summaryrefslogtreecommitdiffstats
path: root/fs/cifs/cifsglob.h
Commit message (Collapse)AuthorAgeFilesLines
* cifs: Set client guid on per connection basisSachin Prabhu2014-05-211-0/+1
| | | | | | | | | | | | | | | | | | | | | | | When mounting from a Windows 2012R2 server, we hit the following problem: 1) Mount with any of the following versions - 2.0, 2.1 or 3.0 2) unmount 3) Attempt a mount again using a different SMB version >= 2.0. You end up with the following failure: Status code returned 0xc0000203 STATUS_USER_SESSION_DELETED CIFS VFS: Send error in SessSetup = -5 CIFS VFS: cifs_mount failed w/return code = -5 I cannot reproduce this issue using a Windows 2008 R2 server. This appears to be caused because we use the same client guid for the connection on first mount which we then disconnect and attempt to mount again using a different protocol version. By generating a new guid each time a new connection is Negotiated, we avoid hitting this problem. Signed-off-by: Sachin Prabhu <sprabhu@redhat.com> Signed-off-by: Steve French <smfrench@gmail.com>
* cifs: fix potential races in cifs_revalidate_mappingJeff Layton2014-05-211-0/+1
| | | | | | | | | | | | | | | | | | | | The handling of the CIFS_INO_INVALID_MAPPING flag is racy. It's possible for two tasks to attempt to revalidate the mapping at the same time. The first sees that CIFS_INO_INVALID_MAPPING is set. It clears the flag and then calls invalidate_inode_pages2 to start shooting down the pagecache. While that's going on, another task checks the flag and sees that it's clear. It then ends up trusting the pagecache to satisfy a read when it shouldn't. Fix this by adding a bitlock to ensure that the clearing of the flag is atomic with respect to the actual cache invalidation. Also, move the other existing users of cifs_invalidate_mapping to use a new cifs_zap_mapping() function that just sets the INVALID_MAPPING bit and then uses the standard codepath to handle the invalidation. Signed-off-by: Jeff Layton <jlayton@poochiereds.net> Signed-off-by: Steve French <smfrench@gmail.com>
* cifs: convert booleans in cifsInodeInfo to a flags fieldJeff Layton2014-05-211-3/+3
| | | | | | | | | | | In later patches, we'll need to have a bitlock, so go ahead and convert these bools to use atomic bitops instead. Also, clean up the initialization of the flags field. There's no need to unset each bit individually just after it was zeroed on allocation. Signed-off-by: Jeff Layton <jlayton@poochiereds.net> Signed-off-by: Steve French <smfrench@gmail.com>
* cifs: Wait for writebacks to complete before attempting write.Sachin Prabhu2014-04-161-0/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Problem reported in Red Hat bz 1040329 for strict writes where we cache only when we hold oplock and write direct to the server when we don't. When we receive an oplock break, we first change the oplock value for the inode in cifsInodeInfo->oplock to indicate that we no longer hold the oplock before we enqueue a task to flush changes to the backing device. Once we have completed flushing the changes, we return the oplock to the server. There are 2 ways here where we can have data corruption 1) While we flush changes to the backing device as part of the oplock break, we can have processes write to the file. These writes check for the oplock, find none and attempt to write directly to the server. These direct writes made while we are flushing from cache could be overwritten by data being flushed from the cache causing data corruption. 2) While a thread runs in cifs_strict_writev, the machine could receive and process an oplock break after the thread has checked the oplock and found that it allows us to cache and before we have made changes to the cache. In that case, we end up with a dirty page in cache when we shouldn't have any. This will be flushed later and will overwrite all subsequent writes to the part of the file represented by this page. Before making any writes to the server, we need to confirm that we are not in the process of flushing data to the server and if we are, we should wait until the process is complete before we attempt the write. We should also wait for existing writes to complete before we process an oplock break request which changes oplock values. We add a version specific downgrade_oplock() operation to allow for differences in the oplock values set for the different smb versions. Cc: stable@vger.kernel.org Signed-off-by: Sachin Prabhu <sprabhu@redhat.com> Reviewed-by: Jeff Layton <jlayton@redhat.com> Reviewed-by: Pavel Shilovsky <piastry@etersoft.ru> Signed-off-by: Steve French <smfrench@gmail.com>
* cifs: mask off top byte in get_rfc1002_length()Jeff Layton2014-02-281-1/+1
| | | | | | | | | | | | The rfc1002 length actually includes a type byte, which we aren't masking off. In most cases, it's not a problem since the RFC1002_SESSION_MESSAGE type is 0, but when doing a RFC1002 session establishment, the type is non-zero and that throws off the returned length. Signed-off-by: Jeff Layton <jlayton@redhat.com> Tested-by: Sachin Prabhu <sprabhu@redhat.com> Signed-off-by: Steve French <smfrench@gmail.com>
* [CIFS] Fix cifsacl mounts over smb2 to not call cifsSteve French2014-02-101-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | When mounting with smb2/smb3 (e.g. vers=2.1) and cifsacl mount option, it was trying to get the mode by querying the acl over the cifs rather than smb2 protocol. This patch makes that protocol independent and makes cifsacl smb2 mounts return a more intuitive operation not supported error (until we add a worker function for smb2_get_acl). Note that a previous patch fixed getxattr/setxattr for the CIFSACL xattr which would unconditionally call cifs_get_acl and cifs_set_acl (even when mounted smb2). I made those protocol independent last week (new protocol version operations "get_acl" and "set_acl" but did not add an smb2_get_acl and smb2_set_acl yet so those now simply return EOPNOTSUPP which at least is better than sending cifs requests on smb2 mount) The previous patches did not fix the one remaining case though ie mounting with "cifsacl" when getting mode from acl would unconditionally end up calling "cifs_get_acl_from_fid" even for smb2 - so made that protocol independent but to make that protocol independent had to make sure that the callers were passing the protocol independent handle structure (cifs_fid) instead of cifs specific _u16 network file handle (ie cifs_fid instead of cifs_fid->fid) Now mount with smb2 and cifsacl mount options will return EOPNOTSUP (instead of timing out) and a future patch will add smb2 operations (e.g. get_smb2_acl) to enable this. Signed-off-by: Steve French <smfrench@gmail.com>
* [CIFS] clean up page array when uncached write send failsSteve French2014-02-071-1/+2
| | | | | | | | | | | | | | | In the event that a send fails in an uncached write, or we end up needing to reissue it (-EAGAIN case), we'll kfree the wdata but the pages currently leak. Fix this by adding a new kref release routine for uncached writedata that releases the pages, and have the uncached codepaths use that. [original patch by Jeff modified to fix minor formatting problems] Signed-off-by: Jeff Layton <jlayton@redhat.com> Reviewed-by: Pavel Shilovsky <piastry@etersoft.ru> Signed-off-by: Steve French <smfrench@gmail.com>
* cifs: use a flexarray in cifs_writedataJeff Layton2014-02-071-1/+1
| | | | | | | | | The cifs_writedata code uses a single element trailing array, which just adds unneeded complexity. Use a flexarray instead. Signed-off-by: Jeff Layton <jlayton@redhat.com> Reviewed-by: Pavel Shilovsky <piastry@etersoft.ru> Signed-off-by: Steve French <smfrench@gmail.com>
* retrieving CIFS ACLs when mounted with SMB2 fails dropping sessionSteve French2014-02-071-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | The get/set ACL xattr support for CIFS ACLs attempts to send old cifs dialect protocol requests even when mounted with SMB2 or later dialects. Sending cifs requests on an smb2 session causes problems - the server drops the session due to the illegal request. This patch makes CIFS ACL operations protocol specific to fix that. Attempting to query/set CIFS ACLs for SMB2 will now return EOPNOTSUPP (until we add worker routines for sending query ACL requests via SMB2) instead of sending invalid (cifs) requests. A separate followon patch will be needed to fix cifs_acl_to_fattr (which takes a cifs specific u16 fid so can't be abstracted to work with SMB2 until that is changed) and will be needed to fix mount problems when "cifsacl" is specified on mount with e.g. vers=2.1 Signed-off-by: Steve French <smfrench@gmail.com> Reviewed-by: Shirish Pargaonkar <spargaonkar@suse.com> CC: Stable <stable@kernel.org>
* [CIFS] Fix SMB2 mounts so they don't try to set or get xattrs via cifsSteve French2014-01-261-0/+6
| | | | | | | | | | | When mounting with smb2 (or smb2.1 or smb3) we need to check to make sure that attempts to query or set extended attributes do not attempt to send the request with the older cifs protocol instead (eventually we also need to add the support in SMB2 to query/set extended attributes but this patch prevents us from using the wrong protocol for extended attribute operations). Signed-off-by: Steve French <smfrench@gmail.com>
* cifs: Add create MFSymlinks to protocol ops structSachin Prabhu2014-01-201-0/+3
| | | | | | | | | | | | | Add a new protocol ops function create_mf_symlink and have create_mf_symlink() use it. This patchset moves the MFSymlink operations completely to the ops structure so that we only use the right protocol versions when querying or creating MFSymlinks. Signed-off-by: Sachin Prabhu <sprabhu@redhat.com> Reviewed-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <smfrench@gmail.com>
* cifs: Rename and cleanup open_query_close_cifs_symlink()Sachin Prabhu2014-01-201-2/+3
| | | | | | | | | | | | | Rename open_query_close_cifs_symlink to cifs_query_mf_symlink() to make the name more consistent with other protocol version specific functions. We also pass tcon as an argument to the function. This is already available in the calling functions and we can avoid having to make an unnecessary lookup. Signed-off-by: Sachin Prabhu <sprabhu@redhat.com> Reviewed-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <smfrench@gmail.com>
* Check SMB3 dialects against downgrade attacksSteve French2013-11-191-0/+1
| | | | | | | | | | | | | | | | | | | | | When we are running SMB3 or SMB3.02 connections which are signed we need to validate the protocol negotiation information, to ensure that the negotiate protocol response was not tampered with. Add the missing FSCTL which is sent at mount time (immediately after the SMB3 Tree Connect) to validate that the capabilities match what we think the server sent. "Secure dialect negotiation is introduced in SMB3 to protect against man-in-the-middle attempt to downgrade dialect negotiation. The idea is to prevent an eavesdropper from downgrading the initially negotiated dialect and capabilities between the client and the server." For more explanation see 2.2.31.4 of MS-SMB2 or http://blogs.msdn.com/b/openspecification/archive/2012/06/28/smb3-secure-dialect-negotiation.aspx Reviewed-by: Pavel Shilovsky <piastry@etersoft.ru> Signed-off-by: Steve French <smfrench@gmail.com>
* [CIFS] Set copychunk defaultsSteve French2013-11-151-0/+3
| | | | | | | | | | | Patch 2 of the copy chunk series (the final patch will use these to handle copies of files larger than the chunk size. We set the same defaults that Windows and Samba expect for CopyChunk. Signed-off-by: Steve French <smfrench@gmail.com> Reviewed-by: David Disseldorp <ddiss@samba.org>
* CIFS: SMB2/SMB3 Copy offload support (refcopy) phase 1Steve French2013-11-141-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This first patch adds the ability for us to do a server side copy (ie fast copy offloaded to the server to perform, aka refcopy) "cp --reflink" of one file to another located on the same server. This is much faster than traditional copy (which requires reading and writing over the network and extra memcpys). This first version is not going to be copy files larger than about 1MB (to Samba) until I add support for multiple chunks and for autoconfiguring the chunksize. It includes: 1) processing of the ioctl 2) marshalling and sending the SMB2/SMB3 fsctl over the network 3) simple parsing of the response It does not include yet (these will be in followon patches to come soon): 1) support for multiple chunks 2) support for autoconfiguring and remembering the chunksize 3) Support for the older style copychunk which Samba 4.1 server supports (because this requires write permission on the target file, which cp does not give you, apparently per-posix). This may require a distinct tool (other than cp) and other ioctl to implement. Reviewed-by: Pavel Shilovsky <piastry@etersoft.ru> Signed-off-by: Steve French <smfrench@gmail.com>
* CIFS: Fix symbolic links usagePavel Shilovsky2013-11-111-1/+1
| | | | | | | | | | | | | | | | | | | Now we treat any reparse point as a symbolic link and map it to a Unix one that is not true in a common case due to many reparse point types supported by SMB servers. Distinguish reparse point types into two groups: 1) that can be accessed directly through a reparse point (junctions, deduplicated files, NFS symlinks); 2) that need to be processed manually (Windows symbolic links, DFS); and map only Windows symbolic links to Unix ones. Cc: <stable@vger.kernel.org> Acked-by: Jeff Layton <jlayton@redhat.com> Reported-and-tested-by: Joao Correia <joaomiguelcorreia@gmail.com> Signed-off-by: Pavel Shilovsky <piastry@etersoft.ru> Signed-off-by: Steve French <smfrench@gmail.com>
* Query File System AlignmentSteven French2013-11-021-0/+2
| | | | | | | | | | | | | | | | | | | | | In SMB3 it is now possible to query the file system alignment info, and the preferred (for performance) sector size and whether the underlying disk has no seek penalty (like SSD). Query this information at mount time for SMB3, and make it visible in /proc/fs/cifs/DebugData for debugging purposes. This alignment information and preferred sector size info will be helpful for the copy offload patches to setup the right chunks in the CopyChunk requests. Presumably the knowledge that the underlying disk is SSD could also help us make better readahead and writebehind decisions (something to look at in the future). Signed-off-by: Steve French <smfrench@gmail.com>
* cifs: Make big endian multiplex ID sequences monotonic on the wireTim Gardner2013-11-021-1/+24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The multiplex identifier (MID) in the SMB header is only ever used by the client, in conjunction with PID, to match responses from the server. As such, the endianess of the MID is not important. However, When tracing packet sequences on the wire, protocol analyzers such as wireshark display MID as little endian. It is much more informative for the on-the-wire MID sequences to match debug information emitted by the CIFS driver. Therefore, one should write and read MID in the SMB header assuming it is always little endian. Observed from wireshark during the protocol negotiation and session setup: Multiplex ID: 256 Multiplex ID: 256 Multiplex ID: 512 Multiplex ID: 512 Multiplex ID: 768 Multiplex ID: 768 After this patch on-the-wire MID values begin at 1 and increase monotonically. Introduce get_next_mid64() for the internal consumers that use the full 64 bit multiplex identifier. Introduce the helpers get_mid() and compare_mid() to make the endian translation clear. Reviewed-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Tim Gardner <timg@tpi.com> Signed-off-by: Steve French <smfrench@gmail.com>
* Allow setting per-file compression via SMB2/3Steve French2013-10-281-0/+2
| | | | | | | | | | | | | Allow cifs/smb2/smb3 to return whether or not a file is compressed via lsattr, and allow SMB2/SMB3 to set the per-file compression flag ("chattr +c filename" on an smb3 mount). Windows users often set the compressed flag (it can be done from the desktop and file manager). David Disseldorp has patches to Samba server to support this (at least on btrfs) which are complementary to this Signed-off-by: Steve French <smfrench@gmail.com>
* [CIFS] Provide sane values for nlinkJim McDonough2013-09-211-0/+1
| | | | | | | | | | | | | | | | Since we don't get info about the number of links from the readdir linfo levels, stat() will return 0 for st_nlink, and in particular, samba re-exported shares will show directories as files (as samba is keying off st_nlink before evaluating how to set the dos modebits) when doing a dir or ls. Copy nlink to the inode, unless it wasn't provided. Provide sane values if we don't have an existing one and none was provided. Signed-off-by: Jim McDonough <jmcd@samba.org> Reviewed-by: Jeff Layton <jlayton@redhat.com> Reviewed-by: David Disseldorp <ddiss@samba.org> Signed-off-by: Steve French <smfrench@gmail.com>
* cifs: stop trying to use virtual circuitsJeff Layton2013-09-181-4/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, we try to ensure that we use vcnum of 0 on the first established session on a connection and then try to use a different vcnum on each session after that. This is a little odd, since there's no real reason to use a different vcnum for each SMB session. I can only assume there was some confusion between SMB sessions and VCs. That's somewhat understandable since they both get created during SESSION_SETUP, but the documentation indicates that they are really orthogonal. The comment on max_vcs in particular looks quite misguided. An SMB session is already uniquely identified by the SMB UID value -- there's no need to again uniquely ID with a VC. Furthermore, a vcnum of 0 is a cue to the server that it should release any resources that were previously held by the client. This sounds like a good thing, until you consider that: a) it totally ignores the fact that other programs on the box (e.g. smbclient) might have connections established to the server. Using a vcnum of 0 causes them to get kicked off. b) it causes problems with NAT. If several clients are connected to the same server via the same NAT'ed address, whenever one connects to the server it kicks off all the others, which then reconnect and kick off the first one...ad nauseum. I don't see any reason to ignore the advice in "Implementing CIFS" which has a comprehensive treatment of virtual circuits. In there, it states "...and contrary to the specs the client should always use a VcNumber of one, never zero." Have the client just use a hardcoded vcnum of 1, and stop abusing the special behavior of vcnum 0. Reported-by: Sauron99@gmx.de <sauron99@gmx.de> Signed-off-by: Jeff Layton <jlayton@redhat.com> Reviewed-by: Volker Lendecke <vl@samba.org> Signed-off-by: Steve French <smfrench@gmail.com>
* CIFS: Respect epoch value from create lease context v2Pavel Shilovsky2013-09-091-3/+10
| | | | | | | that force a client to purge cache pages when a server requests it. Signed-off-by: Pavel Shilovsky <pshilovsky@samba.org> Signed-off-by: Steve French <smfrench@gmail.com>
* CIFS: Move parsing lease buffer to ops structPavel Shilovsky2013-09-091-0/+2
| | | | | Signed-off-by: Pavel Shilovsky <pshilovsky@samba.org> Signed-off-by: Steve French <smfrench@gmail.com>
* CIFS: Move creating lease buffer to ops structPavel Shilovsky2013-09-091-3/+6
| | | | | | | to make adding new types of lease buffers easier. Signed-off-by: Pavel Shilovsky <pshilovsky@samba.org> Signed-off-by: Steve French <smfrench@gmail.com>
* CIFS: Store lease state itself rather than a mapped oplock valuePavel Shilovsky2013-09-091-7/+9
| | | | | | | and separate smb20_operations struct. Signed-off-by: Pavel Shilovsky <pshilovsky@samba.org> Signed-off-by: Steve French <smfrench@gmail.com>
* CIFS: Replace clientCanCache* bools with an integerPavel Shilovsky2013-09-081-2/+8
| | | | | | | that prepare the code to handle different types of SMB2 leases. Signed-off-by: Pavel Shilovsky <pshilovsky@samba.org> Signed-off-by: Steve French <smfrench@gmail.com>
* cifs: Start using per session key for smb2/3 for signature generationShirish Pargaonkar2013-09-081-3/+2
| | | | | | | | | | | | | | | | Switch smb2 code to use per session session key and smb3 code to use per session signing key instead of per connection key to generate signatures. For that, we need to find a session to fetch the session key to generate signature to match for every request and response packet. We also forgo checking signature for a session setup response from the server. Acked-by: Jeff Layton <jlayton@samba.org> Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com> Signed-off-by: Steve French <smfrench@gmail.com>
* cifs: Add a variable specific to NTLMSSP for key exchange.Shirish Pargaonkar2013-09-081-0/+1
| | | | | | | | | | | | | | | | | | Add a variable specific to NTLMSSP authentication to determine whether to exchange keys during negotiation and authentication phases. Since session key for smb1 is per smb connection, once a very first sesion is established, there is no need for key exchange during subsequent session setups. As a result, smb1 session setup code sets this variable as false. Since session key for smb2 and smb3 is per smb connection, we need to exchange keys to generate session key for every sesion being established. As a result, smb2/3 session setup code sets this variable as true. Acked-by: Jeff Layton <jlayton@samba.org> Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com> Signed-off-by: Steve French <smfrench@gmail.com>
* cifs: Move and expand MAX_SERVER_SIZE definitionScott Lovenberg2013-09-081-2/+1
| | | | | | | | | | MAX_SERVER_SIZE has been moved to cifs_mount.h and renamed CIFS_NI_MAXHOST for clarity. It has been expanded to 1024 as the previous value of 16 was very short. Signed-off-by: Scott Lovenberg <scott.lovenberg@gmail.com> Reviewed-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <smfrench@gmail.com>
* cifs: Move string length definitions to uapiScott Lovenberg2013-09-081-5/+2
| | | | | | | | | | | | The max string length definitions for user name, domain name, password, and share name have been moved into their own header file in uapi so the mount helper can use autoconf to define them instead of keeping the kernel side and userland side definitions in sync manually. The names have also been standardized with a "CIFS" prefix and "LEN" suffix. Signed-off-by: Scott Lovenberg <scott.lovenberg@gmail.com> Reviewed-by: Chen Gang <gang.chen@asianux.com> Signed-off-by: Steve French <smfrench@gmail.com>
* CIFS: Implement follow_link for SMB2Pavel Shilovsky2013-09-081-0/+3
| | | | | | | | that allows to access files through symlink created on a server. Acked-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Pavel Shilovsky <pshilovsky@samba.org> Signed-off-by: Steve French <smfrench@gmail.com>
* Do not attempt to do cifs operations reading symlinks with SMB2Steve French2013-07-301-0/+3
| | | | | | | | | | | | | | | | When use of symlinks is enabled (mounting with mfsymlinks option) to non-Samba servers, we always tried to use cifs, even when we were mounted with SMB2 or SMB3, which causes the server to drop the network connection. This patch separates out the protocol specific operations for cifs from the code which recognizes symlinks, and fixes the problem where with SMB2 mounts we attempt cifs operations to open and read symlinks. The next patch will add support for SMB2 for opening and reading symlinks. Additional followon patches will address the similar problem creating symlinks. Signed-off-by: Steve French <smfrench@gmail.com>
* cifs: extend the buffer length enought for sprintf() usingChen Gang2013-07-301-0/+1
| | | | | | | | | | | | | | | | | | | For cifs_set_cifscreds() in "fs/cifs/connect.c", 'desc' buffer length is 'CIFSCREDS_DESC_SIZE' (56 is less than 256), and 'ses->domainName' length may be "255 + '\0'". The related sprintf() may cause memory overflow, so need extend related buffer enough to hold all things. It is also necessary to be sure of 'ses->domainName' must be less than 256, and define the related macro instead of hard code number '256'. Signed-off-by: Chen Gang <gang.chen@asianux.com> Reviewed-by: Jeff Layton <jlayton@redhat.com> Reviewed-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com> Reviewed-by: Scott Lovenberg <scott.lovenberg@gmail.com> CC: <stable@vger.kernel.org> Signed-off-by: Steve French <smfrench@gmail.com>
* CIFS: Reconnect durable handles for SMB2Pavel Shilovsky2013-07-101-0/+1
| | | | | | | | | | | On reconnects, we need to reopen file and then obtain all byte-range locks held by the client. SMB2 protocol provides feature to make this process atomic by reconnecting to the same file handle with all it's byte-range locks. This patch adds this capability for SMB2 shares. Signed-off-by: Pavel Shilovsky <pshilovsky@samba.org> Signed-off-by: Steven French <steven@steven-GA-970A-DS3.(none)>
* CIFS: Introduce cifs_open_parms structPavel Shilovsky2013-07-101-3/+13
| | | | | | | and pass it to the open() call. Signed-off-by: Pavel Shilovsky <pshilovsky@samba.org> Signed-off-by: Steven French <steven@steven-GA-970A-DS3.(none)>
* cifs: fix SMB2 signing enablement in cifs_enable_signingJeff Layton2013-06-271-0/+2
| | | | | | | | | | | | | | | | Commit 9ddec56131 (cifs: move handling of signed connections into separate function) broke signing on SMB2/3 connections. While the code to enable signing on the connections was very similar between the two, the bits that get set in the sec_mode are different. Declare a couple of new smb_version_values fields and set them appropriately for SMB1 and SMB2/3. Then change cifs_enable_signing to use those instead. Reported-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com> Signed-off-by: Jeff Layton <jlayton@redhat.com> Tested-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com> Signed-off-by: Steve French <smfrench@gmail.com>
* [CIFS] Fix build warningSteve French2013-06-271-0/+2
| | | | | | | | | | | | | | Fix build warning in Shirish's recent SMB3 signing patch which occurs when SMB2 support is disabled in Kconfig. fs/built-in.o: In function `cifs_setup_session': >> (.text+0xa1767): undefined reference to `generate_smb3signingkey' Pointed out by: automated 0-DAY kernel build testing backend Intel Open Source Technology Center CC: Shirish Pargaonkar <shirishpargaonkar@gmail.com> Signed-off-by: Steve French <smfrench@gmail.com>
* [CIFS] SMB3 Signing enablementSteve French2013-06-261-0/+3
| | | | | | | | | | | | | | | | | | | SMB3 uses a much faster method of signing (which is also better in other ways), AES-CMAC. With the kernel now supporting AES-CMAC since last release, we are overdue to allow SMB3 signing (today only CIFS and SMB2 and SMB2.1, but not SMB3 and SMB3.1 can sign) - and we need this also for checking secure negotation and also per-share encryption (two other new SMB3 features which we need to implement). This patch needs some work in a few areas - for example we need to move signing for SMB2/SMB3 from per-socket to per-user (we may be able to use the "nosharesock" mount option in the interim for the multiuser case), and Shirish found a bug in the earlier authentication overhaul (setting signing flags properly) - but those can be done in followon patches. Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com> Signed-off-by: Steve French <smfrench@gmail.com>
* Add ability to dipslay SMB3 share flags and capabilities for debuggingSteve French2013-06-241-1/+2
| | | | | | | | | | SMB3 protocol adds various optional per-share capabilities (and SMB3.02 adds one more beyond that). Add ability to dump (/proc/fs/cifs/DebugData) the share capabilities and share flags to improve debugging. Signed-off-by: Steve French <smfrench@gmail.com> Acked-by: Jeff Layton <jlayton@redhat.com>
* Add SMB3.02 dialect supportSteve French2013-06-241-0/+4
| | | | | | | | The new Windows update supports SMB3.02 dialect, a minor update to SMB3. This patch adds support for mounting with vers=3.02 Signed-off-by: Steve French <smfrench@gmail.com> Reviewed-by: Jeff Layton <jlayton@redhat.com>
* cifs: update the default global_secflags to include "raw" NTLMv2Jeff Layton2013-06-241-1/+1
| | | | | | | | | | | | | | | Before this patchset, the global_secflags could only offer up a single sectype. With the new set though we have the ability to allow different sectypes since we sort out the one to use after talking to the server. Change the global_secflags to allow NTLMSSP or NTLMv2 by default. If the server sets the extended security bit in the Negotiate response, then we'll use NTLMSSP. If it doesn't then we'll use raw NTLMv2. Mounting a LANMAN server will still require a sec= option by default. Signed-off-by: Jeff Layton <jlayton@redhat.com> Reviewed-by: Pavel Shilovsky <piastry@etersoft.ru> Signed-off-by: Steve French <smfrench@gmail.com>
* move sectype to the cifs_ses instead of TCP_Server_InfoJeff Layton2013-06-241-2/+0
| | | | | | | | | | | | | | | | Now that we track what sort of NEGOTIATE response was received, stop mandating that every session on a socket use the same type of auth. Push that decision out into the session setup code, and make the sectype a per-session property. This should allow us to mix multiple sectypes on a socket as long as they are compatible with the NEGOTIATE response. With this too, we can now eliminate the ses->secFlg field since that info is redundant and harder to work with than a securityEnum. Signed-off-by: Jeff Layton <jlayton@redhat.com> Acked-by: Pavel Shilovsky <piastry@etersoft.ru> Signed-off-by: Steve French <smfrench@gmail.com>
* cifs: track the enablement of signing in the TCP_Server_InfoJeff Layton2013-06-241-0/+1
| | | | | | | | | | | | | | | | | | | | | Currently, we determine this according to flags in the sec_mode, flags in the global_secflags and via other methods. That makes the semantics very hard to follow and there are corner cases where we don't handle this correctly. Add a new bool to the TCP_Server_Info that acts as a simple flag to tell us whether signing is enabled on this connection or not, and fix up the places that need to determine this to use that flag. This is a bit weird for the SMB2 case, where signing is per-session. SMB2 needs work in this area already though. The existing SMB2 code has similar logic to what we're using here, so there should be no real change in behavior. These changes should make it easier to implement per-session signing in the future though. Signed-off-by: Jeff Layton <jlayton@redhat.com> Reviewed-by: Pavel Shilovsky <piastry@etersoft.ru> Signed-off-by: Steve French <smfrench@gmail.com>
* add new fields to smb_vol to track the requested security flavorJeff Layton2013-06-241-0/+2
| | | | | | | | | | We have this to some degree already in secFlgs, but those get "or'ed" so there's no way to know what the last option requested was. Add new fields that will eventually supercede the secFlgs field in the cifs_ses. Signed-off-by: Jeff Layton <jlayton@redhat.com> Reviewed-by: Pavel Shilovsky <piastry@etersoft.ru> Signed-off-by: Steve French <smfrench@gmail.com>
* cifs: add new fields to cifs_ses to track requested security flavorJeff Layton2013-06-241-0/+2
| | | | | | | | Currently we have the overrideSecFlg field, but it's quite cumbersome to work with. Add some new fields that will eventually supercede it. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <smfrench@gmail.com>
* cifs: track the flavor of the NEGOTIATE reponseJeff Layton2013-06-241-0/+4
| | | | | | | | | | | | | | | | | | | Track what sort of NEGOTIATE response we get from the server, as that will govern what sort of authentication types this socket will support. There are three possibilities: LANMAN: server sent legacy LANMAN-type response UNENCAP: server sent a newer-style response, but extended security bit wasn't set. This socket will only support unencapsulated auth types. EXTENDED: server sent a newer-style response with the extended security bit set. This is necessary to support krb5 and ntlmssp auth types. Signed-off-by: Jeff Layton <jlayton@redhat.com> Reviewed-by: Pavel Shilovsky <piastry@etersoft.ru> Signed-off-by: Steve French <smfrench@gmail.com>
* cifs: add new "Unspecified" securityEnum valueJeff Layton2013-06-241-2/+2
| | | | | | | | | Add a new securityEnum value to cover the case where a sec= option was not explicitly set. Signed-off-by: Jeff Layton <jlayton@redhat.com> Reviewed-by: Pavel Shilovsky <piastry@etersoft.ru> Signed-off-by: Steve French <smfrench@gmail.com>
* cifs: remove the cifs_ses->flags fieldJeff Layton2013-06-241-10/+0
| | | | | | | | | | | This field is completely unused: CIFS_SES_W9X is completely unused. CIFS_SES_LANMAN and CIFS_SES_OS2 are set but never checked. CIFS_SES_NT4 is checked, but never set. Signed-off-by: Jeff Layton <jlayton@redhat.com> Acked-by: Pavel Shilovsky <piastry@etersoft.ru> Signed-off-by: Steve French <sfrench@us.ibm.com>
* cifs: remove protocolEnum definitionJeff Layton2013-06-241-6/+0
| | | | | | | | The field that held this was removed quite some time ago. Signed-off-by: Jeff Layton <jlayton@redhat.com> Acked-by: Pavel Shilovsky <piastry@etersoft.ru> Signed-off-by: Steve French <sfrench@us.ibm.com>
* cifs: add a "nosharesock" mount option to force new sockets to server to be ↵Jeff Layton2013-06-241-0/+1
| | | | | | | | | | | | | | | | | | created Some servers set max_vcs to 1 and actually do enforce that limit. Add a new mount option to work around this behavior that forces a mount request to open a new socket to the server instead of reusing an existing one. I'd prefer to come up with a solution that doesn't require this, so consider this a debug patch that you can use to determine whether this is the real problem. Cc: Jim McDonough <jmcd@samba.org> Cc: Steve French <smfrench@gmail.com> Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
OpenPOWER on IntegriCloud