Commit b4d6fcf1 authored by Jeff Layton's avatar Jeff Layton Committed by Steve French

cifs: move "ntlmssp" and "local_leases" options out of experimental code

I see no real need to leave these sorts of options under an
EXPERIMENTAL ifdef. Since you need a mount option to turn this code
on, that only blows out the testing matrix.

local_leases has been under the EXPERIMENTAL tag for some time, but
it's only the mount option that's under this label. Move it out
from under this tag.

The NTLMSSP code is also under EXPERIMENTAL, but it needs a mount
option to turn it on, and in the future any distro will reasonably
want this enabled. Go ahead and move it out from under the
EXPERIMENTAL tag.
Signed-off-by: default avatarJeff Layton <jlayton@redhat.com>
Acked-by: default avatarSuresh Jayaraman <sjayaraman@suse.de>
Signed-off-by: default avatarSteve French <sfrench@us.ibm.com>
parent 1397f2ee
...@@ -401,15 +401,12 @@ CIFSSMBNegotiate(unsigned int xid, struct cifsSesInfo *ses) ...@@ -401,15 +401,12 @@ CIFSSMBNegotiate(unsigned int xid, struct cifsSesInfo *ses)
else if ((secFlags & CIFSSEC_AUTH_MASK) == CIFSSEC_MAY_KRB5) { else if ((secFlags & CIFSSEC_AUTH_MASK) == CIFSSEC_MAY_KRB5) {
cFYI(1, "Kerberos only mechanism, enable extended security"); cFYI(1, "Kerberos only mechanism, enable extended security");
pSMB->hdr.Flags2 |= SMBFLG2_EXT_SEC; pSMB->hdr.Flags2 |= SMBFLG2_EXT_SEC;
} } else if ((secFlags & CIFSSEC_MUST_NTLMSSP) == CIFSSEC_MUST_NTLMSSP)
#ifdef CONFIG_CIFS_EXPERIMENTAL
else if ((secFlags & CIFSSEC_MUST_NTLMSSP) == CIFSSEC_MUST_NTLMSSP)
pSMB->hdr.Flags2 |= SMBFLG2_EXT_SEC; pSMB->hdr.Flags2 |= SMBFLG2_EXT_SEC;
else if ((secFlags & CIFSSEC_AUTH_MASK) == CIFSSEC_MAY_NTLMSSP) { else if ((secFlags & CIFSSEC_AUTH_MASK) == CIFSSEC_MAY_NTLMSSP) {
cFYI(1, "NTLMSSP only mechanism, enable extended security"); cFYI(1, "NTLMSSP only mechanism, enable extended security");
pSMB->hdr.Flags2 |= SMBFLG2_EXT_SEC; pSMB->hdr.Flags2 |= SMBFLG2_EXT_SEC;
} }
#endif
count = 0; count = 0;
for (i = 0; i < CIFS_NUM_PROT; i++) { for (i = 0; i < CIFS_NUM_PROT; i++) {
......
...@@ -984,13 +984,11 @@ cifs_parse_mount_options(char *options, const char *devname, ...@@ -984,13 +984,11 @@ cifs_parse_mount_options(char *options, const char *devname,
return 1; return 1;
} else if (strnicmp(value, "krb5", 4) == 0) { } else if (strnicmp(value, "krb5", 4) == 0) {
vol->secFlg |= CIFSSEC_MAY_KRB5; vol->secFlg |= CIFSSEC_MAY_KRB5;
#ifdef CONFIG_CIFS_EXPERIMENTAL
} else if (strnicmp(value, "ntlmsspi", 8) == 0) { } else if (strnicmp(value, "ntlmsspi", 8) == 0) {
vol->secFlg |= CIFSSEC_MAY_NTLMSSP | vol->secFlg |= CIFSSEC_MAY_NTLMSSP |
CIFSSEC_MUST_SIGN; CIFSSEC_MUST_SIGN;
} else if (strnicmp(value, "ntlmssp", 7) == 0) { } else if (strnicmp(value, "ntlmssp", 7) == 0) {
vol->secFlg |= CIFSSEC_MAY_NTLMSSP; vol->secFlg |= CIFSSEC_MAY_NTLMSSP;
#endif
} else if (strnicmp(value, "ntlmv2i", 7) == 0) { } else if (strnicmp(value, "ntlmv2i", 7) == 0) {
vol->secFlg |= CIFSSEC_MAY_NTLMV2 | vol->secFlg |= CIFSSEC_MAY_NTLMV2 |
CIFSSEC_MUST_SIGN; CIFSSEC_MUST_SIGN;
...@@ -1341,10 +1339,8 @@ cifs_parse_mount_options(char *options, const char *devname, ...@@ -1341,10 +1339,8 @@ cifs_parse_mount_options(char *options, const char *devname,
vol->no_psx_acl = 0; vol->no_psx_acl = 0;
} else if (strnicmp(data, "noacl", 5) == 0) { } else if (strnicmp(data, "noacl", 5) == 0) {
vol->no_psx_acl = 1; vol->no_psx_acl = 1;
#ifdef CONFIG_CIFS_EXPERIMENTAL
} else if (strnicmp(data, "locallease", 6) == 0) { } else if (strnicmp(data, "locallease", 6) == 0) {
vol->local_lease = 1; vol->local_lease = 1;
#endif
} else if (strnicmp(data, "sign", 4) == 0) { } else if (strnicmp(data, "sign", 4) == 0) {
vol->secFlg |= CIFSSEC_MUST_SIGN; vol->secFlg |= CIFSSEC_MUST_SIGN;
} else if (strnicmp(data, "seal", 4) == 0) { } else if (strnicmp(data, "seal", 4) == 0) {
......
...@@ -420,7 +420,6 @@ static int decode_ntlmssp_challenge(char *bcc_ptr, int blob_len, ...@@ -420,7 +420,6 @@ static int decode_ntlmssp_challenge(char *bcc_ptr, int blob_len,
return 0; return 0;
} }
#ifdef CONFIG_CIFS_EXPERIMENTAL
/* BB Move to ntlmssp.c eventually */ /* BB Move to ntlmssp.c eventually */
/* We do not malloc the blob, it is passed in pbuffer, because /* We do not malloc the blob, it is passed in pbuffer, because
...@@ -564,7 +563,6 @@ static int build_ntlmssp_auth_blob(unsigned char *pbuffer, ...@@ -564,7 +563,6 @@ static int build_ntlmssp_auth_blob(unsigned char *pbuffer,
*buflen = tmp - pbuffer; *buflen = tmp - pbuffer;
return rc; return rc;
} }
#endif
int int
CIFS_SessSetup(unsigned int xid, struct cifsSesInfo *ses, CIFS_SessSetup(unsigned int xid, struct cifsSesInfo *ses,
...@@ -806,9 +804,7 @@ CIFS_SessSetup(unsigned int xid, struct cifsSesInfo *ses, ...@@ -806,9 +804,7 @@ CIFS_SessSetup(unsigned int xid, struct cifsSesInfo *ses,
rc = -ENOSYS; rc = -ENOSYS;
goto ssetup_exit; goto ssetup_exit;
#endif /* CONFIG_CIFS_UPCALL */ #endif /* CONFIG_CIFS_UPCALL */
} else { } else if (type == RawNTLMSSP) {
#ifdef CONFIG_CIFS_EXPERIMENTAL
if (type == RawNTLMSSP) {
if ((pSMB->req.hdr.Flags2 & SMBFLG2_UNICODE) == 0) { if ((pSMB->req.hdr.Flags2 & SMBFLG2_UNICODE) == 0) {
cERROR(1, "NTLMSSP requires Unicode support"); cERROR(1, "NTLMSSP requires Unicode support");
rc = -ENOSYS; rc = -ENOSYS;
...@@ -819,24 +815,26 @@ CIFS_SessSetup(unsigned int xid, struct cifsSesInfo *ses, ...@@ -819,24 +815,26 @@ CIFS_SessSetup(unsigned int xid, struct cifsSesInfo *ses,
pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC; pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC;
capabilities |= CAP_EXTENDED_SECURITY; capabilities |= CAP_EXTENDED_SECURITY;
pSMB->req.Capabilities |= cpu_to_le32(capabilities); pSMB->req.Capabilities |= cpu_to_le32(capabilities);
if (phase == NtLmNegotiate) { switch(phase) {
case NtLmNegotiate:
build_ntlmssp_negotiate_blob( build_ntlmssp_negotiate_blob(
pSMB->req.SecurityBlob, ses); pSMB->req.SecurityBlob, ses);
iov[1].iov_len = sizeof(NEGOTIATE_MESSAGE); iov[1].iov_len = sizeof(NEGOTIATE_MESSAGE);
iov[1].iov_base = pSMB->req.SecurityBlob; iov[1].iov_base = pSMB->req.SecurityBlob;
pSMB->req.SecurityBlobLength = pSMB->req.SecurityBlobLength =
cpu_to_le16(sizeof(NEGOTIATE_MESSAGE)); cpu_to_le16(sizeof(NEGOTIATE_MESSAGE));
} else if (phase == NtLmAuthenticate) { break;
/* 5 is an empirical value, large enought to case NtLmAuthenticate:
* hold authenticate message, max 10 of /*
* av paris, doamin,user,workstation mames, * 5 is an empirical value, large enough to hold
* flags etc.. * authenticate message plus max 10 of av paris,
* domain, user, workstation names, flags, etc.
*/ */
ntlmsspblob = kzalloc( ntlmsspblob = kzalloc(
5*sizeof(struct _AUTHENTICATE_MESSAGE), 5*sizeof(struct _AUTHENTICATE_MESSAGE),
GFP_KERNEL); GFP_KERNEL);
if (!ntlmsspblob) { if (!ntlmsspblob) {
cERROR(1, "Can't allocate NTLMSSP"); cERROR(1, "Can't allocate NTLMSSP blob");
rc = -ENOMEM; rc = -ENOMEM;
goto ssetup_exit; goto ssetup_exit;
} }
...@@ -847,13 +845,15 @@ CIFS_SessSetup(unsigned int xid, struct cifsSesInfo *ses, ...@@ -847,13 +845,15 @@ CIFS_SessSetup(unsigned int xid, struct cifsSesInfo *ses,
goto ssetup_exit; goto ssetup_exit;
iov[1].iov_len = blob_len; iov[1].iov_len = blob_len;
iov[1].iov_base = ntlmsspblob; iov[1].iov_base = ntlmsspblob;
pSMB->req.SecurityBlobLength = pSMB->req.SecurityBlobLength = cpu_to_le16(blob_len);
cpu_to_le16(blob_len); /*
/* Make sure that we tell the server that we * Make sure that we tell the server that we are using
are using the uid that it just gave us back * the uid that it just gave us back on the response
on the response (challenge) */ * (challenge)
*/
smb_buf->Uid = ses->Suid; smb_buf->Uid = ses->Suid;
} else { break;
default:
cERROR(1, "invalid phase %d", phase); cERROR(1, "invalid phase %d", phase);
rc = -ENOSYS; rc = -ENOSYS;
goto ssetup_exit; goto ssetup_exit;
...@@ -869,12 +869,6 @@ CIFS_SessSetup(unsigned int xid, struct cifsSesInfo *ses, ...@@ -869,12 +869,6 @@ CIFS_SessSetup(unsigned int xid, struct cifsSesInfo *ses,
rc = -ENOSYS; rc = -ENOSYS;
goto ssetup_exit; goto ssetup_exit;
} }
#else
cERROR(1, "secType %d not supported!", type);
rc = -ENOSYS;
goto ssetup_exit;
#endif
}
iov[2].iov_base = str_area; iov[2].iov_base = str_area;
iov[2].iov_len = (long) bcc_ptr - (long) str_area; iov[2].iov_len = (long) bcc_ptr - (long) str_area;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment