<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux-toradex.git/fs/cifs/cifsencrypt.c, branch v3.4.83</title>
<subtitle>Linux kernel for Apalis and Colibri modules</subtitle>
<link rel='alternate' type='text/html' href='https://git.toradex.cn/cgit/linux-toradex.git/'/>
<entry>
<title>cifs: extend the buffer length enought for sprintf() using</title>
<updated>2013-08-15T05:57:07+00:00</updated>
<author>
<name>Chen Gang</name>
<email>gang.chen@asianux.com</email>
</author>
<published>2013-07-19T01:01:36+00:00</published>
<link rel='alternate' type='text/html' href='https://git.toradex.cn/cgit/linux-toradex.git/commit/?id=3fbcb7f97cd2770e5d65490b57460844fb704f01'/>
<id>3fbcb7f97cd2770e5d65490b57460844fb704f01</id>
<content type='text'>
commit 057d6332b24a4497c55a761c83c823eed9e3f23b upstream.

For cifs_set_cifscreds() in "fs/cifs/connect.c", 'desc' buffer length
is 'CIFSCREDS_DESC_SIZE' (56 is less than 256), and 'ses-&gt;domainName'
length may be "255 + '\0'".

The related sprintf() may cause memory overflow, so need extend related
buffer enough to hold all things.

It is also necessary to be sure of 'ses-&gt;domainName' must be less than
256, and define the related macro instead of hard code number '256'.

Signed-off-by: Chen Gang &lt;gang.chen@asianux.com&gt;
Reviewed-by: Jeff Layton &lt;jlayton@redhat.com&gt;
Reviewed-by: Shirish Pargaonkar &lt;shirishpargaonkar@gmail.com&gt;
Reviewed-by: Scott Lovenberg &lt;scott.lovenberg@gmail.com&gt;
Signed-off-by: Steve French &lt;smfrench@gmail.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 057d6332b24a4497c55a761c83c823eed9e3f23b upstream.

For cifs_set_cifscreds() in "fs/cifs/connect.c", 'desc' buffer length
is 'CIFSCREDS_DESC_SIZE' (56 is less than 256), and 'ses-&gt;domainName'
length may be "255 + '\0'".

The related sprintf() may cause memory overflow, so need extend related
buffer enough to hold all things.

It is also necessary to be sure of 'ses-&gt;domainName' must be less than
256, and define the related macro instead of hard code number '256'.

Signed-off-by: Chen Gang &lt;gang.chen@asianux.com&gt;
Reviewed-by: Jeff Layton &lt;jlayton@redhat.com&gt;
Reviewed-by: Shirish Pargaonkar &lt;shirishpargaonkar@gmail.com&gt;
Reviewed-by: Scott Lovenberg &lt;scott.lovenberg@gmail.com&gt;
Signed-off-by: Steve French &lt;smfrench@gmail.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</pre>
</div>
</content>
</entry>
<entry>
<title>Handle big endianness in NTLM (ntlmv2) authentication</title>
<updated>2013-07-22T01:19:02+00:00</updated>
<author>
<name>Steve French</name>
<email>smfrench@us.ibm.com</email>
</author>
<published>2013-06-25T19:03:16+00:00</published>
<link rel='alternate' type='text/html' href='https://git.toradex.cn/cgit/linux-toradex.git/commit/?id=c1ee953c457d8dcca26c8586576066a887b4e0dd'/>
<id>c1ee953c457d8dcca26c8586576066a887b4e0dd</id>
<content type='text'>
commit fdf96a907c1fbb93c633e2b7ede3b8df26d6a4c0 upstream.

This is RH bug 970891
Uppercasing of username during calculation of ntlmv2 hash fails
because UniStrupr function does not handle big endian wchars.

Also fix a comment in the same code to reflect its correct usage.

[To make it easier for stable (rather than require 2nd patch) fixed
this patch of Shirish's to remove endian warning generated
by sparse -- steve f.]

Reported-by: steve &lt;sanpatr1@in.ibm.com&gt;
Signed-off-by: Shirish Pargaonkar &lt;shirishpargaonkar@gmail.com&gt;
Reviewed-by: Jeff Layton &lt;jlayton@redhat.com&gt;
Signed-off-by: Steve French &lt;smfrench@gmail.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit fdf96a907c1fbb93c633e2b7ede3b8df26d6a4c0 upstream.

This is RH bug 970891
Uppercasing of username during calculation of ntlmv2 hash fails
because UniStrupr function does not handle big endian wchars.

Also fix a comment in the same code to reflect its correct usage.

[To make it easier for stable (rather than require 2nd patch) fixed
this patch of Shirish's to remove endian warning generated
by sparse -- steve f.]

Reported-by: steve &lt;sanpatr1@in.ibm.com&gt;
Signed-off-by: Shirish Pargaonkar &lt;shirishpargaonkar@gmail.com&gt;
Reviewed-by: Jeff Layton &lt;jlayton@redhat.com&gt;
Signed-off-by: Steve French &lt;smfrench@gmail.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</pre>
</div>
</content>
</entry>
<entry>
<title>CIFS: Rename *UCS* functions to *UTF16*</title>
<updated>2012-01-19T04:32:33+00:00</updated>
<author>
<name>Steve French</name>
<email>sfrench@us.ibm.com</email>
</author>
<published>2012-01-19T04:32:33+00:00</published>
<link rel='alternate' type='text/html' href='https://git.toradex.cn/cgit/linux-toradex.git/commit/?id=acbbb76a26648dfae6fed0989879e40d75692bfc'/>
<id>acbbb76a26648dfae6fed0989879e40d75692bfc</id>
<content type='text'>
to reflect the unicode encoding used by CIFS protocol.

Signed-off-by: Pavel Shilovsky &lt;piastry@etersoft.ru&gt;
Acked-by: Jeff Layton &lt;jlayton@samba.org&gt;
Reviewed-by: Shirish Pargaonkar &lt;shirishpargaonkar@gmail.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
to reflect the unicode encoding used by CIFS protocol.

Signed-off-by: Pavel Shilovsky &lt;piastry@etersoft.ru&gt;
Acked-by: Jeff Layton &lt;jlayton@samba.org&gt;
Reviewed-by: Shirish Pargaonkar &lt;shirishpargaonkar@gmail.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>cifs: sanitize username handling</title>
<updated>2012-01-18T04:40:26+00:00</updated>
<author>
<name>Jeff Layton</name>
<email>jlayton@redhat.com</email>
</author>
<published>2012-01-17T21:09:15+00:00</published>
<link rel='alternate' type='text/html' href='https://git.toradex.cn/cgit/linux-toradex.git/commit/?id=04febabcf55beeffb8794a0d8c539e571bd2ae29'/>
<id>04febabcf55beeffb8794a0d8c539e571bd2ae29</id>
<content type='text'>
Currently, it's not very clear whether you're allowed to have a NULL
vol-&gt;username or ses-&gt;user_name. Some places check for it and some don't.

Make it clear that a NULL pointer is OK in these fields, and ensure that
all the callers check for that.

Signed-off-by: Jeff Layton &lt;jlayton@redhat.com&gt;
Signed-off-by: Steve French &lt;smfrench@gmail.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Currently, it's not very clear whether you're allowed to have a NULL
vol-&gt;username or ses-&gt;user_name. Some places check for it and some don't.

Make it clear that a NULL pointer is OK in these fields, and ensure that
all the callers check for that.

Signed-off-by: Jeff Layton &lt;jlayton@redhat.com&gt;
Signed-off-by: Steve French &lt;smfrench@gmail.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>cifs: Assume passwords are encoded according to iocharset (try #2)</title>
<updated>2011-10-30T03:06:54+00:00</updated>
<author>
<name>Shirish Pargaonkar</name>
<email>shirishpargaonkar@gmail.com</email>
</author>
<published>2011-10-20T18:21:59+00:00</published>
<link rel='alternate' type='text/html' href='https://git.toradex.cn/cgit/linux-toradex.git/commit/?id=9ef5992e442b2b0bf6364bfcc5574e983a983159'/>
<id>9ef5992e442b2b0bf6364bfcc5574e983a983159</id>
<content type='text'>
Re-posting a patch originally posted by Oskar Liljeblad after
rebasing on 3.2.

Modify cifs to assume that the supplied password is encoded according
to iocharset.  Before this patch passwords would be treated as
raw 8-bit data, which made authentication with Unicode passwords impossible
(at least passwords with characters &gt; 0xFF).

The previous code would as a side effect accept passwords encoded with
ISO 8859-1, since Unicode &lt; 0x100 basically is ISO 8859-1.  Software which
relies on that will no longer support password chars &gt; 0x7F unless it also
uses iocharset=iso8859-1.  (mount.cifs does not care about the encoding so
it will work as expected.)

Signed-off-by: Oskar Liljeblad &lt;oskar@osk.mine.nu&gt;
Signed-off-by: Shirish Pargaonkar &lt;shirishpargaonkar@gmail.com&gt;
Reviewed-by: Pavel Shilovsky &lt;piastry@etersoft.ru&gt;
Tested-by: A &lt;nimbus1_03087@yahoo.com&gt;
Signed-off-by: Steve French &lt;smfrench@gmail.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Re-posting a patch originally posted by Oskar Liljeblad after
rebasing on 3.2.

Modify cifs to assume that the supplied password is encoded according
to iocharset.  Before this patch passwords would be treated as
raw 8-bit data, which made authentication with Unicode passwords impossible
(at least passwords with characters &gt; 0xFF).

The previous code would as a side effect accept passwords encoded with
ISO 8859-1, since Unicode &lt; 0x100 basically is ISO 8859-1.  Software which
relies on that will no longer support password chars &gt; 0x7F unless it also
uses iocharset=iso8859-1.  (mount.cifs does not care about the encoding so
it will work as expected.)

Signed-off-by: Oskar Liljeblad &lt;oskar@osk.mine.nu&gt;
Signed-off-by: Shirish Pargaonkar &lt;shirishpargaonkar@gmail.com&gt;
Reviewed-by: Pavel Shilovsky &lt;piastry@etersoft.ru&gt;
Tested-by: A &lt;nimbus1_03087@yahoo.com&gt;
Signed-off-by: Steve French &lt;smfrench@gmail.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>cifs: consolidate signature generating code</title>
<updated>2011-10-13T04:41:41+00:00</updated>
<author>
<name>Jeff Layton</name>
<email>jlayton@redhat.com</email>
</author>
<published>2011-10-11T10:41:32+00:00</published>
<link rel='alternate' type='text/html' href='https://git.toradex.cn/cgit/linux-toradex.git/commit/?id=826a95e4a33f3e9bfa0d31ab769d5b01130f7111'/>
<id>826a95e4a33f3e9bfa0d31ab769d5b01130f7111</id>
<content type='text'>
We have two versions of signature generating code. A vectorized and
non-vectorized version. Eliminate a large chunk of cut-and-paste
code by turning the non-vectorized version into a wrapper around the
vectorized one.

Signed-off-by: Jeff Layton &lt;jlayton@redhat.com&gt;
Signed-off-by: Steve French &lt;smfrench@gmail.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
We have two versions of signature generating code. A vectorized and
non-vectorized version. Eliminate a large chunk of cut-and-paste
code by turning the non-vectorized version into a wrapper around the
vectorized one.

Signed-off-by: Jeff Layton &lt;jlayton@redhat.com&gt;
Signed-off-by: Steve French &lt;smfrench@gmail.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>cifs: use memcpy for magic string in cifs signature generation BSRSPYL</title>
<updated>2011-10-13T04:41:18+00:00</updated>
<author>
<name>Jeff Layton</name>
<email>jlayton@redhat.com</email>
</author>
<published>2011-10-11T10:41:32+00:00</published>
<link rel='alternate' type='text/html' href='https://git.toradex.cn/cgit/linux-toradex.git/commit/?id=b4dacbc2823799b84d4d4563f865b0680cb44ed1'/>
<id>b4dacbc2823799b84d4d4563f865b0680cb44ed1</id>
<content type='text'>
...it's more efficient since we know the length.

Signed-off-by: Jeff Layton &lt;jlayton@redhat.com&gt;
Signed-off-by: Steve French &lt;smfrench@gmail.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
...it's more efficient since we know the length.

Signed-off-by: Jeff Layton &lt;jlayton@redhat.com&gt;
Signed-off-by: Steve French &lt;smfrench@gmail.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>cifs: Fix broken sec=ntlmv2/i sec option (try #2)</title>
<updated>2011-09-20T02:16:58+00:00</updated>
<author>
<name>Shirish Pargaonkar</name>
<email>shirishpargaonkar@gmail.com</email>
</author>
<published>2011-08-25T04:05:46+00:00</published>
<link rel='alternate' type='text/html' href='https://git.toradex.cn/cgit/linux-toradex.git/commit/?id=cfbd6f84c2e26c13ded16b6bb0871edb7d75974f'/>
<id>cfbd6f84c2e26c13ded16b6bb0871edb7d75974f</id>
<content type='text'>
Fix sec=ntlmv2/i authentication option during mount of Samba shares.

cifs client was coding ntlmv2 response incorrectly.
All that is needed in temp as specified in MS-NLMP seciton 3.3.2

"Define ComputeResponse(NegFlg, ResponseKeyNT, ResponseKeyLM,
CHALLENGE_MESSAGE.ServerChallenge, ClientChallenge, Time, ServerName)

as
Set temp to ConcatenationOf(Responserversion, HiResponserversion,
Z(6), Time, ClientChallenge, Z(4), ServerName, Z(4)"

is MsvAvNbDomainName.

For sec=ntlmsspi, build_av_pair is not used, a blob is plucked from
type 2 response sent by the server to use in authentication.

I tested sec=ntlmv2/i and sec=ntlmssp/i mount options against
Samba (3.6) and Windows - XP, 2003 Server and 7.
They all worked.

Signed-off-by: Shirish Pargaonkar &lt;shirishpargaonkar@gmail.com&gt;
Signed-off-by: Steve French &lt;sfrench@us.ibm.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Fix sec=ntlmv2/i authentication option during mount of Samba shares.

cifs client was coding ntlmv2 response incorrectly.
All that is needed in temp as specified in MS-NLMP seciton 3.3.2

"Define ComputeResponse(NegFlg, ResponseKeyNT, ResponseKeyLM,
CHALLENGE_MESSAGE.ServerChallenge, ClientChallenge, Time, ServerName)

as
Set temp to ConcatenationOf(Responserversion, HiResponserversion,
Z(6), Time, ClientChallenge, Z(4), ServerName, Z(4)"

is MsvAvNbDomainName.

For sec=ntlmsspi, build_av_pair is not used, a blob is plucked from
type 2 response sent by the server to use in authentication.

I tested sec=ntlmv2/i and sec=ntlmssp/i mount options against
Samba (3.6) and Windows - XP, 2003 Server and 7.
They all worked.

Signed-off-by: Shirish Pargaonkar &lt;shirishpargaonkar@gmail.com&gt;
Signed-off-by: Steve French &lt;sfrench@us.ibm.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>cifs: don't start signing too early</title>
<updated>2011-07-31T21:21:06+00:00</updated>
<author>
<name>Jeff Layton</name>
<email>jlayton@redhat.com</email>
</author>
<published>2011-07-26T16:21:17+00:00</published>
<link rel='alternate' type='text/html' href='https://git.toradex.cn/cgit/linux-toradex.git/commit/?id=998d6fcb24d25b7889ec39118cf98d5089ac4c11'/>
<id>998d6fcb24d25b7889ec39118cf98d5089ac4c11</id>
<content type='text'>
Sniffing traffic on the wire shows that windows clients send a zeroed
out signature field in a NEGOTIATE request, and send "BSRSPYL" in the
signature field during SESSION_SETUP. Make the cifs client behave the
same way.

It doesn't seem to make much difference in any server that I've tested
against, but it's probably best to follow windows behavior as closely as
possible here.

Signed-off-by: Jeff Layton &lt;jlayton@redhat.com&gt;
Reviewed-by: Shirish Pargaonkar &lt;shirishpargaonkar@gmail.com&gt;
Signed-off-by: Steve French &lt;sfrench@us.ibm.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Sniffing traffic on the wire shows that windows clients send a zeroed
out signature field in a NEGOTIATE request, and send "BSRSPYL" in the
signature field during SESSION_SETUP. Make the cifs client behave the
same way.

It doesn't seem to make much difference in any server that I've tested
against, but it's probably best to follow windows behavior as closely as
possible here.

Signed-off-by: Jeff Layton &lt;jlayton@redhat.com&gt;
Reviewed-by: Shirish Pargaonkar &lt;shirishpargaonkar@gmail.com&gt;
Signed-off-by: Steve French &lt;sfrench@us.ibm.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>cifs: Cleanup: check return codes of crypto api calls</title>
<updated>2011-07-25T22:12:10+00:00</updated>
<author>
<name>Shirish Pargaonkar</name>
<email>shirishpargaonkar@gmail.com</email>
</author>
<published>2011-06-20T21:14:03+00:00</published>
<link rel='alternate' type='text/html' href='https://git.toradex.cn/cgit/linux-toradex.git/commit/?id=14cae3243b555afda69a57778069ddca65532c06'/>
<id>14cae3243b555afda69a57778069ddca65532c06</id>
<content type='text'>
Check return codes of crypto api calls and either log an error or log
an error and return from the calling function with error.

Signed-off-by: Shirish Pargaonkar &lt;shirishpargaonkar@gmail.com&gt;
Signed-off-by: Steve French &lt;sfrench@us.ibm.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Check return codes of crypto api calls and either log an error or log
an error and return from the calling function with error.

Signed-off-by: Shirish Pargaonkar &lt;shirishpargaonkar@gmail.com&gt;
Signed-off-by: Steve French &lt;sfrench@us.ibm.com&gt;
</pre>
</div>
</content>
</entry>
</feed>
