Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
Merge tag 'smb3-security-fixes-for-4.13' of git://git.samba.org/sfrench/cifs-2.6
Pull cifs fixes and sane default from Steve French:
"Upgrade default dialect to more secure SMB3 from older cifs dialect"
* tag 'smb3-security-fixes-for-4.13' of git://git.samba.org/sfrench/cifs-2.6:
cifs: Clean up unused variables in smb2pdu.c
[SMB3] Improve security, move default dialect to SMB3 from old CIFS
[SMB3] Remove ifdef since SMB3 (and later) now STRONGLY preferred
CIFS: Reconnect expired SMB sessions
CIFS: Display SMB2 error codes in the hex format
cifs: Use smb 2 - 3 and cifsacl mount options setacl function
cifs: prototype declaration and definition to set acl for smb 2 - 3 and cifsacl mount options
+180
-179
+31
-52
fs/cifs/Kconfig
+31
-52
fs/cifs/Kconfig
···
1
1
config CIFS
2
-
tristate "CIFS support (advanced network filesystem, SMBFS successor)"
2
+
tristate "SMB3 and CIFS support (advanced network filesystem)"
3
3
depends on INET
4
4
select NLS
5
5
select CRYPTO
···
10
10
select CRYPTO_ECB
11
11
select CRYPTO_DES
12
12
help
13
-
This is the client VFS module for the Common Internet File System
14
-
(CIFS) protocol which is the successor to the Server Message Block
15
-
(SMB) protocol, the native file sharing mechanism for most early
16
-
PC operating systems. The CIFS protocol is fully supported by
17
-
file servers such as Windows 2000 (including Windows 2003, Windows 2008,
18
-
NT 4 and Windows XP) as well by Samba (which provides excellent CIFS
13
+
This is the client VFS module for the SMB3 family of NAS protocols,
14
+
as well as for earlier dialects such as SMB2.1, SMB2 and the
15
+
Common Internet File System (CIFS) protocol. CIFS was the successor
16
+
to the original dialect, the Server Message Block (SMB) protocol, the
17
+
native file sharing mechanism for most early PC operating systems.
18
+
19
+
The SMB3 protocol is supported by most modern operating systems and
20
+
NAS appliances (e.g. Samba, Windows 8, Windows 2012, MacOS).
21
+
The older CIFS protocol was included in Windows NT4, 2000 and XP (and
22
+
later) as well by Samba (which provides excellent CIFS and SMB3
19
23
server support for Linux and many other operating systems). Limited
20
-
support for OS/2 and Windows ME and similar servers is provided as
21
-
well.
24
+
support for OS/2 and Windows ME and similar very old servers is
25
+
provided as well.
22
26
23
-
The module also provides optional support for the followon
24
-
protocols for CIFS including SMB3, which enables
25
-
useful performance and security features (see the description
26
-
of CONFIG_CIFS_SMB2).
27
-
28
-
The cifs module provides an advanced network file system
29
-
client for mounting to CIFS compliant servers. It includes
27
+
The cifs module provides an advanced network file system client
28
+
for mounting to SMB3 (and CIFS) compliant servers. It includes
30
29
support for DFS (hierarchical name space), secure per-user
31
30
session establishment via Kerberos or NTLM or NTLMv2,
32
31
safe distributed caching (oplock), optional packet
33
32
signing, Unicode and other internationalization improvements.
34
-
If you need to mount to Samba or Windows from this machine, say Y.
33
+
34
+
In general, the default dialects, SMB3 and later, enable better
35
+
performance, security and features, than would be possible with CIFS.
36
+
Note that when mounting to Samba, due to the CIFS POSIX extensions,
37
+
CIFS mounts can provide slightly better POSIX compatibility
38
+
than SMB3 mounts. SMB2/SMB3 mount options are also
39
+
slightly simpler (compared to CIFS) due to protocol improvements.
40
+
41
+
If you need to mount to Samba, Macs or Windows from this machine, say Y.
35
42
36
43
config CIFS_STATS
37
44
bool "CIFS statistics"
···
96
89
Enables an upcall mechanism for CIFS which accesses userspace helper
97
90
utilities to provide SPNEGO packaged (RFC 4178) Kerberos tickets
98
91
which are needed to mount to certain secure servers (for which more
99
-
secure Kerberos authentication is required). If unsure, say N.
92
+
secure Kerberos authentication is required). If unsure, say Y.
100
93
101
94
config CIFS_XATTR
102
95
bool "CIFS extended attributes"
···
112
105
(used by some filesystems to store ACLs) is not supported at
113
106
this time.
114
107
115
-
If unsure, say N.
108
+
If unsure, say Y.
116
109
117
110
config CIFS_POSIX
118
111
bool "CIFS POSIX Extensions"
···
132
125
help
133
126
Allows fetching CIFS/NTFS ACL from the server. The DACL blob
134
127
is handed over to the application/caller. See the man
135
-
page for getcifsacl for more information.
128
+
page for getcifsacl for more information. If unsure, say Y.
136
129
137
130
config CIFS_DEBUG
138
131
bool "Enable CIFS debugging routines"
···
155
148
156
149
config CIFS_DEBUG_DUMP_KEYS
157
150
bool "Dump encryption keys for offline decryption (Unsafe)"
158
-
depends on CIFS_DEBUG && CIFS_SMB2
151
+
depends on CIFS_DEBUG
159
152
help
160
153
Enabling this will dump the encryption and decryption keys
161
154
used to communicate on an encrypted share connection on the
162
155
console. This allows Wireshark to decrypt and dissect
163
156
encrypted network captures. Enable this carefully.
157
+
If unsure, say N.
164
158
165
159
config CIFS_DFS_UPCALL
166
160
bool "DFS feature support"
···
174
166
an upcall mechanism for CIFS which contacts userspace helper
175
167
utilities to provide server name resolution (host names to
176
168
IP addresses) which is needed for implicit mounts of DFS junction
177
-
points. If unsure, say N.
169
+
points. If unsure, say Y.
178
170
179
171
config CIFS_NFSD_EXPORT
180
172
bool "Allow nfsd to export CIFS file system"
···
182
174
help
183
175
Allows NFS server to export a CIFS mounted share (nfsd over cifs)
184
176
185
-
config CIFS_SMB2
186
-
bool "SMB2 and SMB3 network file system support"
187
-
depends on CIFS
188
-
select KEYS
189
-
select FSCACHE
190
-
select DNS_RESOLVER
191
-
select CRYPTO_AES
192
-
select CRYPTO_SHA256
193
-
select CRYPTO_CMAC
194
-
select CRYPTO_AEAD2
195
-
select CRYPTO_CCM
196
-
197
-
help
198
-
This enables support for the Server Message Block version 2
199
-
family of protocols, including SMB3. SMB3 support is
200
-
enabled on mount by specifying "vers=3.0" in the mount
201
-
options. These protocols are the successors to the popular
202
-
CIFS and SMB network file sharing protocols. SMB3 is the
203
-
native file sharing mechanism for the more recent
204
-
versions of Windows (Windows 8 and Windows 2012 and
205
-
later) and Samba server and many others support SMB3 well.
206
-
In general SMB3 enables better performance, security
207
-
and features, than would be possible with CIFS (Note that
208
-
when mounting to Samba, due to the CIFS POSIX extensions,
209
-
CIFS mounts can provide slightly better POSIX compatibility
210
-
than SMB3 mounts do though). Note that SMB2/SMB3 mount
211
-
options are also slightly simpler (compared to CIFS) due
212
-
to protocol improvements.
213
-
214
177
config CIFS_SMB311
215
178
bool "SMB3.1.1 network file system support (Experimental)"
216
-
depends on CIFS_SMB2
179
+
depends on CIFS
217
180
218
181
help
219
182
This enables experimental support for the newest, SMB3.1.1, dialect.
+3
-4
fs/cifs/Makefile
+3
-4
fs/cifs/Makefile
···
6
6
cifs-y := cifsfs.o cifssmb.o cifs_debug.o connect.o dir.o file.o inode.o \
7
7
link.o misc.o netmisc.o smbencrypt.o transport.o asn1.o \
8
8
cifs_unicode.o nterr.o cifsencrypt.o \
9
-
readdir.o ioctl.o sess.o export.o smb1ops.o winucase.o
9
+
readdir.o ioctl.o sess.o export.o smb1ops.o winucase.o \
10
+
smb2ops.o smb2maperror.o smb2transport.o \
11
+
smb2misc.o smb2pdu.o smb2inode.o smb2file.o
10
12
11
13
cifs-$(CONFIG_CIFS_XATTR) += xattr.o
12
14
cifs-$(CONFIG_CIFS_ACL) += cifsacl.o
···
18
16
cifs-$(CONFIG_CIFS_DFS_UPCALL) += dns_resolve.o cifs_dfs_ref.o
19
17
20
18
cifs-$(CONFIG_CIFS_FSCACHE) += fscache.o cache.o
21
-
22
-
cifs-$(CONFIG_CIFS_SMB2) += smb2ops.o smb2maperror.o smb2transport.o \
23
-
smb2misc.o smb2pdu.o smb2inode.o smb2file.o
-2
fs/cifs/cifs_unicode.c
-2
fs/cifs/cifs_unicode.c
···
588
588
return j;
589
589
}
590
590
591
-
#ifdef CONFIG_CIFS_SMB2
592
591
/*
593
592
* cifs_local_to_utf16_bytes - how long will a string be after conversion?
594
593
* @from - pointer to input string
···
646
647
*utf16_len = len;
647
648
return dst;
648
649
}
649
-
#endif /* CONFIG_CIFS_SMB2 */
-2
fs/cifs/cifs_unicode.h
-2
fs/cifs/cifs_unicode.h
···
116
116
extern int cifsConvertToUTF16(__le16 *target, const char *source, int maxlen,
117
117
const struct nls_table *cp, int mapChars);
118
118
extern int cifs_remap(struct cifs_sb_info *cifs_sb);
119
-
#ifdef CONFIG_CIFS_SMB2
120
119
extern __le16 *cifs_strndup_to_utf16(const char *src, const int maxlen,
121
120
int *utf16_len, const struct nls_table *cp,
122
121
int remap);
123
-
#endif /* CONFIG_CIFS_SMB2 */
124
122
#endif
125
123
126
124
wchar_t cifs_toupper(wchar_t in);
+3
-10
fs/cifs/cifsfs.c
+3
-10
fs/cifs/cifsfs.c
···
51
51
#include <linux/key-type.h>
52
52
#include "cifs_spnego.h"
53
53
#include "fscache.h"
54
-
#ifdef CONFIG_CIFS_SMB2
55
54
#include "smb2pdu.h"
56
-
#endif
57
55
58
56
int cifsFYI = 0;
59
57
bool traceSMB;
···
275
277
cifs_inode->uniqueid = 0;
276
278
cifs_inode->createtime = 0;
277
279
cifs_inode->epoch = 0;
278
-
#ifdef CONFIG_CIFS_SMB2
279
280
generate_random_uuid(cifs_inode->lease_key);
280
-
#endif
281
+
281
282
/*
282
283
* Can not set i_flags here - they get immediately overwritten to zero
283
284
* by the VFS.
···
1210
1213
static int
1211
1214
cifs_init_request_bufs(void)
1212
1215
{
1213
-
size_t max_hdr_size = MAX_CIFS_HDR_SIZE;
1214
-
#ifdef CONFIG_CIFS_SMB2
1215
1216
/*
1216
1217
* SMB2 maximum header size is bigger than CIFS one - no problems to
1217
1218
* allocate some more bytes for CIFS.
1218
1219
*/
1219
-
max_hdr_size = MAX_SMB2_HDR_SIZE;
1220
-
#endif
1220
+
size_t max_hdr_size = MAX_SMB2_HDR_SIZE;
1221
+
1221
1222
if (CIFSMaxBufSize < 8192) {
1222
1223
/* Buffer size can not be smaller than 2 * PATH_MAX since maximum
1223
1224
Unicode path name has to fit in any SMB/CIFS path based frames */
···
1471
1476
MODULE_SOFTDEP("pre: md4");
1472
1477
MODULE_SOFTDEP("pre: md5");
1473
1478
MODULE_SOFTDEP("pre: nls");
1474
-
#ifdef CONFIG_CIFS_SMB2
1475
1479
MODULE_SOFTDEP("pre: aes");
1476
1480
MODULE_SOFTDEP("pre: cmac");
1477
1481
MODULE_SOFTDEP("pre: sha256");
1478
1482
MODULE_SOFTDEP("pre: aead2");
1479
1483
MODULE_SOFTDEP("pre: ccm");
1480
-
#endif /* CONFIG_CIFS_SMB2 */
1481
1484
module_init(init_cifs)
1482
1485
module_exit(exit_cifs)
+2
-18
fs/cifs/cifsglob.h
+2
-18
fs/cifs/cifsglob.h
···
29
29
#include <crypto/internal/hash.h>
30
30
#include <linux/scatterlist.h>
31
31
#include <uapi/linux/cifs/cifs_mount.h>
32
-
#ifdef CONFIG_CIFS_SMB2
33
32
#include "smb2pdu.h"
34
-
#endif
35
33
36
34
#define CIFS_MAGIC_NUMBER 0xFF534D42 /* the first four bytes of SMB PDUs */
37
35
···
365
367
unsigned int (*calc_smb_size)(void *);
366
368
/* check for STATUS_PENDING and process it in a positive case */
367
369
bool (*is_status_pending)(char *, struct TCP_Server_Info *, int);
370
+
/* check for STATUS_NETWORK_SESSION_EXPIRED */
371
+
bool (*is_session_expired)(char *);
368
372
/* send oplock break response */
369
373
int (*oplock_response)(struct cifs_tcon *, struct cifs_fid *,
370
374
struct cifsInodeInfo *);
···
610
610
__u16 sec_mode;
611
611
bool sign; /* is signing enabled on this connection? */
612
612
bool session_estab; /* mark when very first sess is established */
613
-
#ifdef CONFIG_CIFS_SMB2
614
613
int echo_credits; /* echo reserved slots */
615
614
int oplock_credits; /* oplock break reserved slots */
616
615
bool echoes:1; /* enable echoes */
617
616
__u8 client_guid[SMB2_CLIENT_GUID_SIZE]; /* Client GUID */
618
-
#endif
619
617
u16 dialect; /* dialect index that server chose */
620
618
bool oplocks:1; /* enable oplocks */
621
619
unsigned int maxReq; /* Clients should submit no more */
···
657
659
atomic_t in_send; /* requests trying to send */
658
660
atomic_t num_waiters; /* blocked waiting to get in sendrecv */
659
661
#endif
660
-
#ifdef CONFIG_CIFS_SMB2
661
662
unsigned int max_read;
662
663
unsigned int max_write;
663
664
__u8 preauth_hash[512];
664
665
struct delayed_work reconnect; /* reconnect workqueue job */
665
666
struct mutex reconnect_mutex; /* prevent simultaneous reconnects */
666
-
#endif /* CONFIG_CIFS_SMB2 */
667
667
unsigned long echo_interval;
668
668
};
669
669
···
843
847
bool sign; /* is signing required? */
844
848
bool need_reconnect:1; /* connection reset, uid now invalid */
845
849
bool domainAuto:1;
846
-
#ifdef CONFIG_CIFS_SMB2
847
850
__u16 session_flags;
848
851
__u8 smb3signingkey[SMB3_SIGN_KEY_SIZE];
849
852
__u8 smb3encryptionkey[SMB3_SIGN_KEY_SIZE];
850
853
__u8 smb3decryptionkey[SMB3_SIGN_KEY_SIZE];
851
854
__u8 preauth_hash[512];
852
-
#endif /* CONFIG_CIFS_SMB2 */
853
855
};
854
856
855
857
static inline bool
···
899
905
atomic_t num_acl_get;
900
906
atomic_t num_acl_set;
901
907
} cifs_stats;
902
-
#ifdef CONFIG_CIFS_SMB2
903
908
struct {
904
909
atomic_t smb2_com_sent[NUMBER_OF_SMB2_COMMANDS];
905
910
atomic_t smb2_com_failed[NUMBER_OF_SMB2_COMMANDS];
906
911
} smb2_stats;
907
-
#endif /* CONFIG_CIFS_SMB2 */
908
912
} stats;
909
913
#ifdef CONFIG_CIFS_STATS2
910
914
unsigned long long time_writes;
···
938
946
bool need_reopen_files:1; /* need to reopen tcon file handles */
939
947
bool use_resilient:1; /* use resilient instead of durable handles */
940
948
bool use_persistent:1; /* use persistent instead of durable handles */
941
-
#ifdef CONFIG_CIFS_SMB2
942
949
bool print:1; /* set if connection to printer share */
943
950
__le32 capabilities;
944
951
__u32 share_flags;
···
950
959
__u32 max_chunks;
951
960
__u32 max_bytes_chunk;
952
961
__u32 max_bytes_copy;
953
-
#endif /* CONFIG_CIFS_SMB2 */
954
962
#ifdef CONFIG_CIFS_FSCACHE
955
963
u64 resource_id; /* server resource id */
956
964
struct fscache_cookie *fscache; /* cookie for share */
···
1052
1062
1053
1063
struct cifs_fid {
1054
1064
__u16 netfid;
1055
-
#ifdef CONFIG_CIFS_SMB2
1056
1065
__u64 persistent_fid; /* persist file id for smb2 */
1057
1066
__u64 volatile_fid; /* volatile file id for smb2 */
1058
1067
__u8 lease_key[SMB2_LEASE_KEY_SIZE]; /* lease key for smb2 */
1059
1068
__u8 create_guid[16];
1060
-
#endif
1061
1069
struct cifs_pending_open *pending_open;
1062
1070
unsigned int epoch;
1063
1071
bool purge_cache;
···
1093
1105
1094
1106
struct cifs_io_parms {
1095
1107
__u16 netfid;
1096
-
#ifdef CONFIG_CIFS_SMB2
1097
1108
__u64 persistent_fid; /* persist file id for smb2 */
1098
1109
__u64 volatile_fid; /* volatile file id for smb2 */
1099
-
#endif
1100
1110
__u32 pid;
1101
1111
__u64 offset;
1102
1112
unsigned int length;
···
1220
1234
u64 server_eof; /* current file size on server -- protected by i_lock */
1221
1235
u64 uniqueid; /* server inode number */
1222
1236
u64 createtime; /* creation time on server */
1223
-
#ifdef CONFIG_CIFS_SMB2
1224
1237
__u8 lease_key[SMB2_LEASE_KEY_SIZE]; /* lease key for this inode */
1225
-
#endif
1226
1238
#ifdef CONFIG_CIFS_FSCACHE
1227
1239
struct fscache_cookie *fscache;
1228
1240
#endif
+7
fs/cifs/cifssmb.c
+7
fs/cifs/cifssmb.c
···
1460
1460
return length;
1461
1461
server->total_read += length;
1462
1462
1463
+
if (server->ops->is_session_expired &&
1464
+
server->ops->is_session_expired(buf)) {
1465
+
cifs_reconnect(server);
1466
+
wake_up(&server->response_q);
1467
+
return -1;
1468
+
}
1469
+
1463
1470
if (server->ops->is_status_pending &&
1464
1471
server->ops->is_status_pending(buf, server, 0)) {
1465
1472
cifs_discard_remaining_data(server);
+10
-31
fs/cifs/connect.c
+10
-31
fs/cifs/connect.c
···
55
55
#include "nterr.h"
56
56
#include "rfc1002pdu.h"
57
57
#include "fscache.h"
58
-
#ifdef CONFIG_CIFS_SMB2
59
58
#include "smb2proto.h"
60
-
#endif
61
59
62
60
#define CIFS_PORT 445
63
61
#define RFC1001_PORT 139
···
339
341
server->tcpStatus = CifsNeedReconnect;
340
342
spin_unlock(&GlobalMid_Lock);
341
343
server->maxBuf = 0;
342
-
#ifdef CONFIG_CIFS_SMB2
343
344
server->max_read = 0;
344
-
#endif
345
345
346
346
cifs_dbg(FYI, "Reconnecting tcp session\n");
347
347
···
808
812
cifs_dump_mem("Bad SMB: ", buf,
809
813
min_t(unsigned int, server->total_read, 48));
810
814
815
+
if (server->ops->is_session_expired &&
816
+
server->ops->is_session_expired(buf)) {
817
+
cifs_reconnect(server);
818
+
wake_up(&server->response_q);
819
+
return -1;
820
+
}
821
+
811
822
if (server->ops->is_status_pending &&
812
823
server->ops->is_status_pending(buf, server, length))
813
824
return -1;
···
1125
1122
vol->ops = &smb1_operations;
1126
1123
vol->vals = &smb1_values;
1127
1124
break;
1128
-
#ifdef CONFIG_CIFS_SMB2
1129
1125
case Smb_20:
1130
1126
vol->ops = &smb20_operations;
1131
1127
vol->vals = &smb20_values;
···
1147
1145
vol->vals = &smb311_values;
1148
1146
break;
1149
1147
#endif /* SMB311 */
1150
-
#endif
1151
1148
default:
1152
1149
cifs_dbg(VFS, "Unknown vers= option specified: %s\n", value);
1153
1150
return 1;
···
1272
1271
1273
1272
vol->actimeo = CIFS_DEF_ACTIMEO;
1274
1273
1275
-
/* FIXME: add autonegotiation -- for now, SMB1 is default */
1276
-
vol->ops = &smb1_operations;
1277
-
vol->vals = &smb1_values;
1274
+
/* FIXME: add autonegotiation for SMB3 or later rather than just SMB3 */
1275
+
vol->ops = &smb30_operations; /* both secure and accepted widely */
1276
+
vol->vals = &smb30_values;
1278
1277
1279
1278
vol->echo_interval = SMB_ECHO_INTERVAL_DEFAULT;
1280
1279
···
2171
2170
2172
2171
cancel_delayed_work_sync(&server->echo);
2173
2172
2174
-
#ifdef CONFIG_CIFS_SMB2
2175
2173
if (from_reconnect)
2176
2174
/*
2177
2175
* Avoid deadlock here: reconnect work calls
···
2181
2181
cancel_delayed_work(&server->reconnect);
2182
2182
else
2183
2183
cancel_delayed_work_sync(&server->reconnect);
2184
-
#endif
2185
2184
2186
2185
spin_lock(&GlobalMid_Lock);
2187
2186
server->tcpStatus = CifsExiting;
···
2246
2247
INIT_LIST_HEAD(&tcp_ses->tcp_ses_list);
2247
2248
INIT_LIST_HEAD(&tcp_ses->smb_ses_list);
2248
2249
INIT_DELAYED_WORK(&tcp_ses->echo, cifs_echo_request);
2249
-
#ifdef CONFIG_CIFS_SMB2
2250
2250
INIT_DELAYED_WORK(&tcp_ses->reconnect, smb2_reconnect_server);
2251
2251
mutex_init(&tcp_ses->reconnect_mutex);
2252
-
#endif
2253
2252
memcpy(&tcp_ses->srcaddr, &volume_info->srcaddr,
2254
2253
sizeof(tcp_ses->srcaddr));
2255
2254
memcpy(&tcp_ses->dstaddr, &volume_info->dstaddr,
2256
2255
sizeof(tcp_ses->dstaddr));
2257
-
#ifdef CONFIG_CIFS_SMB2
2258
2256
generate_random_uuid(tcp_ses->client_guid);
2259
-
#endif
2260
2257
/*
2261
2258
* at this point we are the only ones with the pointer
2262
2259
* to the struct since the kernel thread not created yet
···
2650
2655
return 0;
2651
2656
if (tcon->seal != volume_info->seal)
2652
2657
return 0;
2653
-
#ifdef CONFIG_CIFS_SMB2
2654
2658
if (tcon->snapshot_time != volume_info->snapshot_time)
2655
2659
return 0;
2656
-
#endif /* CONFIG_CIFS_SMB2 */
2657
2660
return 1;
2658
2661
}
2659
2662
···
2726
2733
}
2727
2734
2728
2735
if (volume_info->snapshot_time) {
2729
-
#ifdef CONFIG_CIFS_SMB2
2730
2736
if (ses->server->vals->protocol_id == 0) {
2731
2737
cifs_dbg(VFS,
2732
2738
"Use SMB2 or later for snapshot mount option\n");
···
2733
2741
goto out_fail;
2734
2742
} else
2735
2743
tcon->snapshot_time = volume_info->snapshot_time;
2736
-
#else
2737
-
cifs_dbg(VFS, "Snapshot mount option requires SMB2 support\n");
2738
-
rc = -EOPNOTSUPP;
2739
-
goto out_fail;
2740
-
#endif /* CONFIG_CIFS_SMB2 */
2741
2744
}
2742
2745
2743
2746
tcon->ses = ses;
···
2768
2781
"SMB3 or later required for persistent handles\n");
2769
2782
rc = -EOPNOTSUPP;
2770
2783
goto out_fail;
2771
-
#ifdef CONFIG_CIFS_SMB2
2772
2784
} else if (ses->server->capabilities &
2773
2785
SMB2_GLOBAL_CAP_PERSISTENT_HANDLES)
2774
2786
tcon->use_persistent = true;
···
2776
2790
"Persistent handles not supported on share\n");
2777
2791
rc = -EOPNOTSUPP;
2778
2792
goto out_fail;
2779
-
#endif /* CONFIG_CIFS_SMB2 */
2780
2793
}
2781
-
#ifdef CONFIG_CIFS_SMB2
2782
2794
} else if ((tcon->capabilities & SMB2_SHARE_CAP_CONTINUOUS_AVAILABILITY)
2783
2795
&& (ses->server->capabilities & SMB2_GLOBAL_CAP_PERSISTENT_HANDLES)
2784
2796
&& (volume_info->nopersistent == false)) {
2785
2797
cifs_dbg(FYI, "enabling persistent handles\n");
2786
2798
tcon->use_persistent = true;
2787
-
#endif /* CONFIG_CIFS_SMB2 */
2788
2799
} else if (volume_info->resilient) {
2789
2800
if (ses->server->vals->protocol_id == 0) {
2790
2801
cifs_dbg(VFS,
···
2798
2815
"SMB3 or later required for encryption\n");
2799
2816
rc = -EOPNOTSUPP;
2800
2817
goto out_fail;
2801
-
#ifdef CONFIG_CIFS_SMB2
2802
2818
} else if (tcon->ses->server->capabilities &
2803
2819
SMB2_GLOBAL_CAP_ENCRYPTION)
2804
2820
tcon->seal = true;
···
2805
2823
cifs_dbg(VFS, "Encryption is not supported on share\n");
2806
2824
rc = -EOPNOTSUPP;
2807
2825
goto out_fail;
2808
-
#endif /* CONFIG_CIFS_SMB2 */
2809
2826
}
2810
2827
}
2811
2828
···
3719
3738
goto mount_fail_check;
3720
3739
}
3721
3740
3722
-
#ifdef CONFIG_CIFS_SMB2
3723
3741
if ((volume_info->persistent == true) && ((ses->server->capabilities &
3724
3742
SMB2_GLOBAL_CAP_PERSISTENT_HANDLES) == 0)) {
3725
3743
cifs_dbg(VFS, "persistent handles not supported by server\n");
3726
3744
rc = -EOPNOTSUPP;
3727
3745
goto mount_fail_check;
3728
3746
}
3729
-
#endif /* CONFIG_CIFS_SMB2*/
3730
3747
3731
3748
/* search for existing tcon to this server share */
3732
3749
tcon = cifs_get_tcon(ses, volume_info);
-2
fs/cifs/ioctl.c
-2
fs/cifs/ioctl.c
···
101
101
fsinf->fs_attributes = le32_to_cpu(tcon->fsAttrInfo.Attributes);
102
102
fsinf->max_path_component =
103
103
le32_to_cpu(tcon->fsAttrInfo.MaxPathNameComponentLength);
104
-
#ifdef CONFIG_CIFS_SMB2
105
104
fsinf->vol_serial_number = tcon->vol_serial_number;
106
105
fsinf->vol_create_time = le64_to_cpu(tcon->vol_create_time);
107
106
fsinf->share_flags = tcon->share_flags;
···
109
110
fsinf->optimal_sector_size = tcon->perf_sector_size;
110
111
fsinf->max_bytes_chunk = tcon->max_bytes_chunk;
111
112
fsinf->maximal_access = tcon->maximal_access;
112
-
#endif /* SMB2 */
113
113
fsinf->cifs_posix_caps = le64_to_cpu(tcon->fsUnixInfo.Capability);
114
114
115
115
if (copy_to_user(arg, fsinf, sizeof(struct smb_mnt_fs_info)))
-4
fs/cifs/link.c
-4
fs/cifs/link.c
···
29
29
#include "cifs_debug.h"
30
30
#include "cifs_fs_sb.h"
31
31
#include "cifs_unicode.h"
32
-
#ifdef CONFIG_CIFS_SMB2
33
32
#include "smb2proto.h"
34
-
#endif
35
33
36
34
/*
37
35
* M-F Symlink Functions - Begin
···
400
402
/*
401
403
* SMB 2.1/SMB3 Protocol specific functions
402
404
*/
403
-
#ifdef CONFIG_CIFS_SMB2
404
405
int
405
406
smb3_query_mf_symlink(unsigned int xid, struct cifs_tcon *tcon,
406
407
struct cifs_sb_info *cifs_sb, const unsigned char *path,
···
522
525
kfree(utf16_path);
523
526
return rc;
524
527
}
525
-
#endif /* CONFIG_CIFS_SMB2 */
526
528
527
529
/*
528
530
* M-F Symlink Functions - End
+2
-9
fs/cifs/misc.c
+2
-9
fs/cifs/misc.c
···
30
30
#include "smberr.h"
31
31
#include "nterr.h"
32
32
#include "cifs_unicode.h"
33
-
#ifdef CONFIG_CIFS_SMB2
34
33
#include "smb2pdu.h"
35
-
#endif
36
34
37
35
extern mempool_t *cifs_sm_req_poolp;
38
36
extern mempool_t *cifs_req_poolp;
···
147
149
cifs_buf_get(void)
148
150
{
149
151
struct smb_hdr *ret_buf = NULL;
150
-
size_t buf_size = sizeof(struct smb_hdr);
151
-
152
-
#ifdef CONFIG_CIFS_SMB2
153
152
/*
154
153
* SMB2 header is bigger than CIFS one - no problems to clean some
155
154
* more bytes for CIFS.
156
155
*/
157
-
buf_size = sizeof(struct smb2_hdr);
158
-
#endif
156
+
size_t buf_size = sizeof(struct smb2_hdr);
157
+
159
158
/*
160
159
* We could use negotiated size instead of max_msgsize -
161
160
* but it may be more efficient to always alloc same size
···
615
620
cifs_add_pending_open_locked(struct cifs_fid *fid, struct tcon_link *tlink,
616
621
struct cifs_pending_open *open)
617
622
{
618
-
#ifdef CONFIG_CIFS_SMB2
619
623
memcpy(open->lease_key, fid->lease_key, SMB2_LEASE_KEY_SIZE);
620
-
#endif
621
624
open->oplock = CIFS_OPLOCK_NO_CHANGE;
622
625
open->tlink = tlink;
623
626
fid->pending_open = open;
+2
-2
fs/cifs/smb2maperror.c
+2
-2
fs/cifs/smb2maperror.c
···
2475
2475
2476
2476
/* on error mapping not found - return EIO */
2477
2477
2478
-
cifs_dbg(FYI, "Mapping SMB2 status code %d to POSIX err %d\n",
2479
-
smb2err, rc);
2478
+
cifs_dbg(FYI, "Mapping SMB2 status code 0x%08x to POSIX err %d\n",
2479
+
__le32_to_cpu(smb2err), rc);
2480
2480
2481
2481
return rc;
2482
2482
}
+83
-3
fs/cifs/smb2ops.c
+83
-3
fs/cifs/smb2ops.c
···
1036
1036
return true;
1037
1037
}
1038
1038
1039
+
static bool
1040
+
smb2_is_session_expired(char *buf)
1041
+
{
1042
+
struct smb2_sync_hdr *shdr = get_sync_hdr(buf);
1043
+
1044
+
if (shdr->Status != STATUS_NETWORK_SESSION_EXPIRED)
1045
+
return false;
1046
+
1047
+
cifs_dbg(FYI, "Session expired\n");
1048
+
return true;
1049
+
}
1050
+
1039
1051
static int
1040
1052
smb2_oplock_response(struct cifs_tcon *tcon, struct cifs_fid *fid,
1041
1053
struct cifsInodeInfo *cinode)
···
1381
1369
return ERR_PTR(rc);
1382
1370
return pntsd;
1383
1371
}
1372
+
1373
+
#ifdef CONFIG_CIFS_ACL
1374
+
static int
1375
+
set_smb2_acl(struct cifs_ntsd *pnntsd, __u32 acllen,
1376
+
struct inode *inode, const char *path, int aclflag)
1377
+
{
1378
+
u8 oplock = SMB2_OPLOCK_LEVEL_NONE;
1379
+
unsigned int xid;
1380
+
int rc, access_flags = 0;
1381
+
struct cifs_tcon *tcon;
1382
+
struct cifs_sb_info *cifs_sb = CIFS_SB(inode->i_sb);
1383
+
struct tcon_link *tlink = cifs_sb_tlink(cifs_sb);
1384
+
struct cifs_fid fid;
1385
+
struct cifs_open_parms oparms;
1386
+
__le16 *utf16_path;
1387
+
1388
+
cifs_dbg(FYI, "set smb3 acl for path %s\n", path);
1389
+
if (IS_ERR(tlink))
1390
+
return PTR_ERR(tlink);
1391
+
1392
+
tcon = tlink_tcon(tlink);
1393
+
xid = get_xid();
1394
+
1395
+
if (backup_cred(cifs_sb))
1396
+
oparms.create_options = CREATE_OPEN_BACKUP_INTENT;
1397
+
else
1398
+
oparms.create_options = 0;
1399
+
1400
+
if (aclflag == CIFS_ACL_OWNER || aclflag == CIFS_ACL_GROUP)
1401
+
access_flags = WRITE_OWNER;
1402
+
else
1403
+
access_flags = WRITE_DAC;
1404
+
1405
+
utf16_path = cifs_convert_path_to_utf16(path, cifs_sb);
1406
+
if (!utf16_path)
1407
+
return -ENOMEM;
1408
+
1409
+
oparms.tcon = tcon;
1410
+
oparms.desired_access = access_flags;
1411
+
oparms.disposition = FILE_OPEN;
1412
+
oparms.path = path;
1413
+
oparms.fid = &fid;
1414
+
oparms.reconnect = false;
1415
+
1416
+
rc = SMB2_open(xid, &oparms, utf16_path, &oplock, NULL, NULL);
1417
+
kfree(utf16_path);
1418
+
if (!rc) {
1419
+
rc = SMB2_set_acl(xid, tlink_tcon(tlink), fid.persistent_fid,
1420
+
fid.volatile_fid, pnntsd, acllen, aclflag);
1421
+
SMB2_close(xid, tcon, fid.persistent_fid, fid.volatile_fid);
1422
+
}
1423
+
1424
+
cifs_put_tlink(tlink);
1425
+
free_xid(xid);
1426
+
return rc;
1427
+
}
1428
+
#endif /* CIFS_ACL */
1384
1429
1385
1430
/* Retrieve an ACL from the server */
1386
1431
static struct cifs_ntsd *
···
2229
2160
return -ENOTSUPP;
2230
2161
}
2231
2162
2163
+
if (server->ops->is_session_expired &&
2164
+
server->ops->is_session_expired(buf)) {
2165
+
cifs_reconnect(server);
2166
+
wake_up(&server->response_q);
2167
+
return -1;
2168
+
}
2169
+
2232
2170
if (server->ops->is_status_pending &&
2233
2171
server->ops->is_status_pending(buf, server, 0))
2234
2172
return -1;
···
2553
2477
.close_dir = smb2_close_dir,
2554
2478
.calc_smb_size = smb2_calc_size,
2555
2479
.is_status_pending = smb2_is_status_pending,
2480
+
.is_session_expired = smb2_is_session_expired,
2556
2481
.oplock_response = smb2_oplock_response,
2557
2482
.queryfs = smb2_queryfs,
2558
2483
.mand_lock = smb2_mand_lock,
···
2575
2498
#ifdef CONFIG_CIFS_ACL
2576
2499
.get_acl = get_smb2_acl,
2577
2500
.get_acl_by_fid = get_smb2_acl_by_fid,
2578
-
/* .set_acl = set_smb3_acl, */
2501
+
.set_acl = set_smb2_acl,
2579
2502
#endif /* CIFS_ACL */
2580
2503
};
2581
2504
···
2642
2565
.close_dir = smb2_close_dir,
2643
2566
.calc_smb_size = smb2_calc_size,
2644
2567
.is_status_pending = smb2_is_status_pending,
2568
+
.is_session_expired = smb2_is_session_expired,
2645
2569
.oplock_response = smb2_oplock_response,
2646
2570
.queryfs = smb2_queryfs,
2647
2571
.mand_lock = smb2_mand_lock,
···
2665
2587
#ifdef CONFIG_CIFS_ACL
2666
2588
.get_acl = get_smb2_acl,
2667
2589
.get_acl_by_fid = get_smb2_acl_by_fid,
2668
-
/* .set_acl = set_smb3_acl, */
2590
+
.set_acl = set_smb2_acl,
2669
2591
#endif /* CIFS_ACL */
2670
2592
};
2671
2593
···
2733
2655
.close_dir = smb2_close_dir,
2734
2656
.calc_smb_size = smb2_calc_size,
2735
2657
.is_status_pending = smb2_is_status_pending,
2658
+
.is_session_expired = smb2_is_session_expired,
2736
2659
.oplock_response = smb2_oplock_response,
2737
2660
.queryfs = smb2_queryfs,
2738
2661
.mand_lock = smb2_mand_lock,
···
2765
2686
#ifdef CONFIG_CIFS_ACL
2766
2687
.get_acl = get_smb2_acl,
2767
2688
.get_acl_by_fid = get_smb2_acl_by_fid,
2768
-
/* .set_acl = set_smb3_acl, */
2689
+
.set_acl = set_smb2_acl,
2769
2690
#endif /* CIFS_ACL */
2770
2691
};
2771
2692
···
2834
2755
.close_dir = smb2_close_dir,
2835
2756
.calc_smb_size = smb2_calc_size,
2836
2757
.is_status_pending = smb2_is_status_pending,
2758
+
.is_session_expired = smb2_is_session_expired,
2837
2759
.oplock_response = smb2_oplock_response,
2838
2760
.queryfs = smb2_queryfs,
2839
2761
.mand_lock = smb2_mand_lock,
+34
-40
fs/cifs/smb2pdu.c
+34
-40
fs/cifs/smb2pdu.c
···
1167
1167
int rc = 0;
1168
1168
int resp_buftype;
1169
1169
int unc_path_len;
1170
-
struct TCP_Server_Info *server;
1171
1170
__le16 *unc_path = NULL;
1172
1171
int flags = 0;
1173
1172
1174
1173
cifs_dbg(FYI, "TCON\n");
1175
1174
1176
-
if ((ses->server) && tree)
1177
-
server = ses->server;
1178
-
else
1175
+
if (!(ses->server) || !tree)
1179
1176
return -EIO;
1180
1177
1181
1178
unc_path = kmalloc(MAX_SHARENAME_LENGTH * 2, GFP_KERNEL);
···
1291
1294
{
1292
1295
struct smb2_tree_disconnect_req *req; /* response is trivial */
1293
1296
int rc = 0;
1294
-
struct TCP_Server_Info *server;
1295
1297
struct cifs_ses *ses = tcon->ses;
1296
1298
int flags = 0;
1297
1299
1298
1300
cifs_dbg(FYI, "Tree Disconnect\n");
1299
1301
1300
-
if (ses && (ses->server))
1301
-
server = ses->server;
1302
-
else
1302
+
if (!ses || !(ses->server))
1303
1303
return -EIO;
1304
1304
1305
1305
if ((tcon->need_reconnect) || (tcon->ses->need_reconnect))
···
1788
1794
struct smb2_ioctl_req *req;
1789
1795
struct smb2_ioctl_rsp *rsp;
1790
1796
struct smb2_sync_hdr *shdr;
1791
-
struct TCP_Server_Info *server;
1792
1797
struct cifs_ses *ses;
1793
1798
struct kvec iov[2];
1794
1799
struct kvec rsp_iov;
···
1810
1817
else
1811
1818
return -EIO;
1812
1819
1813
-
if (ses && (ses->server))
1814
-
server = ses->server;
1815
-
else
1820
+
if (!ses || !(ses->server))
1816
1821
return -EIO;
1817
1822
1818
1823
rc = small_smb2_init(SMB2_IOCTL, tcon, (void **) &req);
···
1968
1977
{
1969
1978
struct smb2_close_req *req;
1970
1979
struct smb2_close_rsp *rsp;
1971
-
struct TCP_Server_Info *server;
1972
1980
struct cifs_ses *ses = tcon->ses;
1973
1981
struct kvec iov[1];
1974
1982
struct kvec rsp_iov;
···
1977
1987
1978
1988
cifs_dbg(FYI, "Close\n");
1979
1989
1980
-
if (ses && (ses->server))
1981
-
server = ses->server;
1982
-
else
1990
+
if (!ses || !(ses->server))
1983
1991
return -EIO;
1984
1992
1985
1993
rc = small_smb2_init(SMB2_CLOSE, tcon, (void **) &req);
···
2079
2091
struct kvec rsp_iov;
2080
2092
int rc = 0;
2081
2093
int resp_buftype;
2082
-
struct TCP_Server_Info *server;
2083
2094
struct cifs_ses *ses = tcon->ses;
2084
2095
int flags = 0;
2085
2096
2086
2097
cifs_dbg(FYI, "Query Info\n");
2087
2098
2088
-
if (ses && (ses->server))
2089
-
server = ses->server;
2090
-
else
2099
+
if (!ses || !(ses->server))
2091
2100
return -EIO;
2092
2101
2093
2102
rc = small_smb2_init(SMB2_QUERY_INFO, tcon, (void **) &req);
···
2296
2311
u64 volatile_fid)
2297
2312
{
2298
2313
struct smb2_flush_req *req;
2299
-
struct TCP_Server_Info *server;
2300
2314
struct cifs_ses *ses = tcon->ses;
2301
2315
struct kvec iov[1];
2302
2316
struct kvec rsp_iov;
···
2305
2321
2306
2322
cifs_dbg(FYI, "Flush\n");
2307
2323
2308
-
if (ses && (ses->server))
2309
-
server = ses->server;
2310
-
else
2324
+
if (!ses || !(ses->server))
2311
2325
return -EIO;
2312
2326
2313
2327
rc = small_smb2_init(SMB2_FLUSH, tcon, (void **) &req);
···
2982
3000
2983
3001
static int
2984
3002
send_set_info(const unsigned int xid, struct cifs_tcon *tcon,
2985
-
u64 persistent_fid, u64 volatile_fid, u32 pid, int info_class,
2986
-
unsigned int num, void **data, unsigned int *size)
3003
+
u64 persistent_fid, u64 volatile_fid, u32 pid, u8 info_class,
3004
+
u8 info_type, u32 additional_info, unsigned int num,
3005
+
void **data, unsigned int *size)
2987
3006
{
2988
3007
struct smb2_set_info_req *req;
2989
3008
struct smb2_set_info_rsp *rsp = NULL;
···
2993
3010
int rc = 0;
2994
3011
int resp_buftype;
2995
3012
unsigned int i;
2996
-
struct TCP_Server_Info *server;
2997
3013
struct cifs_ses *ses = tcon->ses;
2998
3014
int flags = 0;
2999
3015
3000
-
if (ses && (ses->server))
3001
-
server = ses->server;
3002
-
else
3016
+
if (!ses || !(ses->server))
3003
3017
return -EIO;
3004
3018
3005
3019
if (!num)
···
3017
3037
3018
3038
req->hdr.sync_hdr.ProcessId = cpu_to_le32(pid);
3019
3039
3020
-
req->InfoType = SMB2_O_INFO_FILE;
3040
+
req->InfoType = info_type;
3021
3041
req->FileInfoClass = info_class;
3022
3042
req->PersistentFileId = persistent_fid;
3023
3043
req->VolatileFileId = volatile_fid;
3044
+
req->AdditionalInformation = cpu_to_le32(additional_info);
3024
3045
3025
3046
/* 4 for RFC1001 length and 1 for Buffer */
3026
3047
req->BufferOffset =
···
3081
3100
size[1] = len + 2 /* null */;
3082
3101
3083
3102
rc = send_set_info(xid, tcon, persistent_fid, volatile_fid,
3084
-
current->tgid, FILE_RENAME_INFORMATION, 2, data,
3085
-
size);
3103
+
current->tgid, FILE_RENAME_INFORMATION, SMB2_O_INFO_FILE,
3104
+
0, 2, data, size);
3086
3105
kfree(data);
3087
3106
return rc;
3088
3107
}
···
3099
3118
size = 1; /* sizeof __u8 */
3100
3119
3101
3120
return send_set_info(xid, tcon, persistent_fid, volatile_fid,
3102
-
current->tgid, FILE_DISPOSITION_INFORMATION, 1, &data,
3103
-
&size);
3121
+
current->tgid, FILE_DISPOSITION_INFORMATION, SMB2_O_INFO_FILE,
3122
+
0, 1, &data, &size);
3104
3123
}
3105
3124
3106
3125
int
···
3129
3148
size[1] = len + 2 /* null */;
3130
3149
3131
3150
rc = send_set_info(xid, tcon, persistent_fid, volatile_fid,
3132
-
current->tgid, FILE_LINK_INFORMATION, 2, data, size);
3151
+
current->tgid, FILE_LINK_INFORMATION, SMB2_O_INFO_FILE,
3152
+
0, 2, data, size);
3133
3153
kfree(data);
3134
3154
return rc;
3135
3155
}
···
3150
3168
3151
3169
if (is_falloc)
3152
3170
return send_set_info(xid, tcon, persistent_fid, volatile_fid,
3153
-
pid, FILE_ALLOCATION_INFORMATION, 1, &data, &size);
3171
+
pid, FILE_ALLOCATION_INFORMATION, SMB2_O_INFO_FILE,
3172
+
0, 1, &data, &size);
3154
3173
else
3155
3174
return send_set_info(xid, tcon, persistent_fid, volatile_fid,
3156
-
pid, FILE_END_OF_FILE_INFORMATION, 1, &data, &size);
3175
+
pid, FILE_END_OF_FILE_INFORMATION, SMB2_O_INFO_FILE,
3176
+
0, 1, &data, &size);
3157
3177
}
3158
3178
3159
3179
int
···
3165
3181
unsigned int size;
3166
3182
size = sizeof(FILE_BASIC_INFO);
3167
3183
return send_set_info(xid, tcon, persistent_fid, volatile_fid,
3168
-
current->tgid, FILE_BASIC_INFORMATION, 1,
3169
-
(void **)&buf, &size);
3184
+
current->tgid, FILE_BASIC_INFORMATION, SMB2_O_INFO_FILE,
3185
+
0, 1, (void **)&buf, &size);
3186
+
}
3187
+
3188
+
int
3189
+
SMB2_set_acl(const unsigned int xid, struct cifs_tcon *tcon,
3190
+
u64 persistent_fid, u64 volatile_fid,
3191
+
struct cifs_ntsd *pnntsd, int pacllen, int aclflag)
3192
+
{
3193
+
return send_set_info(xid, tcon, persistent_fid, volatile_fid,
3194
+
current->tgid, 0, SMB2_O_INFO_SECURITY, aclflag,
3195
+
1, (void **)&pnntsd, &pacllen);
3170
3196
}
3171
3197
3172
3198
int
+3
fs/cifs/smb2proto.h
+3
fs/cifs/smb2proto.h
···
166
166
extern int SMB2_set_info(const unsigned int xid, struct cifs_tcon *tcon,
167
167
u64 persistent_fid, u64 volatile_fid,
168
168
FILE_BASIC_INFO *buf);
169
+
extern int SMB2_set_acl(const unsigned int xid, struct cifs_tcon *tcon,
170
+
u64 persistent_fid, u64 volatile_fid,
171
+
struct cifs_ntsd *pnntsd, int pacllen, int aclflag);
169
172
extern int SMB2_set_compression(const unsigned int xid, struct cifs_tcon *tcon,
170
173
u64 persistent_fid, u64 volatile_fid);
171
174
extern int SMB2_oplock_break(const unsigned int xid, struct cifs_tcon *tcon,