The last eight bytes of the password field were not cleared when doing lanman plaintext password authentication. This patch fixes that.
I tested it with Samba by setting password
encryption to no in the server's smb.conf. Other servers also can be
configured to force plaintext authentication. Note that plaintexti
authentication requires setting /proc/fs/cifs/SecurityFlags to 0x30030
on the client (enabling both LANMAN and also plaintext password support).
Also note that LANMAN support (and thus plaintext password support) requires
CONFIG_CIFS_WEAK_PW_HASH to be enabled in menuconfig.
CC: Jeff Layton <jlayton@redhat.com>
CC: Stable Kernel <stable@vger.kernel.org>
Signed-off-by: Steve French <sfrench@us.ibm.com>
Currently, cifs_calc_signature2 errors out if it gets a zero-length
iovec. Fix it to silently continue in that case.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
This should be the last big batch of whitespace/formatting fixes.
checkpatch warnings for the cifs directory are down about 90% and
many of the remaining ones are harder to remove or make the code
harder to read.
Signed-off-by: Steve French <sfrench@us.ibm.com>
Windows servers are pickier about NTLMv2 than Samba.
This enables more secure mounts to Windows (not just Samba)
ie when "sec=ntlmv2" is specified on the mount.
Signed-off-by: Steve French <sfrench@us.ibm.com>
NTLMv2 authentication (stronger authentication than default NTLM) which
many servers support now works. There was a problem with the construction
of the security blob in the older code. Currently requires
/proc/fs/cifs/Experimental to be set to 2
and
/proc/fs/cifs/SecurityFlags to be set to 0x4004 (to require using
NTLMv2 instead of default of NTLM)
Next we will check signing to make sure optional NTLMv2 packet signing also
works.
Signed-off-by: Steve French <sfrench@us.ibm.com>
disabled by default, but can be enabled via proc for servers which
require such support. Also includes support for setting security
flags for cifs. See fs/cifs/README
Signed-off-by: Steve French <sfrench@us.ibm.com>
Fixes Samba bug 3621 and kernel.org bug 6147
For servers which require SMB/CIFS packet signing, we were sending the
wrong signature (all zeros) on SMB Read request. The new cifs routine
to do signatures across an iovec was not complete - and SMB Read, unlike
the new SMBWrite2, did not fall back to the older routine (ie use
SendReceive vs. the more efficient SendReceive2 ie used the older
cifs_sign_smb vs. the disabled cifs_sign_smb2) for calculating signatures.
This finishes up cifs_sign_smb2/cifs_calc_signature2 so that the callers
of SendReceive2 can get SMB/CIFS packet signatures.
Now that cifs_sign_smb2 is supported, we could start using it in
the write path but this smaller fix does not include the change
to use SMBWrite2 when signatures are required (which when enabled
will make more Writes more efficient and alloc less memory).
Currently Write2 is only used when signatures are not
required at the moment but after more testing we will enable
that as well).
Thanks to James Slepicka and Sam Flory for initial investigation.
Signed-off-by: Steve French <sfrench@us.ibm.com>
The cifs session setup code has three cases, and a fourth for backlevel
LANMAN2 style session setup needed to be added. This new session setup
implmentation will eventually replace the other three and should be
easier to read while fixing a few minor problems (not setting
the LARGE READ/WRITEX flags when NTLMSSP was negotiated for example) and
adding support for NTLMv2 (which will be added with the next patch. In the
meantime, this code is marked in an CONFIG_CIFS_EXPERIMENTAL block and will
not be turned on by default until it is tested against more server types.
Signed-off-by: Steve French <sfrench@us.ibm.com>
Following Shaggy's suggestion, do a better job on the unicode string
handling routines in cifs in specifying that the wchar_t are really
little endian widechars (__le16).
Signed-off-by: Steve French <sfrench@us.ibm.com>
Initial git repository build. I'm not bothering with the full history,
even though we have it. We can create a separate "historical" git
archive of that later if we want to, and in the meantime it's about
3.2GB when imported into git - space that would just make the early
git days unnecessarily complicated, when we don't have a lot of good
infrastructure for it.
Let it rip!