An error occurred fetching the project authors.
- 24 May, 2023 1 commit
-
-
Steve French authored
Move CIFS/SMB3 related client and server files (cifs.ko and ksmbd.ko and helper modules) to new fs/smb subdirectory: fs/cifs --> fs/smb/client fs/ksmbd --> fs/smb/server fs/smbfs_common --> fs/smb/common Suggested-by:
Linus Torvalds <torvalds@linux-foundation.org> Acked-by:
Namjae Jeon <linkinjeon@kernel.org> Signed-off-by:
Steve French <stfrench@microsoft.com>
-
- 04 May, 2023 1 commit
-
-
Namjae Jeon authored
Deadlock is triggered by sending multiple concurrent session setup requests. It should be reused after releasing when getting ctx for crypto. Multiple consecutive ctx uses cause deadlock while waiting for releasing due to the limited number of ctx. Cc: stable@vger.kernel.org Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-20591 Signed-off-by:
-
- 22 Mar, 2023 1 commit
-
-
Namjae Jeon authored
MacOS and Win11 support AES256 encrytion and it is included in the cipher array of encryption context. Especially on macOS, The most preferred cipher is AES256. Connecting to ksmbd fails on newer MacOS clients that support AES256 encryption. MacOS send disconnect request after receiving final session setup response from ksmbd. Because final session setup is signed with signing key was generated incorrectly. For signging key, 'L' value should be initialized to 128 if key size is 16bytes. Cc: stable@vger.kernel.org Reported-by:
Miao Lihua <441884205@qq.com> Tested-by:
-
- 02 Jan, 2023 1 commit
-
-
William Liu authored
"nt_len - CIFS_ENCPWD_SIZE" is passed directly from ksmbd_decode_ntlmssp_auth_blob to ksmbd_auth_ntlmv2. Malicious requests can set nt_len to less than CIFS_ENCPWD_SIZE, which results in a negative number (or large unsigned value) used for a subsequent memcpy in ksmbd_auth_ntlvm2 and can cause a panic. Fixes: e2f34481 ("cifsd: add server-side procedures for SMB3") Cc: stable@vger.kernel.org Signed-off-by:
William Liu <will@willsroot.io> Signed-off-by:
Hrvoje Mišetić <misetichrvoje@gmail.com> Acked-by:
-
- 05 Oct, 2022 2 commits
-
-
Namjae Jeon authored
If NTLMSSP_NEGOTIATE_SEAL flags is set in negotiate blob from client, Set NTLMSSP_NEGOTIATE_SEAL flag to challenge blob. Signed-off-by:
-
Namjae Jeon authored
If client send encrypted session logoff request on seal mount, Encryption for that response fails. ksmbd: Could not get encryption key CIFS: VFS: cifs_put_smb_ses: Session Logoff failure rc=-512 Session lookup fails in ksmbd_get_encryption_key() because sess->state is set to SMB2_SESSION_EXPIRED in session logoff. There is no need to do session lookup again to encrypt the response. This patch change to use ksmbd_session in ksmbd_work. Signed-off-by:
-
- 01 Aug, 2022 1 commit
-
-
Namjae Jeon authored
After multi-channel connection with windows, Several channels of session are connected. Among them, if there is a problem in one channel, Windows connects again after disconnecting the channel. In this process, the session is released and a kernel oop can occurs while processing requests to other channels. When the channel is disconnected, if other channels still exist in the session after deleting the channel from the channel list in the session, the session should not be released. Finally, the session will be released after all channels are disconnected. Signed-off-by:
Hyunchul Lee <hyc.lee@gmail.com> Signed-off-by:
-
- 04 Feb, 2022 1 commit
-
-
Namjae Jeon authored
When mounting cifs client, can see the following warning message. CIFS: decode_ntlmssp_challenge: authentication has been weakened as server does not support key exchange To remove this warning message, Add support for key exchange feature to ksmbd. This patch decrypts 16-byte ciphertext value sent by the client using RC4 with session key. The decrypted value is the recovered secondary key that will use instead of the session key for signing and sealing. Signed-off-by:
-
- 29 Dec, 2021 1 commit
-
-
Namjae Jeon authored
When RSS mode is enable, windows client do simultaneously send several session requests to server. There is racy issue using sess->ntlmssp.cryptkey on N connection : 1 session. So authetication failed using wrong cryptkey on some session. This patch move cryptkey to ksmbd_conn structure to use each cryptkey on connection. Tested-by:
Ziwei Xie <zw.xie@high-flyer.cn> Signed-off-by:
-
- 12 Nov, 2021 2 commits
-
-
Namjae Jeon authored
To move smb2_transform_hdr to smbfs_common, This patch remove smb2_buf_length variable in smb2_transform_hdr. Cc: Ronnie Sahlberg <ronniesahlberg@gmail.com> Signed-off-by:
-
Namjae Jeon authored
To move smb2_hdr to smbfs_common, This patch remove smb2_buf_length variable in smb2_hdr. Also, declare smb2_get_msg function to get smb2 request/response from ->request/response_buf. Cc: Ronnie Sahlberg <ronniesahlberg@gmail.com> Signed-off-by:
-
- 20 Oct, 2021 1 commit
-
-
Marios Makassikis authored
Make sure the security buffer's length/offset are valid with regards to the packet length. Acked-by:
Marios Makassikis <mmakassikis@freebox.fr> Signed-off-by:
-
- 29 Sep, 2021 1 commit
-
-
Namjae Jeon authored
Remove insecure NTLMv1 authentication. Cc: Ronnie Sahlberg <ronniesahlberg@gmail.com> Cc: Ralph Böhme <slow@samba.org> Reviewed-by:
Tom Talpey <tom@talpey.com> Acked-by:
Steve French <smfrench@gmail.com> Signed-off-by:
-
- 28 Jun, 2021 2 commits
-
-
Namjae Jeon authored
Move fs/cifsd to fs/ksmbd and rename the remaining cifsd name to ksmbd. Reviewed-by:
Christoph Hellwig <hch@lst.de> Signed-off-by:
Namjae Jeon <namjae.jeon@samsung.com> Signed-off-by:
-
Namjae Jeon authored
Use the pr_fmt built into pr_*. and use pr_err/info after removing wrapper ksmbd_err/info. Reviewed-by:
-
- 22 Jun, 2021 1 commit
-
-
Namjae Jeon authored
As vmalloc performance improvement patch for big allocation is merged into linux kernel, This feature is no longer not needed. Reviewed-by:
-
- 18 Jun, 2021 1 commit
-
-
Namjae Jeon authored
Add support for SMB3 multichannel. It will be enable by setting 'server multi channel support = yes' in smb.conf. Signed-off-by:
-
- 28 May, 2021 1 commit
-
-
Namjae Jeon authored
Fix a defect reported by Coverity Scan. *** CID 1504970: Control flow issues (NO_EFFECT) /fs/cifsd/auth.c: 622 in ksmbd_build_ntlmssp_challenge_blob() 616 name = kmalloc(2 + UNICODE_LEN(len), GFP_KERNEL); 617 if (!name) 618 return -ENOMEM; 619 620 conv_len = smb_strtoUTF16((__le16 *)name, ksmbd_netbios_name(), len, 621 sess->conn->local_nls); >>> CID 1504970: Control flow issues (NO_EFFECT) >>> This less-than-zero comparison of an unsigned value is never true. 622 if (conv_len < 0 || conv_len > len) { 623 kfree(name); 624 return -EINVAL; 625 } 626 627 uni_len = UNICODE_LEN(conv_len); Reported-by:Coverity Scan <scan-admin@coverity.com> Signed-off-by:
-
- 26 May, 2021 18 commits
-
-
Namjae Jeon authored
Fix warnings "Alignment should match open parenthesis" from checkpatch.pl --strict. Signed-off-by:
-
Namjae Jeon authored
Add the check to prevent potential overflow with smb_strtoUTF16() and UNICODE_LEN(). Reviewed-by:
Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by:
-
Namjae Jeon authored
Alignment match open parenthesis. Reviewed-by:
-
Namjae Jeon authored
Return -ENOMEM about error from ksmbd_crypto_ctx_find_xxx calls. And remove unneeded return value print in debug message. Reviewed-by:
-
Namjae Jeon authored
Simplify error handling in ksmbd_gen_preauth_integrity_hash(). Reviewed-by:
-
Namjae Jeon authored
Change success handling to failure handling in ksmbd_crypt_message(). Reviewed-by:
-
Namjae Jeon authored
Change error return instead of returning always success return. Reviewed-by:
-
Namjae Jeon authored
Remove unneeded initialization of rc variable in ksmbd_crypt_message(). Reviewed-by:
-
Namjae Jeon authored
Dan pointed out len can not be negative. This patch remove unneeded negative check in loop. Reviewed-by:
-
Namjae Jeon authored
Dan Carpenter pointed out that memory can be corrupted when nvec is zero. This patch add the check to prevent it. Reviewed-by:
-
Namjae Jeon authored
Never return 1 on failure. Reviewed-by:
-
Namjae Jeon authored
Return zero in always success case. Reviewed-by:
-
Namjae Jeon authored
Set error return value for memcmp() difference. Reviewed-by:
-
Namjae Jeon authored
Remove unneeded type casting. Reviewed-by:
-
Namjae Jeon authored
simplify error handling in ksmbd_auth_ntlm(). Reviewed-by:
-
Namjae Jeon authored
Move ret check before the out label. Reviewed-by:
-
Namjae Jeon authored
Just return smbhash() instead of using rc return value. Reviewed-by:
-
Namjae Jeon authored
Move fips_enabled check before the str_to_key(). Reviewed-by:
-
- 11 May, 2021 4 commits
-
-
Namjae Jeon authored
Now that 256 bit encryption can be negotiated, update names of the nonces to match the updated official protocol documentation (e.g. AES_GCM_NONCE instead of AES_128GCM_NONCE) since they apply to both 128 bit and 256 bit encryption. update smb encryption code to set 32 byte key length and to set gcm256/ccm256 when requested on mount. Signed-off-by:
-
Namjae Jeon authored
Do directly call kvmalloc/kvfree(). Signed-off-by:
-
Namjae Jeon authored
Dan Carpenter suggested to run chechpatch.pl --strict on ksmbd to fix check warnings. This patch does not fix all warnings but only things that I can understand. Signed-off-by:
-
Namjae Jeon authored
This adds smb3 engine, NTLM/NTLMv2/Kerberos authentication, oplock/lease cache mechanism for cifsd. Signed-off-by:
Sergey Senozhatsky <sergey.senozhatsky@gmail.com> Signed-off-by:
Ronnie Sahlberg <lsahlber@redhat.com> Signed-off-by:
-
