Attachment 217871 Details for Bug 315311 – patch 2 -- convert blob to hex string before sending

[patch] patch 2 -- convert blob to hex string before sending

cifsauth.patch (text/plain), 9.59 KB, created by Jeff Layton on 2007-10-05 19:14:53 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Jeff Layton

Created: 2007-10-05 19:14:53 UTC

Size: 9.59 KB

patch

obsolete

>diff --git a/fs/cifs/Makefile b/fs/cifs/Makefile
>index ff6ba8d..0a6d9a5 100644
>--- a/fs/cifs/Makefile
>+++ b/fs/cifs/Makefile
>@@ -3,4 +3,4 @@
> #
> obj-$(CONFIG_CIFS) += cifs.o
> 
>-cifs-objs := cifsfs.o cifssmb.o cifs_debug.o connect.o dir.o file.o inode.o link.o misc.o netmisc.o smbdes.o smbencrypt.o transport.o asn1.o md4.o md5.o cifs_unicode.o nterr.o xattr.o cifsencrypt.o fcntl.o readdir.o ioctl.o sess.o export.o cifsacl.o
>+cifs-objs := cifsfs.o cifssmb.o cifs_debug.o connect.o dir.o file.o inode.o link.o misc.o netmisc.o smbdes.o smbencrypt.o transport.o asn1.o md4.o md5.o cifs_unicode.o nterr.o xattr.o cifsencrypt.o fcntl.o readdir.o ioctl.o sess.o export.o cifsacl.o cifsauth.o
>diff --git a/fs/cifs/cifsauth.c b/fs/cifs/cifsauth.c
>new file mode 100644
>index 0000000..98c293a
>--- /dev/null
>+++ b/fs/cifs/cifsauth.c
>@@ -0,0 +1,137 @@
>+/*
>+ *   fs/cifs/cifsauth.c -- auth management for CIFS
>+ *
>+ *   Copyright (c) 2007 Red Hat, Inc.
>+ *   Author(s): Jeff Layton (jlayton@redhat.com)
>+ *
>+ *   This library is free software; you can redistribute it and/or modify
>+ *   it under the terms of the GNU Lesser General Public License as published
>+ *   by the Free Software Foundation; either version 2.1 of the License, or
>+ *   (at your option) any later version.
>+ *
>+ *   This library is distributed in the hope that it will be useful,
>+ *   but WITHOUT ANY WARRANTY; without even the implied warranty of
>+ *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
>+ *   the GNU Lesser General Public License for more details.
>+ *
>+ *   You should have received a copy of the GNU Lesser General Public License
>+ *   along with this library; if not, write to the Free Software
>+ *   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
>+ */
>+
>+#include <linux/list.h>
>+#include <linux/string.h>
>+#include <keys/user-type.h>
>+#include "cifsglob.h"
>+#include "cifs_debug.h"
>+
>+/*
>+ * create a new SPNEGO blob key
>+ */
>+static int
>+cifs_spnego_instantiate(struct key *key, const void *data, size_t datalen)
>+{
>+	char *payload;
>+	int ret;
>+
>+	/* FIXME: is 64k enough? */
>+	ret = -EINVAL;
>+	if (datalen <= 0 || datalen > 65535 || !data)
>+		goto error;
>+
>+	/* FIXME: is EINVAL correct here? That's what user_instantiate does */
>+	ret = key_payload_reserve(key, datalen);
>+	if (ret < 0)
>+		goto error;
>+
>+	ret = -ENOMEM;
>+	payload = kmalloc(datalen, GFP_KERNEL);
>+	if (!payload)
>+		goto error;
>+
>+	/* attach the data */
>+	memcpy(payload, data, datalen);
>+	rcu_assign_pointer(key->payload.data, payload);
>+	ret = 0;
>+
>+error:
>+	return ret;
>+}
>+
>+static void
>+cifs_spnego_destroy(struct key *key)
>+{
>+	kfree(key->payload.data);
>+}
>+
>+
>+/*
>+ * keytype for CIFS spnego keys
>+ */
>+struct key_type cifs_spnego_key_type = {
>+	.name		= "cifs.spnego",
>+	.instantiate	= cifs_spnego_instantiate,
>+	.match		= user_match,
>+	.destroy	= cifs_spnego_destroy,
>+	.describe	= user_describe,
>+};
>+
>+/*
>+ * given a SPNEGO security blob and session info, get a key struct with a new
>+ * SPNEGO security blob, suitable for session setup
>+ */
>+int
>+cifs_spnego_convert(struct cifsSesInfo *sesInfo, const char *secblob, size_t len)
>+{
>+	struct key *key;
>+	struct TCP_Server_Info *server = sesInfo->server;
>+	char *description = NULL;
>+	char *hexblob = NULL;
>+	int i, error;
>+
>+	error = -ENOMEM;
>+	/* 8 bytes for uid, 32 for addr, 1 for colon, 1 for NULL */
>+	description = kzalloc((8 + 32 + 1 + 1), GFP_KERNEL);
>+	if (description == NULL)
>+		goto out;
>+
>+	/* bin->hex conversion means length of blob doubles, +1 for NULL */
>+	hexblob = vmalloc((len * 2) + 1);
>+	if (hexblob == NULL)
>+		goto out;
>+
>+	error = -EINVAL;
>+	if (server->addr.sockAddr.sin_family == AF_INET)
>+		sprintf(description, "%8.8x:" NIPQUAD_FMT, sesInfo->linux_uid,
>+			NIPQUAD(server->addr.sockAddr.sin_addr));
>+	else if (server->addr.sockAddr.sin_family == AF_INET6)
>+		sprintf(description, "%8.8x:" NIP6_SEQFMT, sesInfo->linux_uid,
>+			NIP6(server->addr.sockAddr6.sin6_addr));
>+	else
>+		goto out;
>+
>+	/* convert blob to hex string */
>+	for (i = 0; i < len; ++i)
>+		sprintf(&(hexblob[i*2]), "%2.2x", (unsigned int) secblob[i]);
>+		
>+	if (sesInfo->spnego_key != NULL) {
>+		key_put(sesInfo->spnego_key);
>+		sesInfo->spnego_key = NULL;
>+	}
>+
>+	key = request_key(&cifs_spnego_key_type, description, hexblob);
>+	if (IS_ERR(key)) {
>+		error = PTR_ERR(key);
>+		goto out;
>+	}
>+
>+	sesInfo->spnego_key = key;
>+	error = 0;
>+	cifs_dump_mem("SPNEGO blob:", key->payload.data, key->datalen);
>+out:
>+	if (description)
>+		kfree(description);
>+	if (hexblob)
>+		vfree(hexblob);
>+	return error;
>+}
>diff --git a/fs/cifs/cifsauth.h b/fs/cifs/cifsauth.h
>new file mode 100644
>index 0000000..39f800b
>--- /dev/null
>+++ b/fs/cifs/cifsauth.h
>@@ -0,0 +1,29 @@
>+/*
>+ *   fs/cifs/cifsauth.h -- auth management for CIFS
>+ *
>+ *   Copyright (c) 2007 Red Hat, Inc.
>+ *   Author(s): Jeff Layton (jlayton@redhat.com)
>+ *
>+ *   This library is free software; you can redistribute it and/or modify
>+ *   it under the terms of the GNU Lesser General Public License as published
>+ *   by the Free Software Foundation; either version 2.1 of the License, or
>+ *   (at your option) any later version.
>+ *
>+ *   This library is distributed in the hope that it will be useful,
>+ *   but WITHOUT ANY WARRANTY; without even the implied warranty of
>+ *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
>+ *   the GNU Lesser General Public License for more details.
>+ *
>+ *   You should have received a copy of the GNU Lesser General Public License
>+ *   along with this library; if not, write to the Free Software
>+ *   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
>+ */
>+
>+#ifndef _CIFSAUTH_H
>+#define _CIFSAUTH_H
>+
>+extern struct key_type cifs_spnego_key_type;
>+
>+extern int cifs_spnego_convert(struct cifsSesInfo *sesInfo, const char *secblob, size_t len);
>+
>+#endif /* _CIFSAUTH_H */
>diff --git a/fs/cifs/cifsfs.c b/fs/cifs/cifsfs.c
>index c7c3521..8aa8105 100644
>--- a/fs/cifs/cifsfs.c
>+++ b/fs/cifs/cifsfs.c
>@@ -42,6 +42,7 @@
> #include "cifsproto.h"
> #include "cifs_debug.h"
> #include "cifs_fs_sb.h"
>+#include "cifsauth.h"
> #include <linux/mm.h>
> #define CIFS_MAGIC_NUMBER 0xFF534D42	/* the first four bytes of SMB PDUs */
> 
>@@ -1010,11 +1011,15 @@ init_cifs(void)
> 	if (rc)
> 		goto out_destroy_request_bufs;
> 
>+	rc = register_key_type(&cifs_spnego_key_type);
>+	if (rc)
>+		goto out_unregister_filesystem;
>+
> 	oplockThread = kthread_run(cifs_oplock_thread, NULL, "cifsoplockd");
> 	if (IS_ERR(oplockThread)) {
> 		rc = PTR_ERR(oplockThread);
> 		cERROR(1, ("error %d create oplock thread", rc));
>-		goto out_unregister_filesystem;
>+		goto out_unregister_key_type;
> 	}
> 
> 	dnotifyThread = kthread_run(cifs_dnotify_thread, NULL, "cifsdnotifyd");
>@@ -1028,6 +1033,8 @@ init_cifs(void)
> 
>  out_stop_oplock_thread:
> 	kthread_stop(oplockThread);
>+ out_unregister_key_type:
>+	unregister_key_type(&cifs_spnego_key_type);
>  out_unregister_filesystem:
> 	unregister_filesystem(&cifs_fs_type);
>  out_destroy_request_bufs:
>@@ -1050,6 +1057,7 @@ exit_cifs(void)
> #ifdef CONFIG_PROC_FS
> 	cifs_proc_clean();
> #endif
>+	unregister_key_type(&cifs_spnego_key_type);
> 	unregister_filesystem(&cifs_fs_type);
> 	cifs_destroy_inodecache();
> 	cifs_destroy_mids();
>diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h
>index fbde55c..5a9a67d 100644
>--- a/fs/cifs/cifsglob.h
>+++ b/fs/cifs/cifsglob.h
>@@ -227,6 +227,7 @@ struct cifsSesInfo {
> 	char userName[MAX_USERNAME_SIZE + 1];
> 	char *domainName;
> 	char *password;
>+	struct key *spnego_key;	/* security key */
> };
> /* no more than one of the following three session flags may be set */
> #define CIFS_SES_NT4 1
>@@ -492,9 +493,9 @@ require use of the stronger protocol */
> #ifdef CONFIG_CIFS_WEAK_PW_HASH
> #define   CIFSSEC_MUST_LANMAN	0x10010
> #define   CIFSSEC_MUST_PLNTXT	0x20020
>-#define   CIFSSEC_MASK          0x37037 /* current flags supported if weak */
>+#define   CIFSSEC_MASK          0x3f03f /* current flags supported if weak */
> #else
>-#define	  CIFSSEC_MASK          0x07007 /* flags supported if no weak config */
>+#define	  CIFSSEC_MASK          0x0f00f /* flags supported if no weak config */
> #endif /* WEAK_PW_HASH */
> #define   CIFSSEC_MUST_SEAL	0x40040 /* not supported yet */
> 
>diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c
>index fda8b24..510a81f 100644
>--- a/fs/cifs/cifssmb.c
>+++ b/fs/cifs/cifssmb.c
>@@ -38,6 +38,7 @@
> #include "cifsproto.h"
> #include "cifs_unicode.h"
> #include "cifs_debug.h"
>+#include "cifsauth.h"
> 
> #ifdef CONFIG_CIFS_POSIX
> static struct {
>@@ -638,10 +639,10 @@ CIFSSMBNegotiate(unsigned int xid, struct cifsSesInfo *ses)
> 				memcpy(server->server_GUID,
> 				       pSMBr->u.extended_response.GUID, 16);
> 		} else {
>-			rc = decode_negTokenInit(pSMBr->u.extended_response.
>+			rc = cifs_spnego_convert(ses,
>+						 pSMBr->u.extended_response.
> 						 SecurityBlob,
>-						 count - 16,
>-						 &server->secType);
>+						 count - 16);
> 			if (rc == 1) {
> 			/* BB Need to fill struct for sessetup here */
> 				rc = -EOPNOTSUPP;
>@@ -661,8 +662,7 @@ signing_check:
> 		cFYI(1, ("Signing disabled"));
> 		if (server->secMode & SECMODE_SIGN_REQUIRED)
> 			cERROR(1, ("Server requires "
>-				   "/proc/fs/cifs/PacketSigningEnabled "
>-				   "to be on"));
>+				   "packet signing to be enabled."));
> 		server->secMode &=
> 			~(SECMODE_SIGN_ENABLED | SECMODE_SIGN_REQUIRED);
> 	} else if ((secFlags & CIFSSEC_MUST_SIGN) == CIFSSEC_MUST_SIGN) {
>diff --git a/fs/cifs/misc.c b/fs/cifs/misc.c
>index 51ec681..3b01968 100644
>--- a/fs/cifs/misc.c
>+++ b/fs/cifs/misc.c
>@@ -97,6 +97,8 @@ sesInfoFree(struct cifsSesInfo *buf_to_free)
> 	atomic_dec(&sesInfoAllocCount);
> 	list_del(&buf_to_free->cifsSessionList);
> 	write_unlock(&GlobalSMBSeslock);
>+	if (buf_to_free->spnego_key)
>+		key_put(buf_to_free->spnego_key);
> 	kfree(buf_to_free->serverOS);
> 	kfree(buf_to_free->serverDomain);
> 	kfree(buf_to_free->serverNOS);

Actions: View | Diff

Attachments on bug 315311: 215841 | 217871 | 218261 | 218271 | 228611 | 232741 | 236521 | 237721 | 248401