mirror of
				git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
				synced 2025-09-18 22:14:16 +00:00 
			
		
		
		
	cifs: move "ntlmssp" and "local_leases" options out of experimental code
I see no real need to leave these sorts of options under an EXPERIMENTAL ifdef. Since you need a mount option to turn this code on, that only blows out the testing matrix. local_leases has been under the EXPERIMENTAL tag for some time, but it's only the mount option that's under this label. Move it out from under this tag. The NTLMSSP code is also under EXPERIMENTAL, but it needs a mount option to turn it on, and in the future any distro will reasonably want this enabled. Go ahead and move it out from under the EXPERIMENTAL tag. Signed-off-by: Jeff Layton <jlayton@redhat.com> Acked-by: Suresh Jayaraman <sjayaraman@suse.de> Signed-off-by: Steve French <sfrench@us.ibm.com>
This commit is contained in:
		
							parent
							
								
									1397f2ee4b
								
							
						
					
					
						commit
						b4d6fcf13f
					
				
					 3 changed files with 59 additions and 72 deletions
				
			
		|  | @ -401,15 +401,12 @@ CIFSSMBNegotiate(unsigned int xid, struct cifsSesInfo *ses) | ||||||
| 	else if ((secFlags & CIFSSEC_AUTH_MASK) == CIFSSEC_MAY_KRB5) { | 	else if ((secFlags & CIFSSEC_AUTH_MASK) == CIFSSEC_MAY_KRB5) { | ||||||
| 		cFYI(1, "Kerberos only mechanism, enable extended security"); | 		cFYI(1, "Kerberos only mechanism, enable extended security"); | ||||||
| 		pSMB->hdr.Flags2 |= SMBFLG2_EXT_SEC; | 		pSMB->hdr.Flags2 |= SMBFLG2_EXT_SEC; | ||||||
| 	} | 	} else if ((secFlags & CIFSSEC_MUST_NTLMSSP) == CIFSSEC_MUST_NTLMSSP) | ||||||
| #ifdef CONFIG_CIFS_EXPERIMENTAL |  | ||||||
| 	else if ((secFlags & CIFSSEC_MUST_NTLMSSP) == CIFSSEC_MUST_NTLMSSP) |  | ||||||
| 		pSMB->hdr.Flags2 |= SMBFLG2_EXT_SEC; | 		pSMB->hdr.Flags2 |= SMBFLG2_EXT_SEC; | ||||||
| 	else if ((secFlags & CIFSSEC_AUTH_MASK) == CIFSSEC_MAY_NTLMSSP) { | 	else if ((secFlags & CIFSSEC_AUTH_MASK) == CIFSSEC_MAY_NTLMSSP) { | ||||||
| 		cFYI(1, "NTLMSSP only mechanism, enable extended security"); | 		cFYI(1, "NTLMSSP only mechanism, enable extended security"); | ||||||
| 		pSMB->hdr.Flags2 |= SMBFLG2_EXT_SEC; | 		pSMB->hdr.Flags2 |= SMBFLG2_EXT_SEC; | ||||||
| 	} | 	} | ||||||
| #endif |  | ||||||
| 
 | 
 | ||||||
| 	count = 0; | 	count = 0; | ||||||
| 	for (i = 0; i < CIFS_NUM_PROT; i++) { | 	for (i = 0; i < CIFS_NUM_PROT; i++) { | ||||||
|  |  | ||||||
|  | @ -984,13 +984,11 @@ cifs_parse_mount_options(char *options, const char *devname, | ||||||
| 				return 1; | 				return 1; | ||||||
| 			} else if (strnicmp(value, "krb5", 4) == 0) { | 			} else if (strnicmp(value, "krb5", 4) == 0) { | ||||||
| 				vol->secFlg |= CIFSSEC_MAY_KRB5; | 				vol->secFlg |= CIFSSEC_MAY_KRB5; | ||||||
| #ifdef CONFIG_CIFS_EXPERIMENTAL |  | ||||||
| 			} else if (strnicmp(value, "ntlmsspi", 8) == 0) { | 			} else if (strnicmp(value, "ntlmsspi", 8) == 0) { | ||||||
| 				vol->secFlg |= CIFSSEC_MAY_NTLMSSP | | 				vol->secFlg |= CIFSSEC_MAY_NTLMSSP | | ||||||
| 					CIFSSEC_MUST_SIGN; | 					CIFSSEC_MUST_SIGN; | ||||||
| 			} else if (strnicmp(value, "ntlmssp", 7) == 0) { | 			} else if (strnicmp(value, "ntlmssp", 7) == 0) { | ||||||
| 				vol->secFlg |= CIFSSEC_MAY_NTLMSSP; | 				vol->secFlg |= CIFSSEC_MAY_NTLMSSP; | ||||||
| #endif |  | ||||||
| 			} else if (strnicmp(value, "ntlmv2i", 7) == 0) { | 			} else if (strnicmp(value, "ntlmv2i", 7) == 0) { | ||||||
| 				vol->secFlg |= CIFSSEC_MAY_NTLMV2 | | 				vol->secFlg |= CIFSSEC_MAY_NTLMV2 | | ||||||
| 					CIFSSEC_MUST_SIGN; | 					CIFSSEC_MUST_SIGN; | ||||||
|  | @ -1341,10 +1339,8 @@ cifs_parse_mount_options(char *options, const char *devname, | ||||||
| 			vol->no_psx_acl = 0; | 			vol->no_psx_acl = 0; | ||||||
| 		} else if (strnicmp(data, "noacl", 5) == 0) { | 		} else if (strnicmp(data, "noacl", 5) == 0) { | ||||||
| 			vol->no_psx_acl = 1; | 			vol->no_psx_acl = 1; | ||||||
| #ifdef CONFIG_CIFS_EXPERIMENTAL |  | ||||||
| 		} else if (strnicmp(data, "locallease", 6) == 0) { | 		} else if (strnicmp(data, "locallease", 6) == 0) { | ||||||
| 			vol->local_lease = 1; | 			vol->local_lease = 1; | ||||||
| #endif |  | ||||||
| 		} else if (strnicmp(data, "sign", 4) == 0) { | 		} else if (strnicmp(data, "sign", 4) == 0) { | ||||||
| 			vol->secFlg |= CIFSSEC_MUST_SIGN; | 			vol->secFlg |= CIFSSEC_MUST_SIGN; | ||||||
| 		} else if (strnicmp(data, "seal", 4) == 0) { | 		} else if (strnicmp(data, "seal", 4) == 0) { | ||||||
|  |  | ||||||
							
								
								
									
										122
									
								
								fs/cifs/sess.c
									
										
									
									
									
								
							
							
						
						
									
										122
									
								
								fs/cifs/sess.c
									
										
									
									
									
								
							|  | @ -420,7 +420,6 @@ static int decode_ntlmssp_challenge(char *bcc_ptr, int blob_len, | ||||||
| 	return 0; | 	return 0; | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| #ifdef CONFIG_CIFS_EXPERIMENTAL |  | ||||||
| /* BB Move to ntlmssp.c eventually */ | /* BB Move to ntlmssp.c eventually */ | ||||||
| 
 | 
 | ||||||
| /* We do not malloc the blob, it is passed in pbuffer, because
 | /* We do not malloc the blob, it is passed in pbuffer, because
 | ||||||
|  | @ -564,7 +563,6 @@ setup_ntlmv2_ret: | ||||||
| 	*buflen = tmp - pbuffer; | 	*buflen = tmp - pbuffer; | ||||||
| 	return rc; | 	return rc; | ||||||
| } | } | ||||||
| #endif |  | ||||||
| 
 | 
 | ||||||
| int | int | ||||||
| CIFS_SessSetup(unsigned int xid, struct cifsSesInfo *ses, | CIFS_SessSetup(unsigned int xid, struct cifsSesInfo *ses, | ||||||
|  | @ -806,74 +804,70 @@ ssetup_ntlmssp_authenticate: | ||||||
| 		rc = -ENOSYS; | 		rc = -ENOSYS; | ||||||
| 		goto ssetup_exit; | 		goto ssetup_exit; | ||||||
| #endif /* CONFIG_CIFS_UPCALL */ | #endif /* CONFIG_CIFS_UPCALL */ | ||||||
| 	} else { | 	} else if (type == RawNTLMSSP) { | ||||||
| #ifdef CONFIG_CIFS_EXPERIMENTAL | 		if ((pSMB->req.hdr.Flags2 & SMBFLG2_UNICODE) == 0) { | ||||||
| 		if (type == RawNTLMSSP) { | 			cERROR(1, "NTLMSSP requires Unicode support"); | ||||||
| 			if ((pSMB->req.hdr.Flags2 & SMBFLG2_UNICODE) == 0) { |  | ||||||
| 				cERROR(1, "NTLMSSP requires Unicode support"); |  | ||||||
| 				rc = -ENOSYS; |  | ||||||
| 				goto ssetup_exit; |  | ||||||
| 			} |  | ||||||
| 
 |  | ||||||
| 			cFYI(1, "ntlmssp session setup phase %d", phase); |  | ||||||
| 			pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC; |  | ||||||
| 			capabilities |= CAP_EXTENDED_SECURITY; |  | ||||||
| 			pSMB->req.Capabilities |= cpu_to_le32(capabilities); |  | ||||||
| 			if (phase == NtLmNegotiate) { |  | ||||||
| 				build_ntlmssp_negotiate_blob( |  | ||||||
| 					pSMB->req.SecurityBlob, ses); |  | ||||||
| 				iov[1].iov_len = sizeof(NEGOTIATE_MESSAGE); |  | ||||||
| 				iov[1].iov_base = pSMB->req.SecurityBlob; |  | ||||||
| 				pSMB->req.SecurityBlobLength = |  | ||||||
| 					cpu_to_le16(sizeof(NEGOTIATE_MESSAGE)); |  | ||||||
| 			} else if (phase == NtLmAuthenticate) { |  | ||||||
| 				/* 5 is an empirical value, large enought to
 |  | ||||||
| 				 * hold authenticate message, max 10 of |  | ||||||
| 				 * av paris, doamin,user,workstation mames, |  | ||||||
| 				 * flags etc.. |  | ||||||
| 				 */ |  | ||||||
| 				ntlmsspblob = kzalloc( |  | ||||||
| 					5*sizeof(struct _AUTHENTICATE_MESSAGE), |  | ||||||
| 					GFP_KERNEL); |  | ||||||
| 				if (!ntlmsspblob) { |  | ||||||
| 					cERROR(1, "Can't allocate NTLMSSP"); |  | ||||||
| 					rc = -ENOMEM; |  | ||||||
| 					goto ssetup_exit; |  | ||||||
| 				} |  | ||||||
| 
 |  | ||||||
| 				rc = build_ntlmssp_auth_blob(ntlmsspblob, |  | ||||||
| 							&blob_len, ses, nls_cp); |  | ||||||
| 				if (rc) |  | ||||||
| 					goto ssetup_exit; |  | ||||||
| 				iov[1].iov_len = blob_len; |  | ||||||
| 				iov[1].iov_base = ntlmsspblob; |  | ||||||
| 				pSMB->req.SecurityBlobLength = |  | ||||||
| 					cpu_to_le16(blob_len); |  | ||||||
| 				/* Make sure that we tell the server that we
 |  | ||||||
| 				   are using the uid that it just gave us back |  | ||||||
| 				   on the response (challenge) */ |  | ||||||
| 				smb_buf->Uid = ses->Suid; |  | ||||||
| 			} else { |  | ||||||
| 				cERROR(1, "invalid phase %d", phase); |  | ||||||
| 				rc = -ENOSYS; |  | ||||||
| 				goto ssetup_exit; |  | ||||||
| 			} |  | ||||||
| 			/* unicode strings must be word aligned */ |  | ||||||
| 			if ((iov[0].iov_len + iov[1].iov_len) % 2) { |  | ||||||
| 				*bcc_ptr = 0; |  | ||||||
| 				bcc_ptr++; |  | ||||||
| 			} |  | ||||||
| 			unicode_oslm_strings(&bcc_ptr, nls_cp); |  | ||||||
| 		} else { |  | ||||||
| 			cERROR(1, "secType %d not supported!", type); |  | ||||||
| 			rc = -ENOSYS; | 			rc = -ENOSYS; | ||||||
| 			goto ssetup_exit; | 			goto ssetup_exit; | ||||||
| 		} | 		} | ||||||
| #else | 
 | ||||||
|  | 		cFYI(1, "ntlmssp session setup phase %d", phase); | ||||||
|  | 		pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC; | ||||||
|  | 		capabilities |= CAP_EXTENDED_SECURITY; | ||||||
|  | 		pSMB->req.Capabilities |= cpu_to_le32(capabilities); | ||||||
|  | 		switch(phase) { | ||||||
|  | 		case NtLmNegotiate: | ||||||
|  | 			build_ntlmssp_negotiate_blob( | ||||||
|  | 				pSMB->req.SecurityBlob, ses); | ||||||
|  | 			iov[1].iov_len = sizeof(NEGOTIATE_MESSAGE); | ||||||
|  | 			iov[1].iov_base = pSMB->req.SecurityBlob; | ||||||
|  | 			pSMB->req.SecurityBlobLength = | ||||||
|  | 				cpu_to_le16(sizeof(NEGOTIATE_MESSAGE)); | ||||||
|  | 			break; | ||||||
|  | 		case NtLmAuthenticate: | ||||||
|  | 			/*
 | ||||||
|  | 			 * 5 is an empirical value, large enough to hold | ||||||
|  | 			 * authenticate message plus max 10 of av paris, | ||||||
|  | 			 * domain, user, workstation names, flags, etc. | ||||||
|  | 			 */ | ||||||
|  | 			ntlmsspblob = kzalloc( | ||||||
|  | 				5*sizeof(struct _AUTHENTICATE_MESSAGE), | ||||||
|  | 				GFP_KERNEL); | ||||||
|  | 			if (!ntlmsspblob) { | ||||||
|  | 				cERROR(1, "Can't allocate NTLMSSP blob"); | ||||||
|  | 				rc = -ENOMEM; | ||||||
|  | 				goto ssetup_exit; | ||||||
|  | 			} | ||||||
|  | 
 | ||||||
|  | 			rc = build_ntlmssp_auth_blob(ntlmsspblob, | ||||||
|  | 						&blob_len, ses, nls_cp); | ||||||
|  | 			if (rc) | ||||||
|  | 				goto ssetup_exit; | ||||||
|  | 			iov[1].iov_len = blob_len; | ||||||
|  | 			iov[1].iov_base = ntlmsspblob; | ||||||
|  | 			pSMB->req.SecurityBlobLength = cpu_to_le16(blob_len); | ||||||
|  | 			/*
 | ||||||
|  | 			 * Make sure that we tell the server that we are using | ||||||
|  | 			 * the uid that it just gave us back on the response | ||||||
|  | 			 * (challenge) | ||||||
|  | 			 */ | ||||||
|  | 			smb_buf->Uid = ses->Suid; | ||||||
|  | 			break; | ||||||
|  | 		default: | ||||||
|  | 			cERROR(1, "invalid phase %d", phase); | ||||||
|  | 			rc = -ENOSYS; | ||||||
|  | 			goto ssetup_exit; | ||||||
|  | 		} | ||||||
|  | 		/* unicode strings must be word aligned */ | ||||||
|  | 		if ((iov[0].iov_len + iov[1].iov_len) % 2) { | ||||||
|  | 			*bcc_ptr = 0; | ||||||
|  | 			bcc_ptr++; | ||||||
|  | 		} | ||||||
|  | 		unicode_oslm_strings(&bcc_ptr, nls_cp); | ||||||
|  | 	} else { | ||||||
| 		cERROR(1, "secType %d not supported!", type); | 		cERROR(1, "secType %d not supported!", type); | ||||||
| 		rc = -ENOSYS; | 		rc = -ENOSYS; | ||||||
| 		goto ssetup_exit; | 		goto ssetup_exit; | ||||||
| #endif |  | ||||||
| 	} | 	} | ||||||
| 
 | 
 | ||||||
| 	iov[2].iov_base = str_area; | 	iov[2].iov_base = str_area; | ||||||
|  |  | ||||||
		Loading…
	
	Add table
		
		Reference in a new issue
	
	 Jeff Layton
						Jeff Layton