Commit Graph

859 Commits

Author SHA1 Message Date
Christoph Hellwig
b96d31a62f cifs: clean up set_cifs_acl interfaces
Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Shirish Pargaonkar <shirishp@us.ibm.com>
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
2009-05-28 18:41:56 +00:00
Christoph Hellwig
1bf4072da6 cifs: reorganize get_cifs_acl
Thus spake Christoph:

"But this whole set_cifs_acl function is a real mess anyway and needs
some splitting up."

With this change too, it's possible to call acl_to_uid_mode() with a
NULL inode pointer. That (or something close to it) will eventually be
necessary when cifs_get_inode_info is reorganized.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Shirish Pargaonkar <shirishp@us.ibm.com>
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
2009-05-28 17:08:02 +00:00
Steve French
c5077ec423 [CIFS] Update readme to indicate change to default mount (serverino)
Signed-off-by: Steve French <sfrench@us.ibm.com>
2009-05-28 15:09:04 +00:00
Jeff Layton
a0c9217f64 cifs: make serverino the default when mounting
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
2009-05-28 15:04:17 +00:00
Jeff Layton
bd433d4cf4 cifs: rename cifs_iget to cifs_root_iget
The current cifs_iget isn't suitable for anything but the root inode.
Rename it with a more appropriate name.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Steve French <sfrench@us.ibm.com>
2009-05-28 14:57:29 +00:00
Jeff Layton
c4a2c08db7 cifs: make cnvrtDosUnixTm take a little-endian args and an offset
The callers primarily end up converting the args from le anyway. Also,
most of the callers end up needing to add an offset to the result. The
exception to these rules is cnvrtDosCifsTm, but there are no callers of
that function, so we might as well remove it.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Steve French <sfrench@us.ibm.com>
2009-05-28 14:57:20 +00:00
Jeff Layton
07119a4df8 cifs: have cifs_NTtimeToUnix take a little-endian arg
...and just have the function call le64_to_cpu.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Steve French <sfrench@us.ibm.com>
2009-05-28 14:32:31 +00:00
Jeff Layton
f55ed1a83d cifs: tighten up default file_mode/dir_mode
The current default file mode is 02767 and dir mode is 0777. This is
extremely "loose". Given that CIFS is a single-user protocol, these
permissions allow anyone to use the mount -- in effect, giving anyone on
the machine access to the credentials used to mount the share.

Change this by making the default permissions restrict write access to
the default owner of the mount. Give read and execute permissions to
everyone else. These are the same permissions that VFAT mounts get by
default so there is some precedent here.

Note that this patch also removes the mandatory locking flags from the
default file_mode. After having looked at how these flags are used by
the kernel, I don't think that keeping them as the default offers any
real benefit. That flag combination makes it so that the kernel enforces
mandatory locking.

Since the server is going to do that for us anyway, I don't think we
want the client to enforce this by default on applications that just
want advisory locks. Anyone that does want this behavior can always
enable it by setting the file_mode appropriately.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
2009-05-26 21:10:55 +00:00
Jeff Layton
46a7574caf cifs: fix artificial limit on reading symlinks
There's no reason to limit the size of a symlink that we can read to
4000 bytes. That may be nowhere near PATH_MAX if the server is sending
UCS2 strings. CIFS should be able to read in a symlink up to the size of
the buffer. The size of the header has already been accounted for when
creating the slabcache, so CIFSMaxBufSize should be the correct size to
pass in.

Fixes samba bug #6384.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
2009-05-26 21:09:14 +00:00
Steve French
8db14ca125 [CIFS] Avoid open on possible directories since Samba now rejects them
Small change (mostly formatting) to limit lookup based open calls to
file create only.

After discussion yesteday on samba-technical about the posix lookup
regression,  and looking at a problem with cifs posix open to one
particular Samba version, Jeff and JRA realized that Samba server's
behavior changed in this area (posix open behavior on files vs.
directories).   To make this behavior consistent, JRA just made a
fix to Samba server to alter how it handles open of directories (now
returning the equivalent of EISDIR instead of success). Since we don't
know at lookup time whether the inode is a directory or file (and
thus whether posix open will succeed with most current Samba server),
this change avoids the posix open code on lookup open (just issues
posix open on creates).    This gets the semantic benefits we want
(atomicity, posix byte range locks, improved write semantics on newly
created files) and file create still is fast, and we avoid the problem
that Jeff noticed yesterday with "openat" (and some open directory
calls) of non-cached directories to one version of Samba server, and
will work with future Samba versions (which include the fix jra just
pushed into Samba server).  I confirmed this approach with jra
yesterday and with Shirish today.

Posix open is only called (at lookup time) for file create now.
For opens (rather than creates), because we do not know if it
is a file or directory yet, and current Samba no longer allows
us to do posix open on dirs, we could end up wasting an open call
on what turns out to be a dir. For file opens, we wait to call posix
open till cifs_open.  It could be added here (lookup) in the future
but the performance tradeoff of the extra network request when EISDIR
or EACCES is returned would have to be weighed against the 50%
reduction in network traffic in the other paths.

Reviewed-by: Shirish Pargaonkar <shirishp@us.ibm.com>
Tested-by: Jeff Layton <jlayton@redhat.com>
CC: Jeremy Allison <jra@samba.org>
Signed-off-by: Steve French <sfrench@us.ibm.com>
2009-05-23 18:57:25 +00:00
Steve French
703a3b8e5c [CIFS] fix posix open regression
Posix open code was not properly adding the file to the
list of open files.  Fix  allocating cifsFileInfo
more than once, and adding twice to flist and tlist.
Also fix mode setting to be done in one place in these
paths.

Signed-off-by: Steve French <sfrench@us.ibm.com>
Reviewed-by: Shirish Pargaonkar <shirishp@us.ibm.com>
Tested-by: Jeff Layton <jlayton@redhat.com>
Tested-by: Luca Tettamanti <kronos.it@gmail.com>
2009-05-21 22:38:08 +00:00
Jeff Layton
8b6427a2a8 cifs: fix pointer initialization and checks in cifs_follow_symlink (try #4)
This is the third respin of the patch posted yesterday to fix the error
handling in cifs_follow_symlink. It also includes a fix for a bogus NULL
pointer check in CIFSSMBQueryUnixSymLink that Jeff Moyer spotted.

It's possible for CIFSSMBQueryUnixSymLink to return without setting
target_path to a valid pointer. If that happens then the current value
to which we're initializing this pointer could cause an oops when it's
kfree'd.

This patch is a little more comprehensive than the last patches. It
reorganizes cifs_follow_link a bit for (hopefully) better readability.
It should also eliminate the uneeded allocation of full_path on servers
without unix extensions (assuming they can get to this point anyway, of
which I'm not convinced).

On a side note, I'm not sure I agree with the logic of enabling this
query even when unix extensions are disabled on the client. It seems
like that should disable this as well. But, changing that is outside the
scope of this fix, so I've left it alone for now.

Reported-by: Jeff Moyer <jmoyer@redhat.com>
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Reviewed-by: Jeff Moyer <jmoyer@redhat.com>
Reviewed-by: Christoph Hellwig <hch@inraded.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
2009-05-19 15:31:20 +00:00
Jeff Layton
d8e2f53ac9 cifs: fix error handling in parse_DFS_referrals
cifs_strndup_from_ucs returns NULL on error, not an ERR_PTR

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
2009-05-14 13:55:32 +00:00
Al Viro
6f5bbff9a1 Convert obvious places to deactivate_locked_super()
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2009-05-09 10:49:40 -04:00
Alessio Igor Bogani
67e55205ec vfs: umount_begin BKL pushdown
Push BKL down into ->umount_begin()

Signed-off-by: Alessio Igor Bogani <abogani@texware.it>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2009-05-09 10:49:38 -04:00
Steve French
90e4ee5d31 [CIFS] Fix double list addition in cifs posix open code
Remove adding open file entry twice to lists in the file
Do not fill file info twice in case of posix opens and creates

Signed-off-by: Shirish Pargaonkar <shirishp@us.ibm.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
2009-05-08 03:04:30 +00:00
Steve French
ac68392460 [CIFS] Allow raw ntlmssp code to be enabled with sec=ntlmssp
On mount, "sec=ntlmssp" can now be specified to allow
"rawntlmssp" security to be enabled during
CIFS session establishment/authentication (ntlmssp used to
require specifying krb5 which was counterintuitive).

Signed-off-by: Steve French <sfrench@us.ibm.com>
2009-05-06 04:16:04 +00:00
Steve French
844823cb82 [CIFS] Fix SMB uid in NTLMSSP authenticate request
We were not setting the SMB uid in NTLMSSP authenticate
request which could lead to INVALID_PARAMETER error
on 2nd session setup.

Signed-off-by: Steve French <sfrench@us.ibm.com>
2009-05-06 00:48:30 +00:00
Steve French
0b3cc85800 [CIFS] NTLMSSP reenabled after move from connect.c to sess.c
The NTLMSSP code was removed from fs/cifs/connect.c and merged
(75% smaller, cleaner) into fs/cifs/sess.c

As with the old code it requires that cifs be built with
CONFIG_CIFS_EXPERIMENTAL, the /proc/fs/cifs/Experimental flag
must be set to 2, and mount must turn on extended security
(e.g. with sec=krb5).

Although NTLMSSP encapsulated in SPNEGO is not enabled yet,
"raw" ntlmssp is common and useful in some cases since it
offers more complete security negotiation, and is the
default way of negotiating security for many Windows systems.
SPNEGO encapsulated NTLMSSP will be able to reuse the same
code.

Signed-off-by: Steve French <sfrench@us.ibm.com>
2009-05-04 08:37:12 +00:00
Steve French
24d35add2b [CIFS] Remove sparse warning
Signed-off-by: Steve French <sfrench@us.ibm.com>
2009-05-02 05:40:39 +00:00
Steve French
989c7e512f [CIFS] remove checkpatch warning
Signed-off-by: Steve French <sfrench@us.ibm.com>
2009-05-02 05:32:20 +00:00
Steve French
afe48c31ea [CIFS] Fix final user of old string conversion code
Signed-off-by: Steve French <sfrench@us.ibm.com>
2009-05-02 05:25:46 +00:00
Jeff Layton
3410602732 [CIFS] remove cifs_strfromUCS_le
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
2009-05-02 04:59:34 +00:00
Steve French
2edd6c5b05 [CIFS] NTLMSSP support moving into new file, old dead code removed
Remove dead NTLMSSP support from connect.c prior to addition of
the new code to replace it.

Signed-off-by: Steve French <sfrench@us.ibm.com>
2009-05-02 04:55:39 +00:00
Steve French
051a2a0d32 [CIFS] Fix endian conversion of vcnum field
When multiply mounting from the same client to the same server, with
different userids, we create a vcnum which should be unique if
possible (this is not the same as the smb uid, which is the handle
to the security context).  We were not endian converting additional
(beyond the first which is zero) vcnum properly.

CC: Stable <stable@kernel.org>
Acked-by: Shirish Pargaonkar <shirishp@us.ibm.com>
Acked-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
2009-05-01 16:25:15 +00:00
Steve French
e836f015b5 [CIFS] Remove trailing whitespace
Signed-off-by: Steve French <sfrench@us.ibm.com>
2009-05-01 16:20:35 +00:00
Steve French
0e0d2cf327 [CIFS] Remove sparse endian warnings
Removes two sparse CHECK_ENDIAN warnings from Jeffs earlier patch,
and removes the dead readlink code (after noting where in
findfirst we will need to add something like that in the future
to handle the newly discovered unexpected error on FindFirst of NTFS symlinks.

Signed-off-by: Steve French <sfrench@us.ibm.com>
2009-05-01 05:27:32 +00:00
Steve French
e14b2fe1e6 [CIFS] Add remaining ntlmssp flags and standardize field names
Signed-off-by: Steve French <sfrench@us.ibm.com>
2009-05-01 04:37:43 +00:00
Steve French
cf398e3a11 [CIFS] Fix build warning
Signed-off-by: Steve French <sfrench@us.ibm.com>
2009-05-01 03:50:42 +00:00
Jeff Layton
18295796a3 cifs: fix length handling in cifs_get_name_from_search_buf
The earlier patch to move this code to use the new unicode helpers
assumed that the filename strings would be null terminated. That's not
always the case.

Instead of passing "max_len" to the string converter, pass "min(len,
max_len)", which makes it do the right thing while still keeping the
parser confined to the response. Also fix up the prototypes of this
function and the callers so that max_len is unsigned (like len is).

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
2009-05-01 00:49:23 +00:00
Steve French
9e39b0ae8a [CIFS] Remove unneeded QuerySymlink call and fix mapping for unmapped status
Signed-off-by: Steve French <sfrench@us.ibm.com>
2009-04-30 21:31:15 +00:00
Steve French
d185cda771 [CIFS] rename cifs_strndup to cifs_strndup_from_ucs
In most cases, cifs_strndup is converting from Unicode (UCS2 / UTF-32) to
the configured local code page for the Linux mount (usually UTF8), so
Jeff suggested that to make it more clear that cifs_strndup is doing
a conversion not just memory allocation and copy, rename the function
to including "from_ucs" (ie Unicode)

Signed-off-by: Steve French <sfrench@us.ibm.com>
2009-04-30 17:45:10 +00:00
Igor Mammedov
5c2503a8e3 Added loop check when mounting DFS tree.
Added loop check when mounting DFS tree. mount will fail with
ELOOP if referral walks exceed MAX_NESTED_LINK count.

Signed-off-by: Igor Mammedov <niallain@gmail.com>
Acked-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
2009-04-30 17:24:09 +00:00
Igor Mammedov
1af28ceb92 Enable dfs submounts to handle remote referrals.
Having remote dfs root support in cifs_mount, we can
afford to pass into it UNC that is remote.

Signed-off-by: Igor Mammedov <niallain@gmail.com>
Acked-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
2009-04-30 17:24:00 +00:00
Steve French
20418acd68 [CIFS] Remove older session setup implementation
Two years ago, when the session setup code in cifs was rewritten and moved
to fs/cifs/sess.c, we were asked to keep the old code for a release or so
(which could be reenabled at runtime) since it was such a large change and
because the asn (SPNEGO) and NTLMSSP code was not rewritten and needed to
be. This was useful to avoid regressions, but is long overdue to be removed.
Now that the Kerberos (asn/spnego) code is working in fs/cifs/sess.c,
and the NTLMSSP code moved (NTLMSSP blob setup be rewritten with the
next patch in this series) quite a bit of dead code from fs/cifs/connect.c
now can be removed.

This old code should have been removed last year, but the earlier krb5
patches did not move/remove the NTLMSSP code which we had asked to
be done first.  Since no one else volunteered, I am doing it now.

It is extremely important that we continue to examine the documentation
for this area, to make sure our code continues to be uptodate with
changes since Windows 2003.

Signed-off-by: Steve French <sfrench@us.ibm.com>
2009-04-30 16:13:32 +00:00
Jeff Layton
f58841666b cifs: change cifs_get_name_from_search_buf to use new unicode helper
...and remove cifs_convertUCSpath. There are no more callers. Also add a
#define for the buffer used in the readdir path so that we don't have so
many magic numbers floating around.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Acked-by: Suresh Jayaraman <sjayaraman@suse.de>
Signed-off-by: Steve French <sfrench@us.ibm.com>
2009-04-30 15:45:01 +00:00
Jeff Layton
460b96960d cifs: change CIFSSMBUnixQuerySymLink to use new helpers
Change CIFSSMBUnixQuerySymLink to use the new unicode helper functions.
Also change the calling conventions so that the allocation of the target
name buffer is done in CIFSSMBUnixQuerySymLink rather than by the caller.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Acked-by: Suresh Jayaraman <sjayaraman@suse.de>
Signed-off-by: Steve French <sfrench@us.ibm.com>
2009-04-30 15:45:00 +00:00
Jeff Layton
59140797c5 cifs: fix session setup unicode string saving to use new unicode helpers
...and change decode_unicode_ssetup to be a void function. It never
returns an actual error anyway.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Acked-by: Suresh Jayaraman <sjayaraman@suse.de>
Signed-off-by: Steve French <sfrench@us.ibm.com>
2009-04-30 15:45:00 +00:00
Jeff Layton
cc20c031bb cifs: convert CIFSTCon to use new unicode helper functions
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Acked-by: Suresh Jayaraman <sjayaraman@suse.de>
Signed-off-by: Steve French <sfrench@us.ibm.com>
2009-04-30 15:45:00 +00:00
Jeff Layton
066ce68994 cifs: rename cifs_strlcpy_to_host and make it use new functions
Rename cifs_strlcpy_to_host to cifs_strndup since that better describes
what this function really does. Then, convert it to use the new string
conversion and measurement functions that work in units of bytes rather
than wide chars.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Acked-by: Suresh Jayaraman <sjayaraman@suse.de>
Signed-off-by: Steve French <sfrench@us.ibm.com>
2009-04-30 15:45:00 +00:00
Jeff Layton
69f801fcaa cifs: add new function to get unicode string length in bytes
Working in units of words means we do a lot of unnecessary conversion back
and forth. Standardize on bytes instead since that's more useful for
allocating buffers and such. Also, remove hostlen_fromUCS since the new
function has a similar purpose.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Acked-by: Suresh Jayaraman <sjayaraman@suse.de>
Signed-off-by: Steve French <sfrench@us.ibm.com>
2009-04-30 15:45:00 +00:00
Jeff Layton
7fabf0c947 cifs: add replacement for cifs_strtoUCS_le called cifs_from_ucs2
Add a replacement function for cifs_strtoUCS_le. cifs_from_ucs2
takes args for the source and destination length so that we can ensure
that the function is confined within the intended buffers.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Acked-by: Suresh Jayaraman <sjayaraman@suse.de>
Signed-off-by: Steve French <sfrench@us.ibm.com>
2009-04-30 15:44:59 +00:00
Jeff Layton
66345f50f0 cifs: move #defines for mapchars into cifs_unicode.h
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Acked-by: Suresh Jayaraman <sjayaraman@suse.de>
Signed-off-by: Steve French <sfrench@us.ibm.com>
2009-04-30 15:44:59 +00:00
Suresh Jayaraman
7b0c8fcff4 cifs: Increase size of tmp_buf in cifs_readdir to avoid potential overflows
Increase size of tmp_buf to possible maximum to avoid potential
overflows.

Pointed-out-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Suresh Jayaraman <sjayaraman@suse.de>
Acked-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
2009-04-20 19:58:09 +00:00
Suresh Jayaraman
968460ebd8 cifs: Rename cifs_strncpy_to_host and fix buffer size
There is a possibility for the path_name and node_name buffers to
overflow if they contain charcters that are >2 bytes in the local
charset. Resize the buffer allocation so to avoid this possibility.

Also, as pointed out by Jeff Layton, it would be appropriate to
rename the function to cifs_strlcpy_to_host to reflect the fact
that the copied string is always NULL terminated.

Signed-off-by: Suresh Jayaraman <sjayaraman@suse.de>
Acked-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
2009-04-20 19:58:06 +00:00
Steve French
ff6945279d [CIFS] Make cifs_unlink consistent in checks for null inode
Signed-off-by: Steve French <sfrench@us.ibm.com>
2009-04-20 19:45:13 +00:00
Jeff Layton
fc6f394332 cifs: when renaming don't try to unlink negative dentry
When attempting to rename a file on a read-only share, the kernel can
call cifs_unlink on a negative dentry, which causes an oops. Only try
to unlink the file if it's a positive dentry.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Tested-by: Shirish Pargaonkar <shirishp@us.ibm.com>
CC: Stable <stable@vger.kernel.org>
Signed-off-by: Steve French <sfrench@us.ibm.com>
2009-04-17 21:08:15 +00:00
Jeff Layton
22c9d52bc0 cifs: remove unneeded bcc_ptr update in CIFSTCon
This pointer isn't used again after this point. It's also not updated in
the ascii case, so there's no need to update it here.

Pointed-out-by: Dave Kleikamp <shaggy@linux.vnet.ibm.com>
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
2009-04-17 01:26:50 +00:00
Jeff Layton
313fecfa69 cifs: add cFYI messages with some of the saved strings from ssetup/tcon
...to make it easier to find problems in this area in the future.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
2009-04-17 01:26:50 +00:00
Jeff Layton
f083def68f cifs: fix buffer size for tcon->nativeFileSystem field
The buffer for this was resized recently to fix a bug. It's still
possible however that a malicious server could overflow this field
by sending characters in it that are >2 bytes in the local charset.
Double the size of the buffer to account for this possibility.

Also get rid of some really strange and seemingly pointless NULL
termination. It's NULL terminating the string in the source buffer,
but by the time that happens, we've already copied the string.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
2009-04-17 01:26:50 +00:00