Commit Graph

98 Commits

Author SHA1 Message Date
Steve French 301a6a3177 [CIFS] Maximum username length check in session setup does not match
Fix length check reported by D. Binderman (see below)

d binderman <dcb314@hotmail.com> wrote:
>
> I just ran the sourceforge tool cppcheck over the source code of the
> new Linux kernel 2.6.33-rc6
>
> It said
>
> [./cifs/sess.c:250]: (error) Buffer access out-of-bounds

May turn out to be harmless, but best to be safe. Note max
username length is defined to 32 due to Linux (Windows
maximum is 20).

Signed-off-by: Steve French <sfrench@us.ibm.com>
2010-02-06 07:08:53 +00:00
Steve French f46c7234e4 [CIFS] cleanup asn handling for ntlmssp
Also removes obsolete distinction between rawntlmssp and ntlmssp (in asn/SPNEGO)
since as jra noted we can always send raw ntlmssp in session setup now.

remove check for experimental runtime flag (/proc/fs/cifs/Experimental) in
ntlmssp path.

Reviewed-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
2009-06-25 03:07:48 +00:00
Steve French 844823cb82 [CIFS] Fix SMB uid in NTLMSSP authenticate request
We were not setting the SMB uid in NTLMSSP authenticate
request which could lead to INVALID_PARAMETER error
on 2nd session setup.

Signed-off-by: Steve French <sfrench@us.ibm.com>
2009-05-06 00:48:30 +00:00
Steve French 0b3cc85800 [CIFS] NTLMSSP reenabled after move from connect.c to sess.c
The NTLMSSP code was removed from fs/cifs/connect.c and merged
(75% smaller, cleaner) into fs/cifs/sess.c

As with the old code it requires that cifs be built with
CONFIG_CIFS_EXPERIMENTAL, the /proc/fs/cifs/Experimental flag
must be set to 2, and mount must turn on extended security
(e.g. with sec=krb5).

Although NTLMSSP encapsulated in SPNEGO is not enabled yet,
"raw" ntlmssp is common and useful in some cases since it
offers more complete security negotiation, and is the
default way of negotiating security for many Windows systems.
SPNEGO encapsulated NTLMSSP will be able to reuse the same
code.

Signed-off-by: Steve French <sfrench@us.ibm.com>
2009-05-04 08:37:12 +00:00
Steve French 051a2a0d32 [CIFS] Fix endian conversion of vcnum field
When multiply mounting from the same client to the same server, with
different userids, we create a vcnum which should be unique if
possible (this is not the same as the smb uid, which is the handle
to the security context).  We were not endian converting additional
(beyond the first which is zero) vcnum properly.

CC: Stable <stable@kernel.org>
Acked-by: Shirish Pargaonkar <shirishp@us.ibm.com>
Acked-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
2009-05-01 16:25:15 +00:00
Steve French d185cda771 [CIFS] rename cifs_strndup to cifs_strndup_from_ucs
In most cases, cifs_strndup is converting from Unicode (UCS2 / UTF-32) to
the configured local code page for the Linux mount (usually UTF8), so
Jeff suggested that to make it more clear that cifs_strndup is doing
a conversion not just memory allocation and copy, rename the function
to including "from_ucs" (ie Unicode)

Signed-off-by: Steve French <sfrench@us.ibm.com>
2009-04-30 17:45:10 +00:00
Jeff Layton 59140797c5 cifs: fix session setup unicode string saving to use new unicode helpers
...and change decode_unicode_ssetup to be a void function. It never
returns an actual error anyway.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Acked-by: Suresh Jayaraman <sjayaraman@suse.de>
Signed-off-by: Steve French <sfrench@us.ibm.com>
2009-04-30 15:45:00 +00:00
Jeff Layton 313fecfa69 cifs: add cFYI messages with some of the saved strings from ssetup/tcon
...to make it easier to find problems in this area in the future.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
2009-04-17 01:26:50 +00:00
Jeff Layton 27b87fe52b cifs: fix unicode string area word alignment in session setup
The handling of unicode string area alignment is wrong.
decode_unicode_ssetup improperly assumes that it will always be preceded
by a pad byte. This isn't the case if the string area is already
word-aligned.

This problem, combined with the bad buffer sizing for the serverDomain
string can cause memory corruption. The bad alignment can make it so
that the alignment of the characters is off. This can make them
translate to characters that are greater than 2 bytes each. If this
happens we can overflow the allocation.

Fix this by fixing the alignment in CIFS_SessSetup instead so we can
verify it against the head of the response. Also, clean up the
workaround for improperly terminated strings by checking for a
odd-length unicode buffers and then forcibly terminating them.

Finally, resize the buffer for serverDomain. Now that we've fixed
the alignment, it's probably fine, but a malicious server could
overflow it.

A better solution for handling these strings is still needed, but
this should be a suitable bandaid.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
CC: Stable <stable@vger.kernel.org>
Signed-off-by: Steve French <sfrench@us.ibm.com>
2009-04-17 01:26:50 +00:00
Steve French eca6acf915 [CIFS] Fix multiuser mounts so server does not invalidate earlier security contexts
When two different users mount the same Windows 2003 Server share using CIFS,
the first session mounted can be invalidated.  Some servers invalidate the first
smb session when a second similar user (e.g. two users who get mapped by server to "guest")
authenticates an smb session from the same client.

By making sure that we set the 2nd and subsequent vc numbers to nonzero values,
this ensures that we will not have this problem.

Fixes Samba bug 6004, problem description follows:
How to reproduce:

- configure an "open share" (full permissions to Guest user) on Windows 2003
Server (I couldn't reproduce the problem with Samba server or Windows older
than 2003)
- mount the share twice with different users who will be authenticated as guest.

 noacl,noperm,user=john,dir_mode=0700,domain=DOMAIN,rw
 noacl,noperm,user=jeff,dir_mode=0700,domain=DOMAIN,rw

Result:

- just the mount point mounted last is accessible:

Signed-off-by: Steve French <sfrench@us.ibm.com>
2009-02-21 03:37:10 +00:00
Steve French 69765529d7 [CIFS] Fix oops in cifs_strfromUCS_le mounting to servers which do not specify their OS
Fixes kernel bug #10451 http://bugzilla.kernel.org/show_bug.cgi?id=10451

Certain NAS appliances do not set the operating system or network operating system
fields in the session setup response on the wire.  cifs was oopsing on the unexpected
zero length response fields (when trying to null terminate a zero length field).

This fixes the oops.

Acked-by: Jeff Layton <jlayton@redhat.com>
CC: stable <stable@kernel.org>
Signed-off-by: Steve French <sfrench@us.ibm.com>
2009-02-21 03:37:09 +00:00
Jeff Layton 4e53a3fb98 cifs: have calc_lanman_hash take more granular args
cifs: have calc_lanman_hash take more granular args

We need to use this routine to encrypt passwords associated with the
tcon too. Don't assume that the password will be attached to the
smb_session.

Also, make some of the values in the lower encryption functions
const since they aren't changed.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
2008-12-26 02:29:11 +00:00
Jeff Layton dfd15c46a6 cifs: explicitly revoke SPNEGO key after session setup
cifs: explicitly revoke SPNEGO key after session setup

The SPNEGO blob returned by an upcall can only be used once. Explicitly
revoke it to make sure that we never pick it up again after session
setup exits.

This doesn't seem to be that big an issue on more recent kernels, but
older kernels seem to link keys into the session keyring by default.
That said, explicitly revoking the key seems like a reasonable thing
to do here.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
2008-09-24 20:59:37 +00:00
Steve French c76da9da1f [CIFS] Turn off Unicode during session establishment for plaintext authentication
LANMAN session setup did not support Unicode (after session setup, unicode can
still be used though).

Fixes samba bug# 5319

CC: Jeff Layton <jlayton@redhat.com>
CC: Stable Kernel <stable@vger.kernel.org>
Signed-off-by: Steve French <sfrench@us.ibm.com>
2008-08-28 15:32:22 +00:00
Steve French 6ce5eecb9c [CIFS] check version in spnego upcall response
Currently, we don't check the version in the SPNEGO upcall response
even though one is provided. Jeff and Q have made the corresponding
change to the Samba client (cifs.upcall).

Acked-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
2008-08-26 00:37:14 +00:00
Steve French c16fefa563 [CIFS] distinguish between Kerberos and MSKerberos in upcall
Properly handle MSKRB5 by passing sec=mskrb5 to the upcall so that the
spengo blob can be generated appropriately. Also, make
decode_negTokenInit prefer whichever mechanism is first in the list.

Needed for some NetApp servers, and possibly some older
versions of Windows which treat the two KRB5 mechanisms differently.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
2008-08-19 19:35:33 +00:00
Steve French 90c81e0b0e [CIFS] clean up some hard to read ifdefs
Christoph had noticed too many ifdefs in the CIFS code making it
hard to read.  This patch removes about a quarter of them from
the C files in cifs by improving a few key ifdefs in the .h files.

Signed-off-by: Steve French <sfrench@us.ibm.com>
2008-02-12 20:32:36 +00:00
Jeff Layton 28c5a02a11 [CIFS] fix unicode string alignment in SPNEGO setup
Unicode strings need to be word aligned, but the code that handles that
is currently not taking the length of the SPNEGO blob into account. Fix
it to do so.

Signed-off-by: Jeff Layton <jlayton@tupile.poochiereds.net>
Signed-off-by: Steve French <sfrench@us.ibm.com>
2007-12-31 04:56:21 +00:00
Jeff Layton 1a67570c76 [CIFS] use krb5 session key from first SMB session after a NegProt
Currently, any new kerberos SMB session overwrites the server's session
key. The session key should only be set by the first SMB session set up
on the socket.

Signed-off-by: Jeff Layton <jlayton@tupile.poochiereds.net>
Signed-off-by: Steve French <sfrench@us.ibm.com>
2007-12-31 04:03:02 +00:00
Steve French 2442421b17 [CIFS] Have CIFS_SessSetup build correct SPNEGO SessionSetup request
Have CIFS_SessSetup call cifs_get_spnego_key when Kerberos is
negotiated. Use the info in the key payload to build a session
setup request packet. Also clean up how the request buffer in
the function is freed on error.

With appropriate user space helper (in samba/source/client). Kerberos
support (secure session establishment can be done now via Kerberos,
previously users would have to use NTLMv2 instead for more secure
session setup).

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
2007-11-16 23:37:35 +00:00
Steve French 133672efbc [CIFS] Fix buffer overflow if server sends corrupt response to small
request

In SendReceive() function in transport.c - it memcpy's
message payload into a buffer passed via out_buf param. The function
assumes that all buffers are of size (CIFSMaxBufSize +
MAX_CIFS_HDR_SIZE) , unfortunately it is also called with smaller
(MAX_CIFS_SMALL_BUFFER_SIZE) buffers.  There are eight callers
(SMB worker functions) which are primarily affected by this change:

TreeDisconnect, uLogoff, Close, findClose, SetFileSize, SetFileTimes,
Lock and PosixLock

CC: Dave Kleikamp <shaggy@austin.ibm.com>
CC: Przemyslaw Wegrzyn <czajnik@czajsoft.pl>
Acked-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
2007-11-13 22:41:37 +00:00
Steve French a761ac579b [CIFS] log better errors on failed mounts
Also returns more accurate errors to mount for the cases of
account expired and password expired

Acked-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
2007-10-18 21:45:27 +00:00
Jeff Layton 0d3a01fada [CIFS] Break up unicode_sessetup string functions
SPNEGO setup needs only some of these strings. Break up
unicode_ssetup_strings so we can call them individually.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
2007-10-16 17:32:19 +00:00
Steve French 26f57364d7 [CIFS] formatting cleanup found by checkpatch
Signed-off-by: Steve French <sfrench@us.ibm.com>
2007-08-30 22:09:15 +00:00
Cyrill Gorcunov 5e6e623275 [CIFS] Check return code on failed alloc
Signed-off-by: Cyrill Gorcunov <gorcunov@gmail.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
2007-08-18 00:15:20 +00:00
Steve French 63135e088a [CIFS] More whitespace/formatting fixes (noticed by checkpatch)
Signed-off-by: Steve French <sfrench@us.ibm.com>
2007-07-17 17:34:02 +00:00
Steve French 50c2f75388 [CIFS] whitespace/formatting fixes
This should be the last big batch of whitespace/formatting fixes.
checkpatch warnings for the cifs directory are down about 90% and
many of the remaining ones are harder to remove or make the code
harder to read.

Signed-off-by: Steve French <sfrench@us.ibm.com>
2007-07-13 00:33:32 +00:00
Steve French b609f06ac4 [CIFS] Fix packet signatures for NTLMv2 case
Signed-off-by: Yehuda Sadeh Weinraub <Yehuda.Sadeh@expand.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
2007-07-09 07:55:14 +00:00
Steve French 3870253efb [CIFS] more whitespace fixes
Signed-off-by: Steve French <sfrench@us.ibm.com>
2007-07-08 15:40:40 +00:00
Steve French 790fe579f5 [CIFS] more whitespace cleanup
Signed-off-by: Steve French <sfrench@us.ibm.com>
2007-07-07 19:25:05 +00:00
Steve French 8e6f195af0 [CIFS] Fix oops when Windows server sent bad domain name null terminator
Fixes RedHat bug 211672

Windows sends one byte (instead of two) of null to terminate final Unicode
string (domain name) in session setup response in some cases - this caused
cifs to misalign some informational strings (making it hard to convert
from UCS16 to UTF8).

Thanks to Shaggy for his help and Akemi Yagi for debugging/testing

Signed-off-by: Shirish Pargaonkar <shirishp@us.ibm.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
2007-01-22 01:19:30 +00:00
Steve French 6e659c6399 [CIFS] Fix mount failure when domain not specified
Fixes Samba bugzilla #4176

    When users do not specify their domain on mount, 2.6.18 started sending
    default domain instead of a null domain (which was the only way on some
    servers to use a default domain).  Users of 2.6.18 who did not specify
    their domain name on mounts to certain common Windows servers that were
    members of a domain, but not the domain controller, would get mount
    failures which they did not get in 2.6.18

    This fixes that issue and should remove complaints about mount
    behavior changing.

Signed-off-by: Steve French <sfrench@us.ibm.com>
2006-11-08 23:10:46 +00:00
Linus Torvalds 12e36b2f41 Merge git://git.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6
* git://git.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6: (27 commits)
  [CIFS] Missing flags2 for DFS
  [CIFS] Workaround incomplete byte length returned by some
  [CIFS] cifs Kconfig: don't select CONNECTOR
  [CIFS] Level 1 QPathInfo needed for proper OS2 support
  [CIFS] fix typo in previous patch
  [CIFS] Fix old DOS time conversion to handle timezone
  [CIFS] Do not need to adjust for Jan/Feb for leap day
  [CIFS] Fix leaps year calculation for years after 2100
  [CIFS] readdir (ffirst) enablement of accurate timestamps from legacy servers
  [CIFS] Fix compiler warning with previous patch
  [CIFS] Fix typo
  [CIFS] Allow for 15 minute TZs (e.g. Nepal) and be more explicit about
  [CIFS] Fix readdir of large directories for backlevel servers
  [CIFS] Allow LANMAN21 support even in both POSIX non-POSIX path
  [CIFS] Make use of newer QFSInfo dependent on capability bit instead of
  [CIFS] Do not send newer QFSInfo to legacy servers which can not support it
  [CIFS] Fix typo in name of new cifs_show_stats
  [CIFS] Rename server time zone field
  [CIFS] Handle legacy servers which return undefined time zone
  [CIFS] CIFS support for /proc/<pid>/mountstats part 1
  ...

Manual conflict resolution in fs/cifs/connect.c
2006-10-13 08:09:29 -07:00
Serge E. Hallyn 96b644bdec [PATCH] namespaces: utsname: use init_utsname when appropriate
In some places, particularly drivers and __init code, the init utsns is the
appropriate one to use.  This patch replaces those with a the init_utsname
helper.

Changes: Removed several uses of init_utsname().  Hope I picked all the
	right ones in net/ipv4/ipconfig.c.  These are now changed to
	utsname() (the per-process namespace utsname) in the previous
	patch (2/7)

[akpm@osdl.org: CIFS fix]
Signed-off-by: Serge E. Hallyn <serue@us.ibm.com>
Cc: Kirill Korotaev <dev@openvz.org>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Herbert Poetzl <herbert@13thfloor.at>
Cc: Andrey Savochkin <saw@sw.ru>
Cc: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-10-02 07:57:21 -07:00
Steve French 9ac00b7d96 [CIFS] Do not send newer QFSInfo to legacy servers which can not support it
Fix dialect negotiation to save off when we have negotiated lanman.
This allows us to avoid sending some somewhat newer requests that the server
can not handle and go directly to the older version (infolevel) of the same
call. Make sure we try to negotiate a level which allows us to get the
server OS (which we check so we can detect Win9x vs. other legacy servers
and eventually work around the Win9x DOS time bug (they reverse date/time
fields).

Signed-off-by: Steve French <sfrench@us.ibm.com>
2006-09-30 04:13:17 +00:00
Steve French 5ddaa683a5 [CIFS] endian errors in lanman protocol support
le16 compared to host-endian constant
	u8 fed to le32_to_cpu()
	le16 compared to host-endian constant

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Steve French <sfrench@us.ibm.com>
2006-08-15 13:35:48 +00:00
Steve French f40c562855 [CIFS] Fix authentication choice so we do not force NTLMv2 unless the
user specifies it is required or turns of ntlm

Signed-off-by: Steve French <sfrench@us.ibm.com>
2006-06-28 00:13:38 +00:00
Steve French 0223cf0b10 [CIFS] Fix alignment of unicode strings in previous patch
Signed-off-by: Steve French <sfrench@us.ibm.com>
2006-06-27 19:50:57 +00:00
Steve French 750d1151a6 [CIFS] Fix allocation of buffers for new session setup routine to allow
longer user and domain names and allow passing sec options on mount

Signed-off-by: Steve French <sfrench@us.ibm.com>
2006-06-27 06:28:30 +00:00
Steve French 189acaaef8 [CIFS] Enable sec flags on mount for cifs (part one)
Signed-off-by: Steve French <sfrench@us.ibm.com>
2006-06-23 02:33:48 +00:00
Steve French 1717ffc588 [CIFS] NTLMv2 support part 5
NTLMv2 authentication (stronger authentication than default NTLM) which
many servers support now works.  There was a problem with the construction
of the security blob in the older code.  Currently requires
	/proc/fs/cifs/Experimental to be set to 2
and
	/proc/fs/cifs/SecurityFlags to be set to 0x4004 (to require using
	NTLMv2 instead of default of NTLM)

Next we will check signing to make sure optional NTLMv2 packet signing also
works.

Signed-off-by: Steve French <sfrench@us.ibm.com>
2006-06-08 05:41:32 +00:00
Steve French 6d027cfdb1 [CIFS] NTLMv2 support part 3
Response struct filled in exacty for 16 byte hash which we need to check
more to make sure it works.

Signed-off-by: Steve French <sfrench@us.ibm.com>
2006-06-05 16:26:05 +00:00
Steve French f64b23ae4a [CIFS] NTLMv2 support part 2
Still need to fill in response structure and check that hash works

Signed-off-by: Steve French <sfrench@us.ibm.com>
2006-06-05 05:27:37 +00:00
Steve French 9312f6754d [CIFS] Fix mask so can set new cifs security flags properly
Signed-off-by: Steve French <sfrench@us.ibm.com>
2006-06-04 22:21:07 +00:00
Steve French 254e55ed03 CIFS] Support for older servers which require plaintext passwords - part 2
Signed-off-by: Steve French <sfrench@us.ibm.com>
2006-06-04 05:53:15 +00:00
Steve French 7c7b25bc8e [CIFS] Support for setting up SMB sessions to legacy lanman servers part 2 2006-06-01 19:20:10 +00:00
Steve French 9c53588ec9 [CIFS] Missing include shows up on some architectures
Signed-off-by: Steve French <sfrench@us.ibm.com>
2006-06-01 05:09:10 +00:00
Steve French 3979877e56 [CIFS] Support for setting up SMB sessions to legacy lanman servers 2006-05-31 22:40:51 +00:00