kernel and userspace
and is intended to be shared with userspace programs.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
|
|
|
|
|
|
|
|
| |
Currently, cifs_calc_signature2 errors out if it gets a zero-length
iovec. Fix it to silently continue in that case.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
|
|
|
|
|
|
|
| |
Also clean up ACL code
Acked-by: Shirish Pargaonkar <shirishp@us.ibm.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Kernel bugzilla bug #9228
If mount helper (mount.cifs) missing, mounts with form like
//10.11.12.13/c$ would not work (only mounts with slash e.g.
//10.11.12.13\\c$ would work) due to problem with slash supposed
to be converted to backslash by the mount helper (which is not
there).
If we fail on converting an IPv4 address in in4_pton then
try to canonicalize the first slash (ie between sharename
and host ip address) if necessary. If we have to retry
to check for IPv6 address the slash is already converted
if necessary.
Signed-off-by: Steve French <sfrench@us.ibm.com>
|
|
|
|
|
|
|
|
|
| |
We were requesting GENERIC_READ but that fails when we do not have
read permission on the file (even if we could read the ACL).
Also move the dump access control entry code into debug ifdef.
Signed-off-by: Steve French <sfrench@us.ibm.com>
|
|
|
|
|
|
|
|
| |
Part 9 of ACL patch series. getting mode from ACL now works in
some cases (and requires CIFS_EXPERIMENTAL config option).
Signed-off-by: Shirish Pargaonkar <shirishp@us.ibm.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
|
|
|
|
|
|
|
|
| |
Now GetACL in getinodeinfo path when cifsacl mount option used, and
ACL is parsed for SIDs. Missing only one piece now to be able
to retrieve the mode
Signed-off-by: Steve French <sfrench@us.ibm.com>
|
|
|
|
|
|
| |
Also fixes typo, build break
Signed-off-by: Steve French <sfrench@us.ibm.com>
|
|
|
|
|
|
| |
Acked-by: Shirish Pargaonkar <shirishp@us.ibm.com>
CC: Cyrill Gorcunov <gorcunov@gmail.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
|
|
|
|
|
| |
CC: Shirish Pargaonkar <shirishp@us.ibm.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
|
|
|
|
|
|
|
|
|
| |
get rid of couple of unused function warnings which
show up when CONFIG_CIFS_EXPERIMENTAL is not defined - wrap them in
#ifdef CONFIG_CIFS_EXPERIMENTAL. Patch against current git.
Signed-off-by: Parag Warudkar <kernel-stuff@comcast.net>
Signed-off-by: Steve French <sfrench@us.ibm.com>
|
|
|
|
|
| |
Acked-by: Shirish Pargaonkar <shirishp@us.ibm.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
|
|\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* git://git.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6: (51 commits)
[CIFS] log better errors on failed mounts
[CIFS] Return better error when server requires signing but client forbids
[CIFS] fix typo
[CIFS] acl support part 4
[CIFS] Fix minor problems noticed by scan
[CIFS] fix bad handling of EAGAIN error on kernel_recvmsg in cifs_demultiplex_thread
[CIFS] build break
[CIFS] endian fixes
[CIFS] endian fixes in new acl code
[CIFS] Fix some endianness problems in new acl code
[CIFS] missing #endif from a previous patch
[CIFS] formatting fixes
[CIFS] Break up unicode_sessetup string functions
[CIFS] parse server_GUID in SPNEGO negProt response
[CIFS]
[CIFS] Fix endian conversion problem in posix mkdir
[CIFS] fix build break when lanman not enabled
[CIFS] remove two sparse warnings
[CIFS] remove compile warnings when debug disabled
[CIFS] CIFS ACL support part 3
...
|
| |
| |
| |
| |
| |
| |
| |
| | |
Also returns more accurate errors to mount for the cases of
account expired and password expired
Acked-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
|
| |
| |
| |
| | |
Signed-off-by: Steve French <sfrench@us.ibm.com>
|
| |
| |
| |
| | |
Signed-off-by: Steve French <sfrench@us.ibm.com>
|
| |
| |
| |
| | |
Signed-off-by: Steve French <sfrench@us.ibm.com>
|
| |
| |
| |
| |
| |
| | |
Coverity scan pointed out some minor possible errors.
Signed-off-by: Steve French <sfrench@us.ibm.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
cifs_demultiplex_thread
When kernel_recvmsg returns -EAGAIN or -ERESTARTSYS, then
cifs_demultiplex_thread sleeps for a bit and then tries the read again.
When it does this, it's not zeroing out the length and that throws off
the value of total_read. Fix it to zero out the length.
Can cause memory corruption:
If kernel_recvmsg returns an error and total_read is a large enough
value, then we'll end up going through the loop again. total_read will
be a bogus value, as will (pdu_length-total_read). When this happens we
end up calling kernel_recvmsg with a bogus value (possibly larger than
the current iov_len).
At that point, memcpy_toiovec can overrun iov. It will start walking
up the stack, casting other things that are there to struct iovecs
(since it assumes that it's been passed an array of them). Any pointer
on the stack at an address above the kvec is a candidate for corruption
here.
Many thanks to Ulrich Obergfell for pointing this out.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
|
| |
| |
| |
| | |
Signed-off-by: Steve French <sfrench@us.ibm.com>
|
| |
| |
| |
| | |
Signed-off-by: Steve French <sfrench@us.ibm.com>
|
| |
| |
| |
| |
| | |
Signed-off-by: Dave Kleikamp <shaggy@austin.ibm.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
|
| |
| |
| |
| | |
Signed-off-by: Steve French <sfrench@us.ibm.com>
|
| |
| |
| |
| | |
Signed-off-by: Steve French <sfrench@us.ibm.com>
|
| |
| |
| |
| |
| | |
Signed-off-by: Cyrill Gorcunov <gorcunov@gmail.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
|
| |
| |
| |
| |
| |
| |
| |
| | |
SPNEGO setup needs only some of these strings. Break up
unicode_ssetup_strings so we can call them individually.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
|
| |
| |
| |
| |
| |
| |
| |
| | |
SPNEGO NegProt response also contains a server_GUID. Parse it as we
would for RawNTLMSSP.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
[CIFS] fix error message about packet signing
When packet signing is disabled and the server requires it, cifs prints
an error message. The current message refers to a file in /proc that no
longer exists. Fix it to refer to the correct file.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
|
| |
| |
| |
| |
| | |
Signed-off-by: Cyrill Gorcunov <gorcunov@gmail.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
|
| |
| |
| |
| |
| | |
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Steve French <sfrench@us.ibm.com>
|
| |
| |
| |
| |
| | |
Signed-off-by: Cyrill Gorcunov <gorcunov@gmail.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
|
| |
| |
| |
| | |
Signed-off-by: Steve French <sfrench@us.ibm.com>
|
| |
| |
| |
| |
| | |
Signed-off-by: Shirish Pargaonkar <shirishp@us.ibm.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fixes two problems:
1) we dropped down to negotiating lanman if we did not recognize the
mechanism (krb5 e.g.)
2) we did not stop cifsd (thus will fail when doing rmod cifs with
slab free errors) when we fail tcon but have a bad session (which is
the case in which signing is required but we don't allow signing on
the client)
It also turns on extended security flag in the header when passing
"sec=krb5" on mount command (although kerberos support is not done of
course)
Acked-by: Jeff Layton <jlayton@redhat.com>
CC: Shaggy <shaggy@us.ibm.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
|
| |
| |
| |
| | |
Signed-off-by: Steve French <sfrench@us.ibm.com>
|
| |
| |
| |
| |
| | |
Signed-off-by: Shirish Pargaonkar <shirishp@us.ibm.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This patch does kmalloc + memset conversion to kzalloc and removes some
redundant argument checks.
Signed-off-by: Mariusz Kozlowski <m.kozlowski@tuxland.pl>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Steve French <sfrench@us.ibm.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When find_writable_file is racing with close and the session
to the server goes down, Shaggy noticed that there was a
chance that an open file in the list of files off the inode
could have been freed by close since cifs_reconnect can
block (the spinlock thus not held). This means that
we have to start over at the beginning of the list in some
cases.
There is a 2nd change that needs to be made later
(pointed out by Jeremy Allison and Shaggy) in order to
prevent cifs_close ever freeing the cifs per file info
when a write is pending. Although we delay close from
freeing this memory for sufficiently long for all known
cases, ultimately on a very, very slow write
overlapping a close pending we need to allow close to return
(without freeing the cifs file info) and defer freeing the
memory to be the responsibility of the (sloooow) write
thread (presumably have to look at every place wrtPending
is decremented - and add a flag for deferred free for
after wrtPending goes to zero).
Acked-by: Shaggy <shaggy@us.ibm.com>
Acked-by: Shirish Pargaonkar <shirishp@us.ibm.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
|
| |
| |
| |
| |
| |
| | |
num_auth is really num_subauth in ACL terminology
Signed-off-by: Steve French <sfrench@us.ibm.com>
|
| |
| |
| |
| |
| |
| | |
Also fixes typo which could cause build break
Signed-off-by: Steve French <sfrench@us.ibm.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This allows cifs to mount to ipc shares (IPC$)
which will allow user space applications to
layer over authenticated cifs connections
(useful for Wine and others that would want
to put DCE/RPC over CIFS or run CIFS named
pipes)
Acked-by: Rob Shearman <rob@codeweavers.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
|
| |
| |
| |
| |
| |
| |
| | |
We were allocating request buffers twice in the statfs
path when mounted to very old (Windows 9x) servers.
Signed-off-by: Steve French <sfrench@us.ibm.com>
|
| |
| |
| |
| | |
Signed-off-by: Steve French <sfrench@us.ibm.com>
|