Attachment 214971 Details for Bug 317241 – patch -- in progress cifs patch that seems to trigger the problem

[patch] patch -- in progress cifs patch that seems to trigger the problem

cifskey.patch (text/plain), 8.64 KB, created by Jeff Layton on 2007-10-03 19:57:27 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Jeff Layton

Created: 2007-10-03 19:57:27 UTC

Size: 8.64 KB

patch

obsolete

>diff --git a/fs/cifs/Makefile b/fs/cifs/Makefile
>index ff6ba8d..7178755 100644
>--- a/fs/cifs/Makefile
>+++ b/fs/cifs/Makefile
>@@ -3,4 +3,4 @@
> #
> obj-$(CONFIG_CIFS) += cifs.o
> 
>-cifs-objs := cifsfs.o cifssmb.o cifs_debug.o connect.o dir.o file.o inode.o link.o misc.o netmisc.o smbdes.o smbencrypt.o transport.o asn1.o md4.o md5.o cifs_unicode.o nterr.o xattr.o cifsencrypt.o fcntl.o readdir.o ioctl.o sess.o export.o cifsacl.o
>+cifs-objs := cifsfs.o cifssmb.o cifs_debug.o connect.o dir.o file.o inode.o link.o misc.o netmisc.o smbdes.o smbencrypt.o transport.o asn1.o md4.o md5.o cifs_unicode.o nterr.o xattr.o cifsencrypt.o fcntl.o readdir.o ioctl.o sess.o export.o cifsacl.o cifskey.o
>diff --git a/fs/cifs/cifsfs.c b/fs/cifs/cifsfs.c
>index c7c3521..5a89a30 100644
>--- a/fs/cifs/cifsfs.c
>+++ b/fs/cifs/cifsfs.c
>@@ -42,6 +42,7 @@
> #include "cifsproto.h"
> #include "cifs_debug.h"
> #include "cifs_fs_sb.h"
>+#include "cifskey.h"
> #include <linux/mm.h>
> #define CIFS_MAGIC_NUMBER 0xFF534D42	/* the first four bytes of SMB PDUs */
> 
>@@ -1010,11 +1011,15 @@ init_cifs(void)
> 	if (rc)
> 		goto out_destroy_request_bufs;
> 
>+	rc = register_key_type(&cifs_key_type);
>+	if (rc)
>+		goto out_unregister_filesystem;
>+
> 	oplockThread = kthread_run(cifs_oplock_thread, NULL, "cifsoplockd");
> 	if (IS_ERR(oplockThread)) {
> 		rc = PTR_ERR(oplockThread);
> 		cERROR(1, ("error %d create oplock thread", rc));
>-		goto out_unregister_filesystem;
>+		goto out_unregister_key_type;
> 	}
> 
> 	dnotifyThread = kthread_run(cifs_dnotify_thread, NULL, "cifsdnotifyd");
>@@ -1028,6 +1033,8 @@ init_cifs(void)
> 
>  out_stop_oplock_thread:
> 	kthread_stop(oplockThread);
>+ out_unregister_key_type:
>+	unregister_key_type(&cifs_key_type);
>  out_unregister_filesystem:
> 	unregister_filesystem(&cifs_fs_type);
>  out_destroy_request_bufs:
>@@ -1050,6 +1057,7 @@ exit_cifs(void)
> #ifdef CONFIG_PROC_FS
> 	cifs_proc_clean();
> #endif
>+	unregister_key_type(&cifs_key_type);
> 	unregister_filesystem(&cifs_fs_type);
> 	cifs_destroy_inodecache();
> 	cifs_destroy_mids();
>diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h
>index 3fb046b..451a5aa 100644
>--- a/fs/cifs/cifsglob.h
>+++ b/fs/cifs/cifsglob.h
>@@ -226,6 +226,7 @@ struct cifsSesInfo {
> 	char userName[MAX_USERNAME_SIZE + 1];
> 	char *domainName;
> 	char *password;
>+	struct key *key;	/* security key */
> };
> /* no more than one of the following three session flags may be set */
> #define CIFS_SES_NT4 1
>@@ -491,14 +492,14 @@ require use of the stronger protocol */
> #ifdef CONFIG_CIFS_WEAK_PW_HASH
> #define   CIFSSEC_MUST_LANMAN	0x10010
> #define   CIFSSEC_MUST_PLNTXT	0x20020
>-#define   CIFSSEC_MASK          0x37037 /* current flags supported if weak */
>+#define   CIFSSEC_MASK          0x3f03f /* current flags supported if weak */
> #else
>-#define	  CIFSSEC_MASK          0x07007 /* flags supported if no weak config */
>+#define	  CIFSSEC_MASK          0x0f00f /* flags supported if no weak config */
> #endif /* WEAK_PW_HASH */
> #define   CIFSSEC_MUST_SEAL	0x40040 /* not supported yet */
> 
>-#define   CIFSSEC_DEF  CIFSSEC_MAY_SIGN | CIFSSEC_MAY_NTLM | CIFSSEC_MAY_NTLMV2
>-#define   CIFSSEC_MAX  CIFSSEC_MUST_SIGN | CIFSSEC_MUST_NTLMV2
>+#define   CIFSSEC_DEF  CIFSSEC_MAY_SIGN | CIFSSEC_MAY_NTLM | CIFSSEC_MAY_NTLMV2 | CIFSSEC_MAY_KRB5
>+#define   CIFSSEC_MAX  CIFSSEC_MUST_SIGN | CIFSSEC_MUST_KRB5
> /*
>  *****************************************************************
>  * All constants go here
>diff --git a/fs/cifs/cifskey.c b/fs/cifs/cifskey.c
>new file mode 100644
>index 0000000..e448eb9
>--- /dev/null
>+++ b/fs/cifs/cifskey.c
>@@ -0,0 +1,77 @@
>+/*
>+ *   fs/cifs/cifskey.c -- key management for CIFS
>+ *
>+ *   Copyright (c) 2007 Red Hat, Inc.
>+ *   Author(s): Jeff Layton (jlayton@redhat.com)
>+ *
>+ *   This library is free software; you can redistribute it and/or modify
>+ *   it under the terms of the GNU Lesser General Public License as published
>+ *   by the Free Software Foundation; either version 2.1 of the License, or
>+ *   (at your option) any later version.
>+ *
>+ *   This library is distributed in the hope that it will be useful,
>+ *   but WITHOUT ANY WARRANTY; without even the implied warranty of
>+ *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
>+ *   the GNU Lesser General Public License for more details.
>+ *
>+ *   You should have received a copy of the GNU Lesser General Public License
>+ *   along with this library; if not, write to the Free Software
>+ *   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
>+ */
>+
>+#include <linux/list.h>
>+#include <linux/string.h>
>+#include <keys/user-type.h>
>+#include "cifsglob.h"
>+#include "cifskey.h"
>+
>+/*
>+ * keytype for CIFS spnego keys
>+ */
>+struct key_type cifs_key_type = {
>+	.name		= "cifskey",
>+	.instantiate	= user_instantiate,
>+	.match		= user_match,
>+	.destroy	= user_destroy,
>+	.describe	= user_describe,
>+};
>+
>+int
>+cifs_negotiate_security(struct cifsSesInfo *sesInfo, const char *secblob, size_t len)
>+{
>+	struct key *key;
>+	struct TCP_Server_Info *server = sesInfo->server;
>+	char *description = NULL;
>+	int error;
>+
>+	error = -ENOMEM;
>+	/* 8 bytes for uid, 32 for addr, 1 for colon, 1 for NULL */
>+	description = kzalloc((8 + 32 + 1 + 1), GFP_KERNEL);
>+	if (description == NULL)
>+		goto out;
>+
>+	error = -EINVAL;
>+	if (server->addr.sockAddr.sin_family == AF_INET)
>+		sprintf(description, "%8.8x:" NIPQUAD_FMT, sesInfo->linux_uid,
>+			NIPQUAD(server->addr.sockAddr.sin_addr));
>+	else if (server->addr.sockAddr.sin_family == AF_INET6)
>+		sprintf(description, "%8.8x:" NIP6_SEQFMT, sesInfo->linux_uid,
>+			NIP6(server->addr.sockAddr6.sin6_addr));
>+	else
>+		goto out;
>+		
>+	if (sesInfo->key != NULL)
>+		key_put(sesInfo->key);
>+
>+	key = request_key(&cifs_key_type, description, secblob);
>+	if (IS_ERR(key)) {
>+		error = PTR_ERR(key);
>+		goto out;
>+	}
>+
>+	error = 0;
>+out:
>+	if (description)
>+		kfree(description);
>+	return error;
>+}
>diff --git a/fs/cifs/cifskey.h b/fs/cifs/cifskey.h
>new file mode 100644
>index 0000000..e126994
>--- /dev/null
>+++ b/fs/cifs/cifskey.h
>@@ -0,0 +1,29 @@
>+/*
>+ *   fs/cifs/cifskey.h -- key management for CIFS
>+ *
>+ *   Copyright (c) 2007 Red Hat, Inc.
>+ *   Author(s): Jeff Layton (jlayton@redhat.com)
>+ *
>+ *   This library is free software; you can redistribute it and/or modify
>+ *   it under the terms of the GNU Lesser General Public License as published
>+ *   by the Free Software Foundation; either version 2.1 of the License, or
>+ *   (at your option) any later version.
>+ *
>+ *   This library is distributed in the hope that it will be useful,
>+ *   but WITHOUT ANY WARRANTY; without even the implied warranty of
>+ *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
>+ *   the GNU Lesser General Public License for more details.
>+ *
>+ *   You should have received a copy of the GNU Lesser General Public License
>+ *   along with this library; if not, write to the Free Software
>+ *   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
>+ */
>+
>+#ifndef _CIFSKEY_H
>+#define _CIFSKEY_H
>+
>+extern struct key_type cifs_key_type;
>+
>+extern int cifs_negotiate_security(struct cifsSesInfo *sesInfo, const char *secblob, size_t len);
>+
>+#endif /* _CIFSKEY_H */
>diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c
>index a6ff324..a952154 100644
>--- a/fs/cifs/cifssmb.c
>+++ b/fs/cifs/cifssmb.c
>@@ -38,6 +38,7 @@
> #include "cifs_unicode.h"
> #include "cifs_debug.h"
> #include "cifsacl.h"
>+#include "cifskey.h"
> 
> #ifdef CONFIG_CIFS_POSIX
> static struct {
>@@ -620,10 +621,8 @@ CIFSSMBNegotiate(unsigned int xid, struct cifsSesInfo *ses)
> 				memcpy(server->server_GUID,
> 				       pSMBr->u.extended_response.GUID, 16);
> 		} else {
>-			rc = decode_negTokenInit(pSMBr->u.extended_response.
>-						 SecurityBlob,
>-						 count - 16,
>-						 &server->secType);
>+			rc = cifs_negotiate_security(ses, pSMBr->u.extended_response.SecurityBlob,
>+						 count - 16);
> 			if (rc == 1) {
> 			/* BB Need to fill struct for sessetup here */
> 				rc = -EOPNOTSUPP;
>@@ -643,8 +642,7 @@ signing_check:
> 		cFYI(1, ("Signing disabled"));
> 		if (server->secMode & SECMODE_SIGN_REQUIRED)
> 			cERROR(1, ("Server requires "
>-				   "/proc/fs/cifs/PacketSigningEnabled "
>-				   "to be on"));
>+				   "packet signing to be enabled."));
> 		server->secMode &=
> 			~(SECMODE_SIGN_ENABLED | SECMODE_SIGN_REQUIRED);
> 	} else if ((secFlags & CIFSSEC_MUST_SIGN) == CIFSSEC_MUST_SIGN) {
>diff --git a/fs/cifs/misc.c b/fs/cifs/misc.c
>index 51ec681..9e0d85b 100644
>--- a/fs/cifs/misc.c
>+++ b/fs/cifs/misc.c
>@@ -97,6 +97,8 @@ sesInfoFree(struct cifsSesInfo *buf_to_free)
> 	atomic_dec(&sesInfoAllocCount);
> 	list_del(&buf_to_free->cifsSessionList);
> 	write_unlock(&GlobalSMBSeslock);
>+	if (buf_to_free->key)
>+		key_put(buf_to_free->key);
> 	kfree(buf_to_free->serverOS);
> 	kfree(buf_to_free->serverDomain);
> 	kfree(buf_to_free->serverNOS);
>diff --git a/security/keys/user_defined.c b/security/keys/user_defined.c

Actions: View | Diff

Attachments on bug 317241: 214971