Also, fix the parser to recognize them and set the secType
accordingly. Make CIFSSMBNegotiate not error out automatically
after parsing the securityBlob.
Also thanks to Q (Igor) and Simo for their help on this
set of kerberos patches (and Dave Howells for help on the
upcall).
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
Now GetACL in getinodeinfo path when cifsacl mount option used, and
ACL is parsed for SIDs. Missing only one piece now to be able
to retrieve the mode
Signed-off-by: Steve French <sfrench@us.ibm.com>
get rid of couple of unused function warnings which
show up when CONFIG_CIFS_EXPERIMENTAL is not defined - wrap them in
#ifdef CONFIG_CIFS_EXPERIMENTAL. Patch against current git.
Signed-off-by: Parag Warudkar <kernel-stuff@comcast.net>
Signed-off-by: Steve French <sfrench@us.ibm.com>
Also returns more accurate errors to mount for the cases of
account expired and password expired
Acked-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
SPNEGO NegProt response also contains a server_GUID. Parse it as we
would for RawNTLMSSP.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
[CIFS] fix error message about packet signing
When packet signing is disabled and the server requires it, cifs prints
an error message. The current message refers to a file in /proc that no
longer exists. Fix it to refer to the correct file.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
Fixes two problems:
1) we dropped down to negotiating lanman if we did not recognize the
mechanism (krb5 e.g.)
2) we did not stop cifsd (thus will fail when doing rmod cifs with
slab free errors) when we fail tcon but have a bad session (which is
the case in which signing is required but we don't allow signing on
the client)
It also turns on extended security flag in the header when passing
"sec=krb5" on mount command (although kerberos support is not done of
course)
Acked-by: Jeff Layton <jlayton@redhat.com>
CC: Shaggy <shaggy@us.ibm.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
We were allocating request buffers twice in the statfs
path when mounted to very old (Windows 9x) servers.
Signed-off-by: Steve French <sfrench@us.ibm.com>
Add code to be able to dump CIFS ACL information
when Query Posix ACL with cifsacl mount parm enabled.
Signed-off-by: Shirish Pargoankar <shirishp@us.ibm.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
Previously the only way to do this was to umount all mounts to that server,
turn off a proc setting (/proc/fs/cifs/LinuxExtensionsEnabled).
Fixes Samba bugzilla bug number: 4582 (and also 2008)
Signed-off-by: Steve French <sfrench@us.ibm.com>
In the cleanup phase of the dbench test, we were noticing sharing
violation followed by failed directory removals when dbench
did not close the test files before the cleanup phase started.
Using the new POSIX unlink, which Samba has supported for a few
months, avoids this.
Signed-off-by: Steve French <sfrench@us.ibm.com>
This should be the last big batch of whitespace/formatting fixes.
checkpatch warnings for the cifs directory are down about 90% and
many of the remaining ones are harder to remove or make the code
harder to read.
Signed-off-by: Steve French <sfrench@us.ibm.com>
Currently, if mount with a signing-enabled sec= option (e.g.
sec=ntlmi), the kernel does a warning printk if the server doesn't
support signing, and then proceeds without signatures.
This is probably OK for people that think to look at the ring buffer,
but seems wrong to me. If someone explicitly requests signing, we
should error out if that request can't be satisfied. They can then
reattempt the mount without signing if that's ok.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
We were checking the wrong (old) global variable to determine
whether to override server and force signing on the SMB
connection.
Acked-by: Dave Kleikamp <shaggy@austin.ibm.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
A related signature issue that I came across.
There's a bug in win2k that when NT error codes are not negotiated, the
server doesn't response that signatures are mandatory. Since there's
(currently) no way turn on signatures in such case, I had to force NT
error codes, so that this bug will not occur
Signed-off-by: Yehuda Sadeh Weinraub <Yehuda.Sadeh@expand.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
In fixing a bug Samba 3.0.26pre allowed some clients (including Linux cifs
client) to change file size to zero in SET_FILE_UNIX_BASIC (which Linux cifs
client uses for chmod).
The server has been "fixed" now but that also fixes the client to net send
file size zero on chmod.
Fixes Samba bugzilla bug # 4418.
Fixed with help from Jeremy Allison
Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Steve French <sfrench@us.ibm.com>
The C99 specification states in section 6.11.5:
The placement of a storage-class specifier other than at the
beginning of the declaration specifiers in a declaration is an
obsolescent feature.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
After temporary server or network failure and reconneciton, we were not
resending the unix capabilities via SetFSInfo - which confused Samba posix
byte range locking code.
Discovered by jra
Signed-off-by: Steve French <sfrench@us.ibm.com>
Run this:
#!/bin/sh
for f in $(grep -Erl "\([^\)]*\) *k[cmz]alloc" *) ; do
echo "De-casting $f..."
perl -pi -e "s/ ?= ?\([^\)]*\) *(k[cmz]alloc) *\(/ = \1\(/" $f
done
And then go through and reinstate those cases where code is casting pointers
to non-pointers.
And then drop a few hunks which conflicted with outstanding work.
Cc: Russell King <rmk@arm.linux.org.uk>, Ian Molton <spyro@f2s.com>
Cc: Mikael Starvik <starvik@axis.com>
Cc: Yoshinori Sato <ysato@users.sourceforge.jp>
Cc: Roman Zippel <zippel@linux-m68k.org>
Cc: Geert Uytterhoeven <geert@linux-m68k.org>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: Paul Mackerras <paulus@samba.org>
Cc: Kyle McMartin <kyle@mcmartin.ca>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Jeff Dike <jdike@addtoit.com>
Cc: Greg KH <greg@kroah.com>
Cc: Jens Axboe <jens.axboe@oracle.com>
Cc: Paul Fulghum <paulkf@microgate.com>
Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
Cc: Karsten Keil <kkeil@suse.de>
Cc: Mauro Carvalho Chehab <mchehab@infradead.org>
Cc: Jeff Garzik <jeff@garzik.org>
Cc: James Bottomley <James.Bottomley@steeleye.com>
Cc: Ian Kent <raven@themaw.net>
Cc: Steven French <sfrench@us.ibm.com>
Cc: David Woodhouse <dwmw2@infradead.org>
Cc: Neil Brown <neilb@cse.unsw.edu.au>
Cc: Jaroslav Kysela <perex@suse.cz>
Cc: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* missing cpu_to_le64() for ChangeTime (introduced by
[CIFS] Legacy time handling for Win9x and OS/2 part 1)
* missing le16_to_cpu() for DialectIndex (introduced by
[CIFS] Do not send newer QFSInfo to legacy servers which can not support it)
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Fix dialect negotiation to save off when we have negotiated lanman.
This allows us to avoid sending some somewhat newer requests that the server
can not handle and go directly to the older version (infolevel) of the same
call. Make sure we try to negotiate a level which allows us to get the
server OS (which we check so we can detect Win9x vs. other legacy servers
and eventually work around the Win9x DOS time bug (they reverse date/time
fields).
Signed-off-by: Steve French <sfrench@us.ibm.com>
Server time zone is not really a time zone, rather a time adjustement
in seconds.
CC: Guenter Kukkukk <linux@kukkukk.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
Most cases of the ones found by Shaggy by
"make namespacecheck"
could be removed or made static
Ack: Dave Kleikamp <shaggy@austin.ibm.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
le16 compared to host-endian constant
u8 fed to le32_to_cpu()
le16 compared to host-endian constant
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Steve French <sfrench@us.ibm.com>
Allow Windows blocking locks to be cancelled via a
CANCEL_LOCK call. TODO - restrict this to servers
that support NT_STATUS codes (Win9x will probably
not support this call).
Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Steve French <sfrench@us.ibm.com>
(cherry picked from 570d4d2d895569825d0d017d4e76b51138f68864 commit)
request and do not time out slow requests to a server that is still responding
well to other threads
Suggested by jra of Samba team
Signed-off-by: Steve French <sfrench@us.ibm.com>
(cherry picked from 89b57148115479eef074b8d3f86c4c86c96ac969 commit)