Commit 1e16624d authored by Linus Torvalds's avatar Linus Torvalds

Merge tag '5.14-rc-smb3-fixes-part2' of git://git.samba.org/sfrench/cifs-2.6

Pull cifs fixes from Steve French:
 "13 cifs/smb3 fixes. Most are to address minor issues pointed out by
  Coverity.

  Also includes a packet signing enhancement and mount improvement"

* tag '5.14-rc-smb3-fixes-part2' of git://git.samba.org/sfrench/cifs-2.6:
  cifs: update internal version number
  cifs: prevent NULL deref in cifs_compose_mount_options()
  SMB3.1.1: Add support for negotiating signing algorithm
  cifs: use helpers when parsing uid/gid mount options and validate them
  CIFS: Clarify SMB1 code for POSIX Lock
  CIFS: Clarify SMB1 code for rename open file
  CIFS: Clarify SMB1 code for delete
  CIFS: Clarify SMB1 code for SetFileSize
  smb3: fix typo in header file
  CIFS: Clarify SMB1 code for UnixSetPathInfo
  CIFS: Clarify SMB1 code for UnixCreateSymLink
  cifs: clarify SMB1 code for UnixCreateHardLink
  cifs: make locking consistent around the server session status
parents 67d8d365 4d069f60
...@@ -151,6 +151,9 @@ char *cifs_compose_mount_options(const char *sb_mountdata, ...@@ -151,6 +151,9 @@ char *cifs_compose_mount_options(const char *sb_mountdata,
return ERR_PTR(-EINVAL); return ERR_PTR(-EINVAL);
if (ref) { if (ref) {
if (WARN_ON_ONCE(!ref->node_name || ref->path_consumed < 0))
return ERR_PTR(-EINVAL);
if (strlen(fullpath) - ref->path_consumed) { if (strlen(fullpath) - ref->path_consumed) {
prepath = fullpath + ref->path_consumed; prepath = fullpath + ref->path_consumed;
/* skip initial delimiter */ /* skip initial delimiter */
......
...@@ -65,6 +65,7 @@ bool lookupCacheEnabled = true; ...@@ -65,6 +65,7 @@ bool lookupCacheEnabled = true;
bool disable_legacy_dialects; /* false by default */ bool disable_legacy_dialects; /* false by default */
bool enable_gcm_256 = true; bool enable_gcm_256 = true;
bool require_gcm_256; /* false by default */ bool require_gcm_256; /* false by default */
bool enable_negotiate_signing; /* false by default */
unsigned int global_secflags = CIFSSEC_DEF; unsigned int global_secflags = CIFSSEC_DEF;
/* unsigned int ntlmv2_support = 0; */ /* unsigned int ntlmv2_support = 0; */
unsigned int sign_CIFS_PDUs = 1; unsigned int sign_CIFS_PDUs = 1;
...@@ -104,6 +105,9 @@ MODULE_PARM_DESC(enable_gcm_256, "Enable requesting strongest (256 bit) GCM encr ...@@ -104,6 +105,9 @@ MODULE_PARM_DESC(enable_gcm_256, "Enable requesting strongest (256 bit) GCM encr
module_param(require_gcm_256, bool, 0644); module_param(require_gcm_256, bool, 0644);
MODULE_PARM_DESC(require_gcm_256, "Require strongest (256 bit) GCM encryption. Default: n/N/0"); MODULE_PARM_DESC(require_gcm_256, "Require strongest (256 bit) GCM encryption. Default: n/N/0");
module_param(enable_negotiate_signing, bool, 0644);
MODULE_PARM_DESC(enable_negotiate_signing, "Enable negotiating packet signing algorithm with server. Default: n/N/0");
module_param(disable_legacy_dialects, bool, 0644); module_param(disable_legacy_dialects, bool, 0644);
MODULE_PARM_DESC(disable_legacy_dialects, "To improve security it may be " MODULE_PARM_DESC(disable_legacy_dialects, "To improve security it may be "
"helpful to restrict the ability to " "helpful to restrict the ability to "
......
...@@ -153,5 +153,5 @@ extern struct dentry *cifs_smb3_do_mount(struct file_system_type *fs_type, ...@@ -153,5 +153,5 @@ extern struct dentry *cifs_smb3_do_mount(struct file_system_type *fs_type,
extern const struct export_operations cifs_export_ops; extern const struct export_operations cifs_export_ops;
#endif /* CONFIG_CIFS_NFSD_EXPORT */ #endif /* CONFIG_CIFS_NFSD_EXPORT */
#define CIFS_VERSION "2.32" #define CIFS_VERSION "2.33"
#endif /* _CIFSFS_H */ #endif /* _CIFSFS_H */
...@@ -577,6 +577,7 @@ struct TCP_Server_Info { ...@@ -577,6 +577,7 @@ struct TCP_Server_Info {
char server_RFC1001_name[RFC1001_NAME_LEN_WITH_NULL]; char server_RFC1001_name[RFC1001_NAME_LEN_WITH_NULL];
struct smb_version_operations *ops; struct smb_version_operations *ops;
struct smb_version_values *vals; struct smb_version_values *vals;
/* updates to tcpStatus protected by GlobalMid_Lock */
enum statusEnum tcpStatus; /* what we think the status is */ enum statusEnum tcpStatus; /* what we think the status is */
char *hostname; /* hostname portion of UNC string */ char *hostname; /* hostname portion of UNC string */
struct socket *ssocket; struct socket *ssocket;
...@@ -666,9 +667,11 @@ struct TCP_Server_Info { ...@@ -666,9 +667,11 @@ struct TCP_Server_Info {
unsigned int max_write; unsigned int max_write;
unsigned int min_offload; unsigned int min_offload;
__le16 compress_algorithm; __le16 compress_algorithm;
__u16 signing_algorithm;
__le16 cipher_type; __le16 cipher_type;
/* save initital negprot hash */ /* save initital negprot hash */
__u8 preauth_sha_hash[SMB2_PREAUTH_HASH_SIZE]; __u8 preauth_sha_hash[SMB2_PREAUTH_HASH_SIZE];
bool signing_negotiated; /* true if valid signing context rcvd from server */
bool posix_ext_supported; bool posix_ext_supported;
struct delayed_work reconnect; /* reconnect workqueue job */ struct delayed_work reconnect; /* reconnect workqueue job */
struct mutex reconnect_mutex; /* prevent simultaneous reconnects */ struct mutex reconnect_mutex; /* prevent simultaneous reconnects */
...@@ -1785,7 +1788,7 @@ require use of the stronger protocol */ ...@@ -1785,7 +1788,7 @@ require use of the stronger protocol */
* list operations on pending_mid_q and oplockQ * list operations on pending_mid_q and oplockQ
* updates to XID counters, multiplex id and SMB sequence numbers * updates to XID counters, multiplex id and SMB sequence numbers
* list operations on global DnotifyReqList * list operations on global DnotifyReqList
* updates to ses->status * updates to ses->status and TCP_Server_Info->tcpStatus
* updates to server->CurrentMid * updates to server->CurrentMid
* tcp_ses_lock protects: * tcp_ses_lock protects:
* list operations on tcp and SMB session lists * list operations on tcp and SMB session lists
...@@ -1868,6 +1871,7 @@ extern unsigned int global_secflags; /* if on, session setup sent ...@@ -1868,6 +1871,7 @@ extern unsigned int global_secflags; /* if on, session setup sent
extern unsigned int sign_CIFS_PDUs; /* enable smb packet signing */ extern unsigned int sign_CIFS_PDUs; /* enable smb packet signing */
extern bool enable_gcm_256; /* allow optional negotiate of strongest signing (aes-gcm-256) */ extern bool enable_gcm_256; /* allow optional negotiate of strongest signing (aes-gcm-256) */
extern bool require_gcm_256; /* require use of strongest signing (aes-gcm-256) */ extern bool require_gcm_256; /* require use of strongest signing (aes-gcm-256) */
extern bool enable_negotiate_signing; /* request use of faster (GMAC) signing if available */
extern bool linuxExtEnabled;/*enable Linux/Unix CIFS extensions*/ extern bool linuxExtEnabled;/*enable Linux/Unix CIFS extensions*/
extern unsigned int CIFSMaxBufSize; /* max size not including hdr */ extern unsigned int CIFSMaxBufSize; /* max size not including hdr */
extern unsigned int cifs_min_rcv; /* min size of big ntwrk buf pool */ extern unsigned int cifs_min_rcv; /* min size of big ntwrk buf pool */
......
...@@ -1785,6 +1785,7 @@ struct smb_com_transaction2_sfi_req { ...@@ -1785,6 +1785,7 @@ struct smb_com_transaction2_sfi_req {
__u16 Fid; __u16 Fid;
__le16 InformationLevel; __le16 InformationLevel;
__u16 Reserved4; __u16 Reserved4;
__u8 payload[];
} __attribute__((packed)); } __attribute__((packed));
struct smb_com_transaction2_sfi_rsp { struct smb_com_transaction2_sfi_rsp {
......
...@@ -2537,8 +2537,9 @@ CIFSSMBPosixLock(const unsigned int xid, struct cifs_tcon *tcon, ...@@ -2537,8 +2537,9 @@ CIFSSMBPosixLock(const unsigned int xid, struct cifs_tcon *tcon,
pSMB->TotalDataCount = pSMB->DataCount; pSMB->TotalDataCount = pSMB->DataCount;
pSMB->TotalParameterCount = pSMB->ParameterCount; pSMB->TotalParameterCount = pSMB->ParameterCount;
pSMB->ParameterOffset = cpu_to_le16(param_offset); pSMB->ParameterOffset = cpu_to_le16(param_offset);
/* SMB offsets are from the beginning of SMB which is 4 bytes in, after RFC1001 field */
parm_data = (struct cifs_posix_lock *) parm_data = (struct cifs_posix_lock *)
(((char *) &pSMB->hdr.Protocol) + offset); (((char *)pSMB) + offset + 4);
parm_data->lock_type = cpu_to_le16(lock_type); parm_data->lock_type = cpu_to_le16(lock_type);
if (waitFlag) { if (waitFlag) {
...@@ -2767,7 +2768,8 @@ int CIFSSMBRenameOpenFile(const unsigned int xid, struct cifs_tcon *pTcon, ...@@ -2767,7 +2768,8 @@ int CIFSSMBRenameOpenFile(const unsigned int xid, struct cifs_tcon *pTcon,
param_offset = offsetof(struct smb_com_transaction2_sfi_req, Fid) - 4; param_offset = offsetof(struct smb_com_transaction2_sfi_req, Fid) - 4;
offset = param_offset + params; offset = param_offset + params;
data_offset = (char *) (&pSMB->hdr.Protocol) + offset; /* SMB offsets are from the beginning of SMB which is 4 bytes in, after RFC1001 field */
data_offset = (char *)(pSMB) + offset + 4;
rename_info = (struct set_file_rename *) data_offset; rename_info = (struct set_file_rename *) data_offset;
pSMB->MaxParameterCount = cpu_to_le16(2); pSMB->MaxParameterCount = cpu_to_le16(2);
pSMB->MaxDataCount = cpu_to_le16(1000); /* BB find max SMB from sess */ pSMB->MaxDataCount = cpu_to_le16(1000); /* BB find max SMB from sess */
...@@ -2925,7 +2927,8 @@ CIFSUnixCreateSymLink(const unsigned int xid, struct cifs_tcon *tcon, ...@@ -2925,7 +2927,8 @@ CIFSUnixCreateSymLink(const unsigned int xid, struct cifs_tcon *tcon,
InformationLevel) - 4; InformationLevel) - 4;
offset = param_offset + params; offset = param_offset + params;
data_offset = (char *) (&pSMB->hdr.Protocol) + offset; /* SMB offsets are from the beginning of SMB which is 4 bytes in, after RFC1001 field */
data_offset = (char *)pSMB + offset + 4;
if (pSMB->hdr.Flags2 & SMBFLG2_UNICODE) { if (pSMB->hdr.Flags2 & SMBFLG2_UNICODE) {
name_len_target = name_len_target =
cifsConvertToUTF16((__le16 *) data_offset, toName, cifsConvertToUTF16((__le16 *) data_offset, toName,
...@@ -3009,7 +3012,8 @@ CIFSUnixCreateHardLink(const unsigned int xid, struct cifs_tcon *tcon, ...@@ -3009,7 +3012,8 @@ CIFSUnixCreateHardLink(const unsigned int xid, struct cifs_tcon *tcon,
InformationLevel) - 4; InformationLevel) - 4;
offset = param_offset + params; offset = param_offset + params;
data_offset = (char *) (&pSMB->hdr.Protocol) + offset; /* SMB offsets are from the beginning of SMB which is 4 bytes in, after RFC1001 field */
data_offset = (char *)pSMB + offset + 4;
if (pSMB->hdr.Flags2 & SMBFLG2_UNICODE) { if (pSMB->hdr.Flags2 & SMBFLG2_UNICODE) {
name_len_target = name_len_target =
cifsConvertToUTF16((__le16 *) data_offset, fromName, cifsConvertToUTF16((__le16 *) data_offset, fromName,
...@@ -5626,9 +5630,9 @@ CIFSSMBSetFileSize(const unsigned int xid, struct cifs_tcon *tcon, ...@@ -5626,9 +5630,9 @@ CIFSSMBSetFileSize(const unsigned int xid, struct cifs_tcon *tcon,
pSMB->TotalDataCount = pSMB->DataCount; pSMB->TotalDataCount = pSMB->DataCount;
pSMB->TotalParameterCount = pSMB->ParameterCount; pSMB->TotalParameterCount = pSMB->ParameterCount;
pSMB->ParameterOffset = cpu_to_le16(param_offset); pSMB->ParameterOffset = cpu_to_le16(param_offset);
/* SMB offsets are from the beginning of SMB which is 4 bytes in, after RFC1001 field */
parm_data = parm_data =
(struct file_end_of_file_info *) (((char *) &pSMB->hdr.Protocol) (struct file_end_of_file_info *)(((char *)pSMB) + offset + 4);
+ offset);
pSMB->DataOffset = cpu_to_le16(offset); pSMB->DataOffset = cpu_to_le16(offset);
parm_data->FileSize = cpu_to_le64(size); parm_data->FileSize = cpu_to_le64(size);
pSMB->Fid = cfile->fid.netfid; pSMB->Fid = cfile->fid.netfid;
...@@ -5761,7 +5765,8 @@ CIFSSMBSetFileDisposition(const unsigned int xid, struct cifs_tcon *tcon, ...@@ -5761,7 +5765,8 @@ CIFSSMBSetFileDisposition(const unsigned int xid, struct cifs_tcon *tcon,
param_offset = offsetof(struct smb_com_transaction2_sfi_req, Fid) - 4; param_offset = offsetof(struct smb_com_transaction2_sfi_req, Fid) - 4;
offset = param_offset + params; offset = param_offset + params;
data_offset = (char *) (&pSMB->hdr.Protocol) + offset; /* SMB offsets are from the beginning of SMB which is 4 bytes in, after RFC1001 field */
data_offset = (char *)(pSMB) + offset + 4;
count = 1; count = 1;
pSMB->MaxParameterCount = cpu_to_le16(2); pSMB->MaxParameterCount = cpu_to_le16(2);
...@@ -6062,9 +6067,8 @@ CIFSSMBUnixSetPathInfo(const unsigned int xid, struct cifs_tcon *tcon, ...@@ -6062,9 +6067,8 @@ CIFSSMBUnixSetPathInfo(const unsigned int xid, struct cifs_tcon *tcon,
param_offset = offsetof(struct smb_com_transaction2_spi_req, param_offset = offsetof(struct smb_com_transaction2_spi_req,
InformationLevel) - 4; InformationLevel) - 4;
offset = param_offset + params; offset = param_offset + params;
data_offset = /* SMB offsets are from the beginning of SMB which is 4 bytes in, after RFC1001 field */
(FILE_UNIX_BASIC_INFO *) ((char *) &pSMB->hdr.Protocol + data_offset = (FILE_UNIX_BASIC_INFO *)((char *) pSMB + offset + 4);
offset);
memset(data_offset, 0, count); memset(data_offset, 0, count);
pSMB->DataOffset = cpu_to_le16(offset); pSMB->DataOffset = cpu_to_le16(offset);
pSMB->ParameterOffset = cpu_to_le16(param_offset); pSMB->ParameterOffset = cpu_to_le16(param_offset);
......
...@@ -1403,6 +1403,11 @@ cifs_get_tcp_session(struct smb3_fs_context *ctx) ...@@ -1403,6 +1403,11 @@ cifs_get_tcp_session(struct smb3_fs_context *ctx)
goto out_err_crypto_release; goto out_err_crypto_release;
} }
tcp_ses->min_offload = ctx->min_offload; tcp_ses->min_offload = ctx->min_offload;
/*
* at this point we are the only ones with the pointer
* to the struct since the kernel thread not created yet
* no need to spinlock this update of tcpStatus
*/
tcp_ses->tcpStatus = CifsNeedNegotiate; tcp_ses->tcpStatus = CifsNeedNegotiate;
if ((ctx->max_credits < 20) || (ctx->max_credits > 60000)) if ((ctx->max_credits < 20) || (ctx->max_credits > 60000))
......
...@@ -322,7 +322,6 @@ smb3_fs_context_dup(struct smb3_fs_context *new_ctx, struct smb3_fs_context *ctx ...@@ -322,7 +322,6 @@ smb3_fs_context_dup(struct smb3_fs_context *new_ctx, struct smb3_fs_context *ctx
new_ctx->UNC = NULL; new_ctx->UNC = NULL;
new_ctx->source = NULL; new_ctx->source = NULL;
new_ctx->iocharset = NULL; new_ctx->iocharset = NULL;
/* /*
* Make sure to stay in sync with smb3_cleanup_fs_context_contents() * Make sure to stay in sync with smb3_cleanup_fs_context_contents()
*/ */
...@@ -792,6 +791,8 @@ static int smb3_fs_context_parse_param(struct fs_context *fc, ...@@ -792,6 +791,8 @@ static int smb3_fs_context_parse_param(struct fs_context *fc,
int i, opt; int i, opt;
bool is_smb3 = !strcmp(fc->fs_type->name, "smb3"); bool is_smb3 = !strcmp(fc->fs_type->name, "smb3");
bool skip_parsing = false; bool skip_parsing = false;
kuid_t uid;
kgid_t gid;
cifs_dbg(FYI, "CIFS: parsing cifs mount option '%s'\n", param->key); cifs_dbg(FYI, "CIFS: parsing cifs mount option '%s'\n", param->key);
...@@ -904,18 +905,31 @@ static int smb3_fs_context_parse_param(struct fs_context *fc, ...@@ -904,18 +905,31 @@ static int smb3_fs_context_parse_param(struct fs_context *fc,
} }
break; break;
case Opt_uid: case Opt_uid:
ctx->linux_uid.val = result.uint_32; uid = make_kuid(current_user_ns(), result.uint_32);
if (!uid_valid(uid))
goto cifs_parse_mount_err;
ctx->linux_uid = uid;
ctx->uid_specified = true; ctx->uid_specified = true;
break; break;
case Opt_cruid: case Opt_cruid:
ctx->cred_uid.val = result.uint_32; uid = make_kuid(current_user_ns(), result.uint_32);
if (!uid_valid(uid))
goto cifs_parse_mount_err;
ctx->cred_uid = uid;
ctx->cruid_specified = true;
break; break;
case Opt_backupgid: case Opt_backupgid:
ctx->backupgid.val = result.uint_32; gid = make_kgid(current_user_ns(), result.uint_32);
if (!gid_valid(gid))
goto cifs_parse_mount_err;
ctx->backupgid = gid;
ctx->backupgid_specified = true; ctx->backupgid_specified = true;
break; break;
case Opt_gid: case Opt_gid:
ctx->linux_gid.val = result.uint_32; gid = make_kgid(current_user_ns(), result.uint_32);
if (!gid_valid(gid))
goto cifs_parse_mount_err;
ctx->linux_gid = gid;
ctx->gid_specified = true; ctx->gid_specified = true;
break; break;
case Opt_port: case Opt_port:
......
...@@ -155,6 +155,7 @@ enum cifs_param { ...@@ -155,6 +155,7 @@ enum cifs_param {
struct smb3_fs_context { struct smb3_fs_context {
bool uid_specified; bool uid_specified;
bool cruid_specified;
bool gid_specified; bool gid_specified;
bool sloppy; bool sloppy;
bool got_ip; bool got_ip;
......
...@@ -433,6 +433,29 @@ build_compression_ctxt(struct smb2_compression_capabilities_context *pneg_ctxt) ...@@ -433,6 +433,29 @@ build_compression_ctxt(struct smb2_compression_capabilities_context *pneg_ctxt)
pneg_ctxt->CompressionAlgorithms[2] = SMB3_COMPRESS_LZNT1; pneg_ctxt->CompressionAlgorithms[2] = SMB3_COMPRESS_LZNT1;
} }
static unsigned int
build_signing_ctxt(struct smb2_signing_capabilities *pneg_ctxt)
{
unsigned int ctxt_len = sizeof(struct smb2_signing_capabilities);
unsigned short num_algs = 1; /* number of signing algorithms sent */
pneg_ctxt->ContextType = SMB2_SIGNING_CAPABILITIES;
/*
* Context Data length must be rounded to multiple of 8 for some servers
*/
pneg_ctxt->DataLength = cpu_to_le16(DIV_ROUND_UP(
sizeof(struct smb2_signing_capabilities) -
sizeof(struct smb2_neg_context) +
(num_algs * 2 /* sizeof u16 */), 8) * 8);
pneg_ctxt->SigningAlgorithmCount = cpu_to_le16(num_algs);
pneg_ctxt->SigningAlgorithms[0] = cpu_to_le16(SIGNING_ALG_AES_CMAC);
ctxt_len += 2 /* sizeof le16 */ * num_algs;
ctxt_len = DIV_ROUND_UP(ctxt_len, 8) * 8;
return ctxt_len;
/* TBD add SIGNING_ALG_AES_GMAC and/or SIGNING_ALG_HMAC_SHA256 */
}
static void static void
build_encrypt_ctxt(struct smb2_encryption_neg_context *pneg_ctxt) build_encrypt_ctxt(struct smb2_encryption_neg_context *pneg_ctxt)
{ {
...@@ -498,7 +521,7 @@ assemble_neg_contexts(struct smb2_negotiate_req *req, ...@@ -498,7 +521,7 @@ assemble_neg_contexts(struct smb2_negotiate_req *req,
struct TCP_Server_Info *server, unsigned int *total_len) struct TCP_Server_Info *server, unsigned int *total_len)
{ {
char *pneg_ctxt; char *pneg_ctxt;
unsigned int ctxt_len; unsigned int ctxt_len, neg_context_count;
if (*total_len > 200) { if (*total_len > 200) {
/* In case length corrupted don't want to overrun smb buffer */ /* In case length corrupted don't want to overrun smb buffer */
...@@ -525,6 +548,17 @@ assemble_neg_contexts(struct smb2_negotiate_req *req, ...@@ -525,6 +548,17 @@ assemble_neg_contexts(struct smb2_negotiate_req *req,
*total_len += ctxt_len; *total_len += ctxt_len;
pneg_ctxt += ctxt_len; pneg_ctxt += ctxt_len;
ctxt_len = build_netname_ctxt((struct smb2_netname_neg_context *)pneg_ctxt,
server->hostname);
*total_len += ctxt_len;
pneg_ctxt += ctxt_len;
build_posix_ctxt((struct smb2_posix_neg_context *)pneg_ctxt);
*total_len += sizeof(struct smb2_posix_neg_context);
pneg_ctxt += sizeof(struct smb2_posix_neg_context);
neg_context_count = 4;
if (server->compress_algorithm) { if (server->compress_algorithm) {
build_compression_ctxt((struct smb2_compression_capabilities_context *) build_compression_ctxt((struct smb2_compression_capabilities_context *)
pneg_ctxt); pneg_ctxt);
...@@ -533,17 +567,20 @@ assemble_neg_contexts(struct smb2_negotiate_req *req, ...@@ -533,17 +567,20 @@ assemble_neg_contexts(struct smb2_negotiate_req *req,
8) * 8; 8) * 8;
*total_len += ctxt_len; *total_len += ctxt_len;
pneg_ctxt += ctxt_len; pneg_ctxt += ctxt_len;
req->NegotiateContextCount = cpu_to_le16(5); neg_context_count++;
} else }
req->NegotiateContextCount = cpu_to_le16(4);
ctxt_len = build_netname_ctxt((struct smb2_netname_neg_context *)pneg_ctxt, if (enable_negotiate_signing) {
server->hostname); ctxt_len = build_signing_ctxt((struct smb2_signing_capabilities *)
pneg_ctxt);
*total_len += ctxt_len; *total_len += ctxt_len;
pneg_ctxt += ctxt_len; pneg_ctxt += ctxt_len;
neg_context_count++;
}
/* check for and add transport_capabilities and signing capabilities */
req->NegotiateContextCount = cpu_to_le16(neg_context_count);
build_posix_ctxt((struct smb2_posix_neg_context *)pneg_ctxt);
*total_len += sizeof(struct smb2_posix_neg_context);
} }
static void decode_preauth_context(struct smb2_preauth_neg_context *ctxt) static void decode_preauth_context(struct smb2_preauth_neg_context *ctxt)
...@@ -632,6 +669,31 @@ static int decode_encrypt_ctx(struct TCP_Server_Info *server, ...@@ -632,6 +669,31 @@ static int decode_encrypt_ctx(struct TCP_Server_Info *server,
return 0; return 0;
} }
static void decode_signing_ctx(struct TCP_Server_Info *server,
struct smb2_signing_capabilities *pctxt)
{
unsigned int len = le16_to_cpu(pctxt->DataLength);
if ((len < 4) || (len > 16)) {
pr_warn_once("server sent bad signing negcontext\n");
return;
}
if (le16_to_cpu(pctxt->SigningAlgorithmCount) != 1) {
pr_warn_once("Invalid signing algorithm count\n");
return;
}
if (le16_to_cpu(pctxt->SigningAlgorithms[0]) > 2) {
pr_warn_once("unknown signing algorithm\n");
return;
}
server->signing_negotiated = true;
server->signing_algorithm = le16_to_cpu(pctxt->SigningAlgorithms[0]);
cifs_dbg(FYI, "signing algorithm %d chosen\n",
server->signing_algorithm);
}
static int smb311_decode_neg_context(struct smb2_negotiate_rsp *rsp, static int smb311_decode_neg_context(struct smb2_negotiate_rsp *rsp,
struct TCP_Server_Info *server, struct TCP_Server_Info *server,
unsigned int len_of_smb) unsigned int len_of_smb)
...@@ -675,6 +737,9 @@ static int smb311_decode_neg_context(struct smb2_negotiate_rsp *rsp, ...@@ -675,6 +737,9 @@ static int smb311_decode_neg_context(struct smb2_negotiate_rsp *rsp,
(struct smb2_compression_capabilities_context *)pctx); (struct smb2_compression_capabilities_context *)pctx);
else if (pctx->ContextType == SMB2_POSIX_EXTENSIONS_AVAILABLE) else if (pctx->ContextType == SMB2_POSIX_EXTENSIONS_AVAILABLE)
server->posix_ext_supported = true; server->posix_ext_supported = true;
else if (pctx->ContextType == SMB2_SIGNING_CAPABILITIES)
decode_signing_ctx(server,
(struct smb2_signing_capabilities *)pctx);
else else
cifs_server_dbg(VFS, "unknown negcontext of type %d ignored\n", cifs_server_dbg(VFS, "unknown negcontext of type %d ignored\n",
le16_to_cpu(pctx->ContextType)); le16_to_cpu(pctx->ContextType));
......
...@@ -13,7 +13,7 @@ ...@@ -13,7 +13,7 @@
#define _SMB2PDU_H #define _SMB2PDU_H
#include <net/sock.h> #include <net/sock.h>
#include <cifsacl.h> #include "cifsacl.h"
/* /*
* Note that, due to trying to use names similar to the protocol specifications, * Note that, due to trying to use names similar to the protocol specifications,
...@@ -329,7 +329,7 @@ struct smb2_neg_context { ...@@ -329,7 +329,7 @@ struct smb2_neg_context {
__le16 ContextType; __le16 ContextType;
__le16 DataLength; __le16 DataLength;
__le32 Reserved; __le32 Reserved;
/* Followed by array of data */ /* Followed by array of data. NOTE: some servers require padding to 8 byte boundary */
} __packed; } __packed;
#define SMB311_LINUX_CLIENT_SALT_SIZE 32 #define SMB311_LINUX_CLIENT_SALT_SIZE 32
...@@ -394,6 +394,7 @@ struct smb2_compression_capabilities_context { ...@@ -394,6 +394,7 @@ struct smb2_compression_capabilities_context {
__u16 Padding; __u16 Padding;
__u32 Flags; __u32 Flags;
__le16 CompressionAlgorithms[3]; __le16 CompressionAlgorithms[3];
/* Check if pad needed */
} __packed; } __packed;
/* /*
...@@ -420,6 +421,7 @@ struct smb2_transport_capabilities_context { ...@@ -420,6 +421,7 @@ struct smb2_transport_capabilities_context {
__le16 DataLength; __le16 DataLength;
__u32 Reserved; __u32 Reserved;
__le32 Flags; __le32 Flags;
__u32 Pad;
} __packed; } __packed;
/* /*
...@@ -458,6 +460,7 @@ struct smb2_signing_capabilities { ...@@ -458,6 +460,7 @@ struct smb2_signing_capabilities {
__u32 Reserved; __u32 Reserved;
__le16 SigningAlgorithmCount; __le16 SigningAlgorithmCount;
__le16 SigningAlgorithms[]; __le16 SigningAlgorithms[];
/* Followed by padding to 8 byte boundary (required by some servers) */
} __packed; } __packed;
#define POSIX_CTXT_DATA_LEN 16 #define POSIX_CTXT_DATA_LEN 16
......
...@@ -431,7 +431,9 @@ __smb_send_rqst(struct TCP_Server_Info *server, int num_rqst, ...@@ -431,7 +431,9 @@ __smb_send_rqst(struct TCP_Server_Info *server, int num_rqst,
* be taken as the remainder of this one. We need to kill the * be taken as the remainder of this one. We need to kill the
* socket so the server throws away the partial SMB * socket so the server throws away the partial SMB
*/ */
spin_lock(&GlobalMid_Lock);
server->tcpStatus = CifsNeedReconnect; server->tcpStatus = CifsNeedReconnect;
spin_unlock(&GlobalMid_Lock);
trace_smb3_partial_send_reconnect(server->CurrentMid, trace_smb3_partial_send_reconnect(server->CurrentMid,
server->conn_id, server->hostname); server->conn_id, server->hostname);
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment