svn commit: linux-cifs-client r45 - in branches/linux-2.6-cifs-git-devel/fs/cifs: .

sfrench at samba.org sfrench at samba.org
Sat Jan 14 05:39:00 GMT 2006 

Author: sfrench
Date: 2006-01-14 05:38:59 +0000 (Sat, 14 Jan 2006)
New Revision: 45

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=linux-cifs-client&rev=45

Log:
Fix Samba bug 3301 - allow share mode security for cifs vfs

Modified:
   branches/linux-2.6-cifs-git-devel/fs/cifs/CHANGES
   branches/linux-2.6-cifs-git-devel/fs/cifs/cifsacl.h
   branches/linux-2.6-cifs-git-devel/fs/cifs/cifssmb.c
   branches/linux-2.6-cifs-git-devel/fs/cifs/connect.c


Changeset:
Modified: branches/linux-2.6-cifs-git-devel/fs/cifs/CHANGES
===================================================================
--- branches/linux-2.6-cifs-git-devel/fs/cifs/CHANGES	2006-01-12 23:50:37 UTC (rev 44)
+++ branches/linux-2.6-cifs-git-devel/fs/cifs/CHANGES	2006-01-14 05:38:59 UTC (rev 45)
@@ -3,7 +3,8 @@
 Use fsuid (fsgid) more consistently instead of uid (gid). Improve performance
 of readpages by eliminating one extra memcpy. Allow update of file size
 from remote server even if file is open for write as long as mount is
-directio.
+directio.  Recognize share mode security and send NTLM encrypted password
+on tree connect if share mode negotiated.
 
 Version 1.39
 ------------

Modified: branches/linux-2.6-cifs-git-devel/fs/cifs/cifsacl.h
===================================================================
--- branches/linux-2.6-cifs-git-devel/fs/cifs/cifsacl.h	2006-01-12 23:50:37 UTC (rev 44)
+++ branches/linux-2.6-cifs-git-devel/fs/cifs/cifsacl.h	2006-01-14 05:38:59 UTC (rev 45)
@@ -26,13 +26,13 @@
 	__u8 revision; /* revision level */
 	__u8 num_subauths;
 	__u8 authority[6];
-	__u8 sub_auth[4];
+	__u32 sub_auth[4];
 	/* next sub_auth if any ... */
 } __attribute__((packed));
 
 /* everyone */
-const cifs_sid sid_everyone = {1, 1, {0, 0, 0, 0, 0, 0}, {0, 0, 0, 0}};
+extern const struct cifs_sid sid_everyone;
 /* group users */
-const cifs_sid sid_user = {1, 2 , {0, 0, 0, 0, 0, 5}, {32, 545, 0, 0}};
+extern const struct cifs_sid sid_user;
 
 #endif /* _CIFSACL_H */

Modified: branches/linux-2.6-cifs-git-devel/fs/cifs/cifssmb.c
===================================================================
--- branches/linux-2.6-cifs-git-devel/fs/cifs/cifssmb.c	2006-01-12 23:50:37 UTC (rev 44)
+++ branches/linux-2.6-cifs-git-devel/fs/cifs/cifssmb.c	2006-01-14 05:38:59 UTC (rev 45)
@@ -37,6 +37,7 @@
 #include "cifsproto.h"
 #include "cifs_unicode.h"
 #include "cifs_debug.h"
+#include "cifsacl.h"
 
 #ifdef CONFIG_CIFS_POSIX
 static struct {
@@ -372,8 +373,10 @@
 	rc = SendReceive(xid, ses, (struct smb_hdr *) pSMB,
 			 (struct smb_hdr *) pSMBr, &bytes_returned, 0);
 	if (rc == 0) {
-		server->secMode = pSMBr->SecurityMode;	
-		server->secType = NTLM; /* BB override default for 
+		server->secMode = pSMBr->SecurityMode;
+		if((server->secMode & SECMODE_USER) == 0)
+			cFYI(1,("share mode security"));
+		server->secType = NTLM; /* BB override default for
 					   NTLMv2 or kerberos v5 */
 		/* one byte - no need to convert this or EncryptionKeyLen
 		   from little endian */
@@ -383,7 +386,7 @@
 			min(le32_to_cpu(pSMBr->MaxBufferSize),
 			(__u32) CIFSMaxBufSize + MAX_CIFS_HDR_SIZE);
 		server->maxRw = le32_to_cpu(pSMBr->MaxRawSize);
-		cFYI(0, ("Max buf = %d ", ses->server->maxBuf));
+		cFYI(0, ("Max buf = %d", ses->server->maxBuf));
 		GETU32(ses->server->sessid) = le32_to_cpu(pSMBr->SessionKey);
 		server->capabilities = le32_to_cpu(pSMBr->Capabilities);
 		server->timeZone = le16_to_cpu(pSMBr->ServerTimeZone);	
@@ -411,8 +414,7 @@
 						(server->server_GUID,
 						pSMBr->u.extended_response.
 						GUID, 16) != 0) {
-						cFYI(1,
-						     ("UID of server does not match previous connection to same ip address"));
+						cFYI(1, ("server UID changed"));
 						memcpy(server->
 							server_GUID,
 							pSMBr->u.
@@ -2494,10 +2496,15 @@
 
 #endif /* CONFIG_POSIX */
 
+
+/* security id for everyone */
+const struct cifs_sid sid_everyone = {1, 1, {0, 0, 0, 0, 0, 0}, {0, 0, 0, 0}};
+/* group users */
+const struct cifs_sid sid_user = {1, 2 , {0, 0, 0, 0, 0, 5}, {32, 545, 0, 0}};
+
 /* Convert CIFS ACL to POSIX form */
-static int parse_sec_desc(struct sec_desc * psec_desc, int acl_len)
+static int parse_sec_desc(struct cifs_sid * psec_desc, int acl_len)
 {
-	CHECK ON OTHER COMPUTER TO SEE IF FORMAT ENCODED IN CIFSPDU.H ALREADY
 	return 0;
 }
 

Modified: branches/linux-2.6-cifs-git-devel/fs/cifs/connect.c
===================================================================
--- branches/linux-2.6-cifs-git-devel/fs/cifs/connect.c	2006-01-12 23:50:37 UTC (rev 44)
+++ branches/linux-2.6-cifs-git-devel/fs/cifs/connect.c	2006-01-14 05:38:59 UTC (rev 45)
@@ -1795,7 +1795,8 @@
 		cifs_sb->mnt_gid = volume_info.linux_gid;
 		cifs_sb->mnt_file_mode = volume_info.file_mode;
 		cifs_sb->mnt_dir_mode = volume_info.dir_mode;
-		cFYI(1,("file mode: 0x%x  dir mode: 0x%x",cifs_sb->mnt_file_mode,cifs_sb->mnt_dir_mode));
+		cFYI(1,("file mode: 0x%x  dir mode: 0x%x",
+			cifs_sb->mnt_file_mode,cifs_sb->mnt_dir_mode));
 
 		if(volume_info.noperm)
 			cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_PERM;
@@ -1972,7 +1973,7 @@
 	__u32 capabilities;
 	__u16 count;
 
-	cFYI(1, ("In sesssetup "));
+	cFYI(1, ("In sesssetup"));
 	if(ses == NULL)
 		return -EINVAL;
 	user = ses->userName;
@@ -3248,10 +3249,27 @@
 
 	pSMB->AndXCommand = 0xFF;
 	pSMB->Flags = cpu_to_le16(TCON_EXTENDED_SECINFO);
-	pSMB->PasswordLength = cpu_to_le16(1);	/* minimum */
 	bcc_ptr = &pSMB->Password[0];
-	bcc_ptr++;		/* skip password */
+	if((ses->server->secMode) & SECMODE_USER) {
+		pSMB->PasswordLength = cpu_to_le16(1);	/* minimum */
+		bcc_ptr++;              /* skip password */
+	} else {
+		pSMB->PasswordLength = cpu_to_le16(CIFS_SESSION_KEY_SIZE);
+		/* BB FIXME add code to fail this if NTLMv2 or Kerberos
+		   specified as required (when that support is added to
+		   the vfs in the future) as only NTLM or the much
+		   weaker LANMAN (which we do not send) is accepted
+		   by Samba (not sure whether other servers allow
+		   NTLMv2 password here) */
+		SMBNTencrypt(ses->password,
+			     ses->server->cryptKey,
+			     bcc_ptr);
 
+		bcc_ptr += CIFS_SESSION_KEY_SIZE;
+		*bcc_ptr = 0;
+		bcc_ptr++; /* align */
+	}
+
 	if(ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
 		smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
 
@@ -3268,7 +3286,6 @@
 		bcc_ptr += 2 * length;	/* convert num of 16 bit words to bytes */
 		bcc_ptr += 2;	/* skip trailing null */
 	} else {		/* ASCII */
-
 		strcpy(bcc_ptr, tree);
 		bcc_ptr += strlen(tree) + 1;
 	}

More information about the samba-cvs mailing list