Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
E
etercifs
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
etersoft
etercifs
Commits
32cb38e6
Commit
32cb38e6
authored
Dec 06, 2015
by
Pavel Shilovsky
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Update 3.19 sources from stable (v3.19.8-ckt10)
parent
4fdfe234
Hide whitespace changes
Inline
Side-by-side
Showing
6 changed files
with
127 additions
and
56 deletions
+127
-56
cifsencrypt.c
sources/3.19/cifsencrypt.c
+51
-2
cifsfs.c
sources/3.19/cifsfs.c
+3
-3
inode.c
sources/3.19/inode.c
+0
-34
ioctl.c
sources/3.19/ioctl.c
+6
-0
smb2ops.c
sources/3.19/smb2ops.c
+6
-2
smb2pdu.c
sources/3.19/smb2pdu.c
+61
-15
No files found.
sources/3.19/cifsencrypt.c
View file @
32cb38e6
...
...
@@ -441,6 +441,48 @@ find_domain_name(struct cifs_ses *ses, const struct nls_table *nls_cp)
return
0
;
}
/* Server has provided av pairs/target info in the type 2 challenge
* packet and we have plucked it and stored within smb session.
* We parse that blob here to find the server given timestamp
* as part of ntlmv2 authentication (or local current time as
* default in case of failure)
*/
static
__le64
find_timestamp
(
struct
cifs_ses
*
ses
)
{
unsigned
int
attrsize
;
unsigned
int
type
;
unsigned
int
onesize
=
sizeof
(
struct
ntlmssp2_name
);
unsigned
char
*
blobptr
;
unsigned
char
*
blobend
;
struct
ntlmssp2_name
*
attrptr
;
if
(
!
ses
->
auth_key
.
len
||
!
ses
->
auth_key
.
response
)
return
0
;
blobptr
=
ses
->
auth_key
.
response
;
blobend
=
blobptr
+
ses
->
auth_key
.
len
;
while
(
blobptr
+
onesize
<
blobend
)
{
attrptr
=
(
struct
ntlmssp2_name
*
)
blobptr
;
type
=
le16_to_cpu
(
attrptr
->
type
);
if
(
type
==
NTLMSSP_AV_EOL
)
break
;
blobptr
+=
2
;
/* advance attr type */
attrsize
=
le16_to_cpu
(
attrptr
->
length
);
blobptr
+=
2
;
/* advance attr size */
if
(
blobptr
+
attrsize
>
blobend
)
break
;
if
(
type
==
NTLMSSP_AV_TIMESTAMP
)
{
if
(
attrsize
==
sizeof
(
u64
))
return
*
((
__le64
*
)
blobptr
);
}
blobptr
+=
attrsize
;
/* advance attr value */
}
return
cpu_to_le64
(
cifs_UnixTimeToNT
(
CURRENT_TIME
));
}
static
int
calc_ntlmv2_hash
(
struct
cifs_ses
*
ses
,
char
*
ntlmv2_hash
,
const
struct
nls_table
*
nls_cp
)
{
...
...
@@ -637,6 +679,7 @@ setup_ntlmv2_rsp(struct cifs_ses *ses, const struct nls_table *nls_cp)
struct
ntlmv2_resp
*
ntlmv2
;
char
ntlmv2_hash
[
16
];
unsigned
char
*
tiblob
=
NULL
;
/* target info blob */
__le64
rsp_timestamp
;
if
(
ses
->
server
->
negflavor
==
CIFS_NEGFLAVOR_EXTENDED
)
{
if
(
!
ses
->
domainName
)
{
...
...
@@ -655,6 +698,12 @@ setup_ntlmv2_rsp(struct cifs_ses *ses, const struct nls_table *nls_cp)
}
}
/* Must be within 5 minutes of the server (or in range +/-2h
* in case of Mac OS X), so simply carry over server timestamp
* (as Windows 7 does)
*/
rsp_timestamp
=
find_timestamp
(
ses
);
baselen
=
CIFS_SESS_KEY_SIZE
+
sizeof
(
struct
ntlmv2_resp
);
tilen
=
ses
->
auth_key
.
len
;
tiblob
=
ses
->
auth_key
.
response
;
...
...
@@ -671,8 +720,8 @@ setup_ntlmv2_rsp(struct cifs_ses *ses, const struct nls_table *nls_cp)
(
ses
->
auth_key
.
response
+
CIFS_SESS_KEY_SIZE
);
ntlmv2
->
blob_signature
=
cpu_to_le32
(
0x00000101
);
ntlmv2
->
reserved
=
0
;
/* Must be within 5 minutes of the server */
ntlmv2
->
time
=
cpu_to_le64
(
cifs_UnixTimeToNT
(
CURRENT_TIME
));
ntlmv2
->
time
=
rsp_timestamp
;
get_random_bytes
(
&
ntlmv2
->
client_chal
,
sizeof
(
ntlmv2
->
client_chal
));
ntlmv2
->
reserved2
=
0
;
...
...
sources/3.19/cifsfs.c
View file @
32cb38e6
...
...
@@ -394,17 +394,17 @@ cifs_show_options(struct seq_file *s, struct dentry *root)
struct
sockaddr
*
srcaddr
;
srcaddr
=
(
struct
sockaddr
*
)
&
tcon
->
ses
->
server
->
srcaddr
;
seq_
printf
(
s
,
",vers=%
s"
,
tcon
->
ses
->
server
->
vals
->
version_string
);
seq_
show_option
(
s
,
"ver
s"
,
tcon
->
ses
->
server
->
vals
->
version_string
);
cifs_show_security
(
s
,
tcon
->
ses
);
cifs_show_cache_flavor
(
s
,
cifs_sb
);
if
(
cifs_sb
->
mnt_cifs_flags
&
CIFS_MOUNT_MULTIUSER
)
seq_puts
(
s
,
",multiuser"
);
else
if
(
tcon
->
ses
->
user_name
)
seq_
printf
(
s
,
",username=%s
"
,
tcon
->
ses
->
user_name
);
seq_
show_option
(
s
,
"username
"
,
tcon
->
ses
->
user_name
);
if
(
tcon
->
ses
->
domainName
)
seq_
printf
(
s
,
",domain=%s
"
,
tcon
->
ses
->
domainName
);
seq_
show_option
(
s
,
"domain
"
,
tcon
->
ses
->
domainName
);
if
(
srcaddr
->
sa_family
!=
AF_UNSPEC
)
{
struct
sockaddr_in
*
saddr4
;
...
...
sources/3.19/inode.c
View file @
32cb38e6
...
...
@@ -2015,7 +2015,6 @@ cifs_set_file_size(struct inode *inode, struct iattr *attrs,
struct
tcon_link
*
tlink
=
NULL
;
struct
cifs_tcon
*
tcon
=
NULL
;
struct
TCP_Server_Info
*
server
;
struct
cifs_io_parms
io_parms
;
/*
* To avoid spurious oplock breaks from server, in the case of
...
...
@@ -2037,18 +2036,6 @@ cifs_set_file_size(struct inode *inode, struct iattr *attrs,
rc
=
-
ENOSYS
;
cifsFileInfo_put
(
open_file
);
cifs_dbg
(
FYI
,
"SetFSize for attrs rc = %d
\n
"
,
rc
);
if
((
rc
==
-
EINVAL
)
||
(
rc
==
-
EOPNOTSUPP
))
{
unsigned
int
bytes_written
;
io_parms
.
netfid
=
open_file
->
fid
.
netfid
;
io_parms
.
pid
=
open_file
->
pid
;
io_parms
.
tcon
=
tcon
;
io_parms
.
offset
=
0
;
io_parms
.
length
=
attrs
->
ia_size
;
rc
=
CIFSSMBWrite
(
xid
,
&
io_parms
,
&
bytes_written
,
NULL
,
NULL
,
1
);
cifs_dbg
(
FYI
,
"Wrt seteof rc %d
\n
"
,
rc
);
}
}
else
rc
=
-
EINVAL
;
...
...
@@ -2074,28 +2061,7 @@ cifs_set_file_size(struct inode *inode, struct iattr *attrs,
else
rc
=
-
ENOSYS
;
cifs_dbg
(
FYI
,
"SetEOF by path (setattrs) rc = %d
\n
"
,
rc
);
if
((
rc
==
-
EINVAL
)
||
(
rc
==
-
EOPNOTSUPP
))
{
__u16
netfid
;
int
oplock
=
0
;
rc
=
SMBLegacyOpen
(
xid
,
tcon
,
full_path
,
FILE_OPEN
,
GENERIC_WRITE
,
CREATE_NOT_DIR
,
&
netfid
,
&
oplock
,
NULL
,
cifs_sb
->
local_nls
,
cifs_remap
(
cifs_sb
));
if
(
rc
==
0
)
{
unsigned
int
bytes_written
;
io_parms
.
netfid
=
netfid
;
io_parms
.
pid
=
current
->
tgid
;
io_parms
.
tcon
=
tcon
;
io_parms
.
offset
=
0
;
io_parms
.
length
=
attrs
->
ia_size
;
rc
=
CIFSSMBWrite
(
xid
,
&
io_parms
,
&
bytes_written
,
NULL
,
NULL
,
1
);
cifs_dbg
(
FYI
,
"wrt seteof rc %d
\n
"
,
rc
);
CIFSSMBClose
(
xid
,
tcon
,
netfid
);
}
}
if
(
tlink
)
cifs_put_tlink
(
tlink
);
...
...
sources/3.19/ioctl.c
View file @
32cb38e6
...
...
@@ -67,6 +67,12 @@ static long cifs_ioctl_clone(unsigned int xid, struct file *dst_file,
goto
out_drop_write
;
}
if
(
src_file
.
file
->
f_op
->
unlocked_ioctl
!=
cifs_ioctl
)
{
rc
=
-
EBADF
;
cifs_dbg
(
VFS
,
"src file seems to be from a different filesystem type
\n
"
);
goto
out_fput
;
}
if
((
!
src_file
.
file
->
private_data
)
||
(
!
dst_file
->
private_data
))
{
rc
=
-
EBADF
;
cifs_dbg
(
VFS
,
"missing cifsFileInfo on copy range src file
\n
"
);
...
...
sources/3.19/smb2ops.c
View file @
32cb38e6
...
...
@@ -50,9 +50,13 @@ change_conf(struct TCP_Server_Info *server)
break
;
default:
server
->
echoes
=
true
;
server
->
oplocks
=
true
;
if
(
enable_oplocks
)
{
server
->
oplocks
=
true
;
server
->
oplock_credits
=
1
;
}
else
server
->
oplocks
=
false
;
server
->
echo_credits
=
1
;
server
->
oplock_credits
=
1
;
}
server
->
credits
-=
server
->
echo_credits
+
server
->
oplock_credits
;
return
0
;
...
...
sources/3.19/smb2pdu.c
View file @
32cb38e6
...
...
@@ -46,6 +46,7 @@
#include "smb2status.h"
#include "smb2glob.h"
#include "cifspdu.h"
#include "cifs_spnego.h"
/*
* The following table defines the expected "StructureSize" of SMB2 requests
...
...
@@ -427,19 +428,15 @@ SMB2_negotiate(const unsigned int xid, struct cifs_ses *ses)
cifs_dbg
(
FYI
,
"missing security blob on negprot
\n
"
);
rc
=
cifs_enable_signing
(
server
,
ses
->
sign
);
#ifdef CONFIG_SMB2_ASN1
/* BB REMOVEME when updated asn1.c ready */
if
(
rc
)
goto
neg_exit
;
if
(
blob_length
)
if
(
blob_length
)
{
rc
=
decode_negTokenInit
(
security_blob
,
blob_length
,
server
);
if
(
rc
==
1
)
rc
=
0
;
else
if
(
rc
==
0
)
{
rc
=
-
EIO
;
goto
neg_exit
;
if
(
rc
==
1
)
rc
=
0
;
else
if
(
rc
==
0
)
rc
=
-
EIO
;
}
#endif
neg_exit:
free_rsp_buf
(
resp_buftype
,
rsp
);
return
rc
;
...
...
@@ -533,7 +530,8 @@ SMB2_sess_setup(const unsigned int xid, struct cifs_ses *ses,
__le32
phase
=
NtLmNegotiate
;
/* NTLMSSP, if needed, is multistage */
struct
TCP_Server_Info
*
server
=
ses
->
server
;
u16
blob_length
=
0
;
char
*
security_blob
;
struct
key
*
spnego_key
=
NULL
;
char
*
security_blob
=
NULL
;
char
*
ntlmssp_blob
=
NULL
;
bool
use_spnego
=
false
;
/* else use raw ntlmssp */
...
...
@@ -561,7 +559,8 @@ SMB2_sess_setup(const unsigned int xid, struct cifs_ses *ses,
ses
->
ntlmssp
->
sesskey_per_smbsess
=
true
;
/* FIXME: allow for other auth types besides NTLMSSP (e.g. krb5) */
ses
->
sectype
=
RawNTLMSSP
;
if
(
ses
->
sectype
!=
Kerberos
&&
ses
->
sectype
!=
RawNTLMSSP
)
ses
->
sectype
=
RawNTLMSSP
;
ssetup_ntlmssp_authenticate:
if
(
phase
==
NtLmChallenge
)
...
...
@@ -590,7 +589,48 @@ ssetup_ntlmssp_authenticate:
iov
[
0
].
iov_base
=
(
char
*
)
req
;
/* 4 for rfc1002 length field and 1 for pad */
iov
[
0
].
iov_len
=
get_rfc1002_length
(
req
)
+
4
-
1
;
if
(
phase
==
NtLmNegotiate
)
{
if
(
ses
->
sectype
==
Kerberos
)
{
#ifdef CONFIG_CIFS_UPCALL
struct
cifs_spnego_msg
*
msg
;
spnego_key
=
cifs_get_spnego_key
(
ses
);
if
(
IS_ERR
(
spnego_key
))
{
rc
=
PTR_ERR
(
spnego_key
);
spnego_key
=
NULL
;
goto
ssetup_exit
;
}
msg
=
spnego_key
->
payload
.
data
;
/*
* check version field to make sure that cifs.upcall is
* sending us a response in an expected form
*/
if
(
msg
->
version
!=
CIFS_SPNEGO_UPCALL_VERSION
)
{
cifs_dbg
(
VFS
,
"bad cifs.upcall version. Expected %d got %d"
,
CIFS_SPNEGO_UPCALL_VERSION
,
msg
->
version
);
rc
=
-
EKEYREJECTED
;
goto
ssetup_exit
;
}
ses
->
auth_key
.
response
=
kmemdup
(
msg
->
data
,
msg
->
sesskey_len
,
GFP_KERNEL
);
if
(
!
ses
->
auth_key
.
response
)
{
cifs_dbg
(
VFS
,
"Kerberos can't allocate (%u bytes) memory"
,
msg
->
sesskey_len
);
rc
=
-
ENOMEM
;
goto
ssetup_exit
;
}
ses
->
auth_key
.
len
=
msg
->
sesskey_len
;
blob_length
=
msg
->
secblob_len
;
iov
[
1
].
iov_base
=
msg
->
data
+
msg
->
sesskey_len
;
iov
[
1
].
iov_len
=
blob_length
;
#else
rc
=
-
EOPNOTSUPP
;
goto
ssetup_exit
;
#endif
/* CONFIG_CIFS_UPCALL */
}
else
if
(
phase
==
NtLmNegotiate
)
{
/* if not krb5 must be ntlmssp */
ntlmssp_blob
=
kmalloc
(
sizeof
(
struct
_NEGOTIATE_MESSAGE
),
GFP_KERNEL
);
if
(
ntlmssp_blob
==
NULL
)
{
...
...
@@ -613,6 +653,8 @@ ssetup_ntlmssp_authenticate:
/* with raw NTLMSSP we don't encapsulate in SPNEGO */
security_blob
=
ntlmssp_blob
;
}
iov
[
1
].
iov_base
=
security_blob
;
iov
[
1
].
iov_len
=
blob_length
;
}
else
if
(
phase
==
NtLmAuthenticate
)
{
req
->
hdr
.
SessionId
=
ses
->
Suid
;
ntlmssp_blob
=
kzalloc
(
sizeof
(
struct
_NEGOTIATE_MESSAGE
)
+
500
,
...
...
@@ -640,6 +682,8 @@ ssetup_ntlmssp_authenticate:
}
else
{
security_blob
=
ntlmssp_blob
;
}
iov
[
1
].
iov_base
=
security_blob
;
iov
[
1
].
iov_len
=
blob_length
;
}
else
{
cifs_dbg
(
VFS
,
"illegal ntlmssp phase
\n
"
);
rc
=
-
EIO
;
...
...
@@ -651,8 +695,6 @@ ssetup_ntlmssp_authenticate:
cpu_to_le16
(
sizeof
(
struct
smb2_sess_setup_req
)
-
1
/* pad */
-
4
/* rfc1001 len */
);
req
->
SecurityBufferLength
=
cpu_to_le16
(
blob_length
);
iov
[
1
].
iov_base
=
security_blob
;
iov
[
1
].
iov_len
=
blob_length
;
inc_rfc1001_len
(
req
,
blob_length
-
1
/* pad */
);
...
...
@@ -663,6 +705,7 @@ ssetup_ntlmssp_authenticate:
kfree
(
security_blob
);
rsp
=
(
struct
smb2_sess_setup_rsp
*
)
iov
[
0
].
iov_base
;
ses
->
Suid
=
rsp
->
hdr
.
SessionId
;
if
(
resp_buftype
!=
CIFS_NO_BUFFER
&&
rsp
->
hdr
.
Status
==
STATUS_MORE_PROCESSING_REQUIRED
)
{
if
(
phase
!=
NtLmNegotiate
)
{
...
...
@@ -680,7 +723,6 @@ ssetup_ntlmssp_authenticate:
/* NTLMSSP Negotiate sent now processing challenge (response) */
phase
=
NtLmChallenge
;
/* process ntlmssp challenge */
rc
=
0
;
/* MORE_PROCESSING is not an error here but expected */
ses
->
Suid
=
rsp
->
hdr
.
SessionId
;
rc
=
decode_ntlmssp_challenge
(
rsp
->
Buffer
,
le16_to_cpu
(
rsp
->
SecurityBufferLength
),
ses
);
}
...
...
@@ -737,6 +779,10 @@ keygen_exit:
kfree
(
ses
->
auth_key
.
response
);
ses
->
auth_key
.
response
=
NULL
;
}
if
(
spnego_key
)
{
key_invalidate
(
spnego_key
);
key_put
(
spnego_key
);
}
kfree
(
ses
->
ntlmssp
);
return
rc
;
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment