From 5f6dbc9e4afe4d1d39e85de3ac2720a2042ad191 Mon Sep 17 00:00:00 2001 From: Jeff Layton Date: Fri, 15 Oct 2010 15:34:06 -0400 Subject: cifs: convert cifsFileInfo->count to non-atomic counter The count for cifsFileInfo is currently an atomic, but that just adds complexity for little value. We generally need to hold cifs_file_list_lock to traverse the lists anyway so we might as well make this counter non-atomic and simply use the cifs_file_list_lock to protect it. Signed-off-by: Jeff Layton Reviewed-by: Suresh Jayaraman Signed-off-by: Steve French --- fs/cifs/cifsglob.h | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'fs/cifs/cifsglob.h') diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h index 3365e77f6f24..6319db025e7b 100644 --- a/fs/cifs/cifsglob.h +++ b/fs/cifs/cifsglob.h @@ -395,16 +395,19 @@ struct cifsFileInfo { struct list_head llist; /* list of byte range locks we have. */ bool invalidHandle:1; /* file closed via session abend */ bool oplock_break_cancelled:1; - atomic_t count; /* reference count */ + int count; /* refcount -- protected by cifs_file_list_lock */ struct mutex fh_mutex; /* prevents reopen race after dead ses*/ struct cifs_search_info srch_inf; struct work_struct oplock_break; /* work for oplock breaks */ }; -/* Take a reference on the file private data */ +/* + * Take a reference on the file private data. Must be called with + * cifs_file_list_lock held. + */ static inline void cifsFileInfo_get(struct cifsFileInfo *cifs_file) { - atomic_inc(&cifs_file->count); + ++cifs_file->count; } void cifsFileInfo_put(struct cifsFileInfo *cifs_file); -- cgit v1.2.3 From 6c0f6218ba04a5d6e61d0c55b68e6c4ef0736531 Mon Sep 17 00:00:00 2001 From: Steve French Date: Sat, 23 Oct 2010 16:51:40 +0000 Subject: [CIFS] Fix checkpatch warnings and bump cifs version number Signed-off-by: Steve French --- fs/cifs/cifsglob.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'fs/cifs/cifsglob.h') diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h index 6319db025e7b..7128c291cec8 100644 --- a/fs/cifs/cifsglob.h +++ b/fs/cifs/cifsglob.h @@ -74,7 +74,7 @@ * CIFS vfs client Status information (based on what we know.) */ - /* associated with each tcp and smb session */ +/* associated with each tcp and smb session */ enum statusEnum { CifsNew = 0, CifsGood, @@ -395,7 +395,7 @@ struct cifsFileInfo { struct list_head llist; /* list of byte range locks we have. */ bool invalidHandle:1; /* file closed via session abend */ bool oplock_break_cancelled:1; - int count; /* refcount -- protected by cifs_file_list_lock */ + int count; /* refcount protected by cifs_file_list_lock */ struct mutex fh_mutex; /* prevents reopen race after dead ses*/ struct cifs_search_info srch_inf; struct work_struct oplock_break; /* work for oplock breaks */ -- cgit v1.2.3 From eb4b756b1e60b66e54932619088b645c712414a3 Mon Sep 17 00:00:00 2001 From: Jeff Layton Date: Fri, 22 Oct 2010 14:52:29 -0400 Subject: cifs: eliminate cifsInodeInfo->write_behind_rc (try #6) write_behind_rc is redundant and just adds complexity to the code. What we really want to do instead is to use mapping_set_error to reset the flags on the mapping when we find a writeback error and can't report it to userspace yet. For cifs_flush and cifs_fsync, we shouldn't reset the flags since errors returned there do get reported to userspace. Signed-off-by: Jeff Layton Reviewed-by: Suresh Jayaraman Reviewed-by: Dave Kleikamp Signed-off-by: Steve French --- fs/cifs/cifsglob.h | 1 - 1 file changed, 1 deletion(-) (limited to 'fs/cifs/cifsglob.h') diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h index 7128c291cec8..ef5709b250e6 100644 --- a/fs/cifs/cifsglob.h +++ b/fs/cifs/cifsglob.h @@ -420,7 +420,6 @@ struct cifsInodeInfo { struct list_head lockList; /* BB add in lists for dirty pages i.e. write caching info for oplock */ struct list_head openFileList; - int write_behind_rc; __u32 cifsAttrs; /* e.g. DOS archive bit, sparse, compressed, system */ unsigned long time; /* jiffies of last update/check of inode */ bool clientCanCacheRead:1; /* read oplock */ -- cgit v1.2.3 From 6573e9b73e19c0f6b9dfa2b399267ea0f42d6c6b Mon Sep 17 00:00:00 2001 From: Suresh Jayaraman Date: Mon, 18 Oct 2010 23:52:18 +0530 Subject: cifs: update comments - [s/GlobalSMBSesLock/cifs_file_list_lock/g] GlobalSMBSesLock is now cifs_file_list_lock. Update comments to reflect this. Signed-off-by: Suresh Jayaraman Signed-off-by: Steve French --- fs/cifs/cifsglob.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'fs/cifs/cifsglob.h') diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h index ef5709b250e6..539475a11c45 100644 --- a/fs/cifs/cifsglob.h +++ b/fs/cifs/cifsglob.h @@ -670,7 +670,7 @@ require use of the stronger protocol */ * GlobalMid_Lock protects: * list operations on pending_mid_q and oplockQ * updates to XID counters, multiplex id and SMB sequence numbers - * GlobalSMBSesLock protects: + * cifs_file_list_lock protects: * list operations on tcp and SMB session lists and tCon lists * f_owner.lock protects certain per file struct operations * mapping->page_lock protects certain per page operations -- cgit v1.2.3 From 21e733930be6458e0c33482b6783e7c15ba984eb Mon Sep 17 00:00:00 2001 From: Shirish Pargaonkar Date: Thu, 21 Oct 2010 06:42:55 -0500 Subject: NTLM auth and sign - Allocate session key/client response dynamically Start calculating auth response within a session. Move/Add pertinet data structures like session key, server challenge and ntlmv2_hash in a session structure. We should do the calculations within a session before copying session key and response over to server data structures because a session setup can fail. Only after a very first smb session succeeds, it copy/make its session key, session key of smb connection. This key stays with the smb connection throughout its life. sequence_number within server is set to 0x2. The authentication Message Authentication Key (mak) which consists of session key followed by client response within structure session_key is now dynamic. Every authentication type allocates the key + response sized memory within its session structure and later either assigns or frees it once the client response is sent and if session's session key becomes connetion's session key. ntlm/ntlmi authentication functions are rearranged. A function named setup_ntlm_resp(), similar to setup_ntlmv2_resp(), replaces function cifs_calculate_session_key(). size of CIFS_SESS_KEY_SIZE is changed to 16, to reflect the byte size of the key it holds. Reviewed-by: Jeff Layton Signed-off-by: Shirish Pargaonkar Signed-off-by: Steve French --- fs/cifs/cifsglob.h | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) (limited to 'fs/cifs/cifsglob.h') diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h index 539475a11c45..66f76b2d270b 100644 --- a/fs/cifs/cifsglob.h +++ b/fs/cifs/cifsglob.h @@ -99,14 +99,7 @@ enum protocolEnum { struct session_key { unsigned int len; - union { - char ntlm[CIFS_SESS_KEY_SIZE + 16]; - char krb5[CIFS_SESS_KEY_SIZE + 16]; /* BB: length correct? */ - struct { - char key[16]; - struct ntlmv2_resp resp; - } ntlmv2; - } data; + char *response; }; struct cifs_cred { -- cgit v1.2.3 From d2b915210b5ec01409f581421d633eca6c38d444 Mon Sep 17 00:00:00 2001 From: Shirish Pargaonkar Date: Thu, 21 Oct 2010 14:25:08 -0500 Subject: NTLM auth and sign - Define crypto hash functions and create and send keys needed for key exchange Mark dependency on crypto modules in Kconfig. Defining per structures sdesc and cifs_secmech which are used to store crypto hash functions and contexts. They are stored per smb connection and used for all auth mechs to genereate hash values and signatures. Allocate crypto hashing functions, security descriptiors, and respective contexts when a smb/tcp connection is established. Release them when a tcp/smb connection is taken down. md5 and hmac-md5 are two crypto hashing functions that are used throught the life of an smb/tcp connection by various functions that calcualte signagure and ntlmv2 hash, HMAC etc. structure ntlmssp_auth is defined as per smb connection. ntlmssp_auth holds ciphertext which is genereated by rc4/arc4 encryption of secondary key, a nonce using ntlmv2 session key and sent in the session key field of the type 3 message sent by the client during ntlmssp negotiation/exchange A key is exchanged with the server if client indicates so in flags in type 1 messsage and server agrees in flag in type 2 message of ntlmssp negotiation. If both client and agree, a key sent by client in type 3 message of ntlmssp negotiation in the session key field. The key is a ciphertext generated off of secondary key, a nonce, using ntlmv2 hash via rc4/arc4. Signing works for ntlmssp in this patch. The sequence number within the server structure needs to be zero until session is established i.e. till type 3 packet of ntlmssp exchange of a to be very first smb session on that smb connection is sent. Acked-by: Jeff Layton Signed-off-by: Shirish Pargaonkar Signed-off-by: Steve French --- fs/cifs/cifsglob.h | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) (limited to 'fs/cifs/cifsglob.h') diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h index 66f76b2d270b..7ca5f6d8ed80 100644 --- a/fs/cifs/cifsglob.h +++ b/fs/cifs/cifsglob.h @@ -25,6 +25,9 @@ #include #include "cifs_fs_sb.h" #include "cifsacl.h" +#include +#include + /* * The sizes of various internal tables and strings */ @@ -102,6 +105,27 @@ struct session_key { char *response; }; +/* crypto security descriptor definition */ +struct sdesc { + struct shash_desc shash; + char ctx[]; +}; + +/* crypto hashing related structure/fields, not speicific to a sec mech */ +struct cifs_secmech { + struct crypto_shash *hmacmd5; /* hmac-md5 hash function */ + struct crypto_shash *md5; /* md5 hash function */ + struct sdesc *sdeschmacmd5; /* ctxt to generate ntlmv2 hash, CR1 */ + struct sdesc *sdescmd5; /* ctxt to generate cifs/smb signature */ +}; + +/* per smb connection structure/fields */ +struct ntlmssp_auth { + __u32 client_flags; /* sent by client in type 1 ntlmsssp exchange */ + __u32 server_flags; /* sent by server in type 2 ntlmssp exchange */ + unsigned char ciphertext[CIFS_CPHTXT_SIZE]; /* sent to server */ +}; + struct cifs_cred { int uid; int gid; @@ -178,6 +202,7 @@ struct TCP_Server_Info { struct session_key session_key; unsigned long lstrp; /* when we got last response from this server */ u16 dialect; /* dialect index that server chose */ + struct cifs_secmech secmech; /* crypto sec mech functs, descriptors */ /* extended security flavors that server supports */ bool sec_kerberos; /* supports plain Kerberos */ bool sec_mskerberos; /* supports legacy MS Kerberos */ @@ -220,6 +245,7 @@ struct cifsSesInfo { char ntlmv2_hash[16]; unsigned int tilen; /* length of the target info blob */ unsigned char *tiblob; /* target info blob in challenge response */ + struct ntlmssp_auth ntlmssp; /* ciphertext, flags */ bool need_reconnect:1; /* connection reset, uid now invalid */ }; /* no more than one of the following three session flags may be set */ -- cgit v1.2.3 From f7c5445a9deecffea8a4fffc0163bf582411ac8a Mon Sep 17 00:00:00 2001 From: Shirish Pargaonkar Date: Tue, 26 Oct 2010 18:10:24 -0500 Subject: NTLM auth and sign - minor error corrections and cleanup Minor cleanup - Fix spelling mistake, make meaningful (goto) label In function setup_ntlmv2_rsp(), do not return 0 and leak memory, let the tiblob get freed. For function find_domain_name(), pass already available nls table pointer instead of loading and unloading the table again in this function. For ntlmv2, the case sensitive password length is the length of the response, so subtract session key length (16 bytes) from the .len. Signed-off-by: Shirish Pargaonkar Signed-off-by: Steve French --- fs/cifs/cifsglob.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'fs/cifs/cifsglob.h') diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h index 7ca5f6d8ed80..67d6a2280a01 100644 --- a/fs/cifs/cifsglob.h +++ b/fs/cifs/cifsglob.h @@ -111,7 +111,7 @@ struct sdesc { char ctx[]; }; -/* crypto hashing related structure/fields, not speicific to a sec mech */ +/* crypto hashing related structure/fields, not specific to a sec mech */ struct cifs_secmech { struct crypto_shash *hmacmd5; /* hmac-md5 hash function */ struct crypto_shash *md5; /* md5 hash function */ -- cgit v1.2.3 From d3ba50b17aa7a391bb5b3dcd8d6ba7a02c4f031c Mon Sep 17 00:00:00 2001 From: Shirish Pargaonkar Date: Wed, 27 Oct 2010 15:20:36 -0500 Subject: NTLM auth and sign - Use appropriate server challenge Need to have cryptkey or server challenge in smb connection (struct TCP_Server_Info) for ntlm and ntlmv2 auth types for which cryptkey (Encryption Key) is supplied just once in Negotiate Protocol response during an smb connection setup for all the smb sessions over that smb connection. For ntlmssp, cryptkey or server challenge is provided for every smb session in type 2 packet of ntlmssp negotiation, the cryptkey provided during Negotiation Protocol response before smb connection does not count. Rename cryptKey to cryptkey and related changes. Signed-off-by: Shirish Pargaonkar Signed-off-by: Steve French --- fs/cifs/cifsglob.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'fs/cifs/cifsglob.h') diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h index 67d6a2280a01..b73695176467 100644 --- a/fs/cifs/cifsglob.h +++ b/fs/cifs/cifsglob.h @@ -196,6 +196,7 @@ struct TCP_Server_Info { int capabilities; /* allow selective disabling of caps by smb sess */ int timeAdj; /* Adjust for difference in server time zone in sec */ __u16 CurrentMid; /* multiplex id - rotating counter */ + char cryptkey[CIFS_CRYPTO_KEY_SIZE]; /* used by ntlm, ntlmv2 etc */ /* 16th byte of RFC1001 workstation name is always null */ char workstation_RFC1001_name[RFC1001_NAME_LEN_WITH_NULL]; __u32 sequence_number; /* needed for CIFS PDU signature */ @@ -240,7 +241,7 @@ struct cifsSesInfo { char userName[MAX_USERNAME_SIZE + 1]; char *domainName; char *password; - char cryptKey[CIFS_CRYPTO_KEY_SIZE]; + char cryptkey[CIFS_CRYPTO_KEY_SIZE]; /* used by ntlmssp */ struct session_key auth_key; char ntlmv2_hash[16]; unsigned int tilen; /* length of the target info blob */ -- cgit v1.2.3 From d3686d54c7902a303bd65d751226aa1647319863 Mon Sep 17 00:00:00 2001 From: Shirish Pargaonkar Date: Thu, 28 Oct 2010 09:53:07 -0500 Subject: cifs: Cleanup and thus reduce smb session structure and fields used during authentication Removed following fields from smb session structure cryptkey, ntlmv2_hash, tilen, tiblob and ntlmssp_auth structure is allocated dynamically only if the auth mech in NTLMSSP. response field within a session_key structure is used to initially store the target info (either plucked from type 2 challenge packet in case of NTLMSSP or fabricated in case of NTLMv2 without extended security) and then to store Message Authentication Key (mak) (session key + client response). Server challenge or cryptkey needed during a NTLMSSP authentication is now part of ntlmssp_auth structure which gets allocated and freed once authenticaiton process is done. Signed-off-by: Shirish Pargaonkar Signed-off-by: Steve French --- fs/cifs/cifsglob.h | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) (limited to 'fs/cifs/cifsglob.h') diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h index b73695176467..f259e4d7612d 100644 --- a/fs/cifs/cifsglob.h +++ b/fs/cifs/cifsglob.h @@ -119,11 +119,12 @@ struct cifs_secmech { struct sdesc *sdescmd5; /* ctxt to generate cifs/smb signature */ }; -/* per smb connection structure/fields */ +/* per smb session structure/fields */ struct ntlmssp_auth { __u32 client_flags; /* sent by client in type 1 ntlmsssp exchange */ __u32 server_flags; /* sent by server in type 2 ntlmssp exchange */ unsigned char ciphertext[CIFS_CPHTXT_SIZE]; /* sent to server */ + char cryptkey[CIFS_CRYPTO_KEY_SIZE]; /* used by ntlmssp */ }; struct cifs_cred { @@ -241,12 +242,8 @@ struct cifsSesInfo { char userName[MAX_USERNAME_SIZE + 1]; char *domainName; char *password; - char cryptkey[CIFS_CRYPTO_KEY_SIZE]; /* used by ntlmssp */ struct session_key auth_key; - char ntlmv2_hash[16]; - unsigned int tilen; /* length of the target info blob */ - unsigned char *tiblob; /* target info blob in challenge response */ - struct ntlmssp_auth ntlmssp; /* ciphertext, flags */ + struct ntlmssp_auth *ntlmssp; /* ciphertext, flags, server challenge */ bool need_reconnect:1; /* connection reset, uid now invalid */ }; /* no more than one of the following three session flags may be set */ -- cgit v1.2.3