aboutsummaryrefslogtreecommitdiffstats
path: root/fs/cifs
Commit message (Collapse)AuthorAge
* [CIFS] add mode to acl conversion helper functionSteve French2007-11-08
| | | | | Acked-by: Shirish Pargaonkar <shirishp@us.ibm.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
* [CIFS] Fix incorrect mode when ACL had deny access control entriesSteve French2007-11-08
| | | | | | | | | | | | | | | | | | | | When mounted with the cifsacl mount option, we were treating any deny ACEs found like allow ACEs and it turns out for SFU and SUA Windows set these type of access control entries often. The order of ACEs is important too. The canonical order that most ACL tools and Windows explorer consruct ACLs with is to begin with DENY entries then follow with ALLOW, otherwise an allow entry could be encountered first, making the subsequent deny entry like "dead code which would be superflous since Windows stops when a match is made for the operation you are trying to perform for your user We start with no permissions in the mode and build up as we find permissions (ie allow ACEs). This fixes deny ACEs so they affect the mask used to set the subsequent allow ACEs. Acked-by: Shirish Pargaonkar <shirishp@us.ibm.com> CC: Alexander Bokovoy <ab@samba.org> Signed-off-by: Steve French <sfrench@us.ibm.com>
* [CIFS] Add uid to key description so krb can handle user mountsIgor Mammedov2007-11-08
| | | | | | | | | Adds uid to key description fro supporting user mounts and minor formating changes Acked-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Igor Mammedov <niallain@gmail.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
* [CIFS] Fix walking out end of cifs daclSteve French2007-11-05
| | | | | Acked-by: Shirish Pargaonkar <shirishp@us.ibm.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
* [CIFS] Add upcall files for cifs to use spnego/kerberosSteve French2007-11-05
| | | | | Acked-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
* [CIFS] add OIDs for KRB5 and MSKRB5 to ASN1 parsing routinesJeff Layton2007-11-03
| | | | | | | | | | | | | Also, fix the parser to recognize them and set the secType accordingly. Make CIFSSMBNegotiate not error out automatically after parsing the securityBlob. Also thanks to Q (Igor) and Simo for their help on this set of kerberos patches (and Dave Howells for help on the upcall). Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
* [CIFS] Register and unregister cifs_spnego_key_type on module init/exitJeff Layton2007-11-03
| | | | | Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
* [CIFS] implement upcalls for SPNEGO blob via keyctl APIJeff Layton2007-11-03
| | | | | | | | | | | | | | | Add routines to handle upcalls to userspace via keyctl for the purpose of getting a SPNEGO blob for a particular uid and server combination. Clean up the Makefile a bit and set it up to only compile cifs_spnego if CONFIG_CIFS_UPCALL is set. Also change CONFIG_CIFS_UPCALL to depend on CONFIG_KEYS rather than CONFIG_CONNECTOR. cifs_spnego.h defines the communications between kernel and userspace and is intended to be shared with userspace programs. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
* [CIFS] allow cifs_calc_signature2 to deal with a zero length iovecJeff Layton2007-11-03
| | | | | | | | Currently, cifs_calc_signature2 errors out if it gets a zero-length iovec. Fix it to silently continue in that case. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
* [CIFS] If no Access Control Entries, set mode perm bits to zeroSteve French2007-11-01
| | | | | | | Also clean up ACL code Acked-by: Shirish Pargaonkar <shirishp@us.ibm.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
* [CIFS] when mount helper missing fix slash wrong direction in shareSteve French2007-10-31
| | | | | | | | | | | | | | | | | | Kernel bugzilla bug #9228 If mount helper (mount.cifs) missing, mounts with form like //10.11.12.13/c$ would not work (only mounts with slash e.g. //10.11.12.13\\c$ would work) due to problem with slash supposed to be converted to backslash by the mount helper (which is not there). If we fail on converting an IPv4 address in in4_pton then try to canonicalize the first slash (ie between sharename and host ip address) if necessary. If we have to retry to check for IPv6 address the slash is already converted if necessary. Signed-off-by: Steve French <sfrench@us.ibm.com>
* [CIFS] Don't request too much permission when reading an ACLSteve French2007-10-31
| | | | | | | | | We were requesting GENERIC_READ but that fails when we do not have read permission on the file (even if we could read the ACL). Also move the dump access control entry code into debug ifdef. Signed-off-by: Steve French <sfrench@us.ibm.com>
* [CIFS] enable get mode from ACL when cifsacl mount option specifiedShirish Pargaonkar2007-10-30
| | | | | | | | Part 9 of ACL patch series. getting mode from ACL now works in some cases (and requires CIFS_EXPERIMENTAL config option). Signed-off-by: Shirish Pargaonkar <shirishp@us.ibm.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
* [CIFS] ACL support part 8Steve French2007-10-26
| | | | | | | | Now GetACL in getinodeinfo path when cifsacl mount option used, and ACL is parsed for SIDs. Missing only one piece now to be able to retrieve the mode Signed-off-by: Steve French <sfrench@us.ibm.com>
* [CIFS] acl support part 7Steve French2007-10-26
| | | | | | Also fixes typo, build break Signed-off-by: Steve French <sfrench@us.ibm.com>
* [CIFS] acl support part 6Steve French2007-10-25
| | | | | | Acked-by: Shirish Pargaonkar <shirishp@us.ibm.com> CC: Cyrill Gorcunov <gorcunov@gmail.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
* [CIFS] acl support part 6Steve French2007-10-23
| | | | | CC: Shirish Pargaonkar <shirishp@us.ibm.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
* [CIFS] remove unused funtion compile warning when experimental offParag Warudkar2007-10-23
| | | | | | | | | get rid of couple of unused function warnings which show up when CONFIG_CIFS_EXPERIMENTAL is not defined - wrap them in #ifdef CONFIG_CIFS_EXPERIMENTAL. Patch against current git. Signed-off-by: Parag Warudkar <kernel-stuff@comcast.net> Signed-off-by: Steve French <sfrench@us.ibm.com>
* [CIFS] ACL support part 5Steve French2007-10-19
| | | | | Acked-by: Shirish Pargaonkar <shirishp@us.ibm.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
* Merge git://git.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6Linus Torvalds2007-10-19
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * git://git.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6: (51 commits) [CIFS] log better errors on failed mounts [CIFS] Return better error when server requires signing but client forbids [CIFS] fix typo [CIFS] acl support part 4 [CIFS] Fix minor problems noticed by scan [CIFS] fix bad handling of EAGAIN error on kernel_recvmsg in cifs_demultiplex_thread [CIFS] build break [CIFS] endian fixes [CIFS] endian fixes in new acl code [CIFS] Fix some endianness problems in new acl code [CIFS] missing #endif from a previous patch [CIFS] formatting fixes [CIFS] Break up unicode_sessetup string functions [CIFS] parse server_GUID in SPNEGO negProt response [CIFS] [CIFS] Fix endian conversion problem in posix mkdir [CIFS] fix build break when lanman not enabled [CIFS] remove two sparse warnings [CIFS] remove compile warnings when debug disabled [CIFS] CIFS ACL support part 3 ...
| * [CIFS] log better errors on failed mountsSteve French2007-10-18
| | | | | | | | | | | | | | | | Also returns more accurate errors to mount for the cases of account expired and password expired Acked-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
| * [CIFS] Return better error when server requires signing but client forbidsSteve French2007-10-17
| | | | | | | | Signed-off-by: Steve French <sfrench@us.ibm.com>
| * [CIFS] fix typoSteve French2007-10-17
| | | | | | | | Signed-off-by: Steve French <sfrench@us.ibm.com>
| * [CIFS] acl support part 4Steve French2007-10-17
| | | | | | | | Signed-off-by: Steve French <sfrench@us.ibm.com>
| * [CIFS] Fix minor problems noticed by scanSteve French2007-10-17
| | | | | | | | | | | | Coverity scan pointed out some minor possible errors. Signed-off-by: Steve French <sfrench@us.ibm.com>
| * [CIFS] fix bad handling of EAGAIN error on kernel_recvmsg in ↵Steve French2007-10-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | cifs_demultiplex_thread When kernel_recvmsg returns -EAGAIN or -ERESTARTSYS, then cifs_demultiplex_thread sleeps for a bit and then tries the read again. When it does this, it's not zeroing out the length and that throws off the value of total_read. Fix it to zero out the length. Can cause memory corruption: If kernel_recvmsg returns an error and total_read is a large enough value, then we'll end up going through the loop again. total_read will be a bogus value, as will (pdu_length-total_read). When this happens we end up calling kernel_recvmsg with a bogus value (possibly larger than the current iov_len). At that point, memcpy_toiovec can overrun iov. It will start walking up the stack, casting other things that are there to struct iovecs (since it assumes that it's been passed an array of them). Any pointer on the stack at an address above the kvec is a candidate for corruption here. Many thanks to Ulrich Obergfell for pointing this out. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
| * [CIFS] build breakSteve French2007-10-16
| | | | | | | | Signed-off-by: Steve French <sfrench@us.ibm.com>
| * [CIFS] endian fixesSteve French2007-10-16
| | | | | | | | Signed-off-by: Steve French <sfrench@us.ibm.com>
| * [CIFS] endian fixes in new acl codeDave Kleikamp2007-10-16
| | | | | | | | | | Signed-off-by: Dave Kleikamp <shaggy@austin.ibm.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
| * [CIFS] Fix some endianness problems in new acl codeSteve French2007-10-16
| | | | | | | | Signed-off-by: Steve French <sfrench@us.ibm.com>
| * [CIFS] missing #endif from a previous patchSteve French2007-10-16
| | | | | | | | Signed-off-by: Steve French <sfrench@us.ibm.com>
| * [CIFS] formatting fixesCyrill Gorcunov2007-10-16
| | | | | | | | | | Signed-off-by: Cyrill Gorcunov <gorcunov@gmail.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
| * [CIFS] Break up unicode_sessetup string functionsJeff Layton2007-10-16
| | | | | | | | | | | | | | | | SPNEGO setup needs only some of these strings. Break up unicode_ssetup_strings so we can call them individually. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
| * [CIFS] parse server_GUID in SPNEGO negProt responseJeff Layton2007-10-16
| | | | | | | | | | | | | | | | SPNEGO NegProt response also contains a server_GUID. Parse it as we would for RawNTLMSSP. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
| * [CIFS]Jeff Layton2007-10-16
| | | | | | | | | | | | | | | | | | | | | | [CIFS] fix error message about packet signing When packet signing is disabled and the server requires it, cifs prints an error message. The current message refers to a file in /proc that no longer exists. Fix it to refer to the correct file. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
| * [CIFS] Fix endian conversion problem in posix mkdirCyril Gorcunov2007-10-14
| | | | | | | | | | Signed-off-by: Cyrill Gorcunov <gorcunov@gmail.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
| * [CIFS] fix build break when lanman not enabledSteve French2007-10-12
| | | | | | | | | | Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Steve French <sfrench@us.ibm.com>
| * [CIFS] remove two sparse warningsSteve French2007-10-12
| | | | | | | | | | Signed-off-by: Cyrill Gorcunov <gorcunov@gmail.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
| * [CIFS] remove compile warnings when debug disabledSteve French2007-10-12
| | | | | | | | Signed-off-by: Steve French <sfrench@us.ibm.com>
| * [CIFS] CIFS ACL support part 3Steve French2007-10-12
| | | | | | | | | | Signed-off-by: Shirish Pargaonkar <shirishp@us.ibm.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
| * [CIFS] Fix cifsd so shuts down when signing fails during mountSteve French2007-10-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes two problems: 1) we dropped down to negotiating lanman if we did not recognize the mechanism (krb5 e.g.) 2) we did not stop cifsd (thus will fail when doing rmod cifs with slab free errors) when we fail tcon but have a bad session (which is the case in which signing is required but we don't allow signing on the client) It also turns on extended security flag in the header when passing "sec=krb5" on mount command (although kerberos support is not done of course) Acked-by: Jeff Layton <jlayton@redhat.com> CC: Shaggy <shaggy@us.ibm.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
| * [CIFS] Cleanup formattingSteve French2007-10-03
| | | | | | | | Signed-off-by: Steve French <sfrench@us.ibm.com>
| * [CIFS] CIFS ACL support (part 2)Shirish Pargaonkar2007-10-03
| | | | | | | | | | Signed-off-by: Shirish Pargaonkar <shirishp@us.ibm.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
| * [CIFS] remove some redundant argument checksMariusz Kozlowski2007-10-03
| | | | | | | | | | | | | | | | | | This patch does kmalloc + memset conversion to kzalloc and removes some redundant argument checks. Signed-off-by: Mariusz Kozlowski <m.kozlowski@tuxland.pl> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Steve French <sfrench@us.ibm.com>
| * [CIFS] Reduce chance of list corruption in find_writable_fileSteve French2007-10-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When find_writable_file is racing with close and the session to the server goes down, Shaggy noticed that there was a chance that an open file in the list of files off the inode could have been freed by close since cifs_reconnect can block (the spinlock thus not held). This means that we have to start over at the beginning of the list in some cases. There is a 2nd change that needs to be made later (pointed out by Jeremy Allison and Shaggy) in order to prevent cifs_close ever freeing the cifs per file info when a write is pending. Although we delay close from freeing this memory for sufficiently long for all known cases, ultimately on a very, very slow write overlapping a close pending we need to allow close to return (without freeing the cifs file info) and defer freeing the memory to be the responsibility of the (sloooow) write thread (presumably have to look at every place wrtPending is decremented - and add a flag for deferred free for after wrtPending goes to zero). Acked-by: Shaggy <shaggy@us.ibm.com> Acked-by: Shirish Pargaonkar <shirishp@us.ibm.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
| * [CIFS] change misleading field nameSteve French2007-10-01
| | | | | | | | | | | | num_auth is really num_subauth in ACL terminology Signed-off-by: Steve French <sfrench@us.ibm.com>
| * [CIFS] named pipe support (part 2)Steve French2007-09-29
| | | | | | | | | | | | Also fixes typo which could cause build break Signed-off-by: Steve French <sfrench@us.ibm.com>
| * [CIFS] CIFS support for named pipes (part 1)Steve French2007-09-28
| | | | | | | | | | | | | | | | | | | | | | | | This allows cifs to mount to ipc shares (IPC$) which will allow user space applications to layer over authenticated cifs connections (useful for Wine and others that would want to put DCE/RPC over CIFS or run CIFS named pipes) Acked-by: Rob Shearman <rob@codeweavers.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
| * [CIFS] Fix memory leak in statfs to very old serversSteve French2007-09-28
| | | | | | | | | | | | | | We were allocating request buffers twice in the statfs path when mounted to very old (Windows 9x) servers. Signed-off-by: Steve French <sfrench@us.ibm.com>
| * [CIFS] fix cut and paste error - missing defines cause cifsacl build errorSteve French2007-09-25
| | | | | | | | Signed-off-by: Steve French <sfrench@us.ibm.com>