1. 29 Sep, 2010 6 commits
    • Shirish Pargaonkar's avatar
      cifs NTLMv2/NTLMSSP ntlmv2 within ntlmssp autentication code · 2b149f11
      Shirish Pargaonkar authored
      Attribue Value (AV) pairs or Target Info (TI) pairs are part of
      ntlmv2 authentication.
      Structure ntlmv2_resp had only definition for two av pairs.
      So removed it, and now allocation of av pairs is dynamic.
      For servers like Windows 7/2008, av pairs sent by server in
      challege packet (type 2 in the ntlmssp exchange/negotiation) can
      vary.
      
      Server sends them during ntlmssp negotiation. So when ntlmssp is used
      as an authentication mechanism, type 2 challenge packet from server
      has this information.  Pluck it and use the entire blob for
      authenticaiton purpose.  If user has not specified, extract
      (netbios) domain name from the av pairs which is used to calculate
      ntlmv2 hash.  Servers like Windows 7 are particular about the AV pair
      blob.
      
      Servers like Windows 2003, are not very strict about the contents
      of av pair blob used during ntlmv2 authentication.
      So when security mechanism such as ntlmv2 is used (not ntlmv2 in ntlmssp),
      there is no negotiation and so genereate a minimal blob that gets
      used in ntlmv2 authentication as well as gets sent.
      
      Fields tilen and tilbob are session specific.  AV pair values are defined.
      
      To calculate ntlmv2 response we need ti/av pair blob.
      
      For sec mech like ntlmssp, the blob is plucked from type 2 response from
      the server.  From this blob, netbios name of the domain is retrieved,
      if user has not already provided, to be included in the Target String
      as part of ntlmv2 hash calculations.
      
      For sec mech like ntlmv2, create a minimal, two av pair blob.
      
      The allocated blob is freed in case of error.  In case there is no error,
      this blob is used in calculating ntlmv2 response (in CalcNTLMv2_response)
      and is also copied on the response to the server, and then freed.
      
      The type 3 ntlmssp response is prepared on a buffer,
      5 * sizeof of struct _AUTHENTICATE_MESSAGE, an empirical value large
      enough to hold _AUTHENTICATE_MESSAGE plus a blob with max possible
      10 values as part of ntlmv2 response and lmv2 keys and domain, user,
      workstation  names etc.
      
      Also, kerberos gets selected as a default mechanism if server supports it,
      over the other security mechanisms.
      Signed-off-by: default avatarShirish Pargaonkar <shirishpargaonkar@gmail.com>
      Signed-off-by: default avatarSteve French <sfrench@us.ibm.com>
      2b149f11
    • Shirish Pargaonkar's avatar
      cifs NTLMv2/NTLMSSP Change variable name mac_key to session key to reflect the key it holds · 5f98ca9a
      Shirish Pargaonkar authored
      Change name of variable mac_key to session key.
      The reason mac_key was changed to session key is, this structure does not
      hold message authentication code, it holds the session key (for ntlmv2,
      ntlmv1 etc.).  mac is generated as a signature in cifs_calc* functions.
      Signed-off-by: default avatarShirish Pargaonkar <shirishpargaonkar@gmail.com>
      Signed-off-by: default avatarSteve French <sfrench@us.ibm.com>
      5f98ca9a
    • Suresh Jayaraman's avatar
      cifs: fix broken oplock handling · aa91c7e4
      Suresh Jayaraman authored
      cifs_new_fileinfo() does not use the 'oplock' value from the callers. Instead,
      it sets it to REQ_OPLOCK which seems wrong. We should be using the oplock value
      obtained from the Server to set the inode's clientCanCacheAll or
      clientCanCacheRead flags. Fix this by passing oplock from the callers to
      cifs_new_fileinfo().
      
      This change dates back to commit a6ce4932 (2.6.30-rc3). So, all the affected
      versions will need this fix. Please Cc stable once reviewed and accepted.
      
      Cc: Stable <stable@kernel.org>
      Reviewed-by: default avatarJeff Layton <jlayton@redhat.com>
      Signed-off-by: default avatarSuresh Jayaraman <sjayaraman@suse.de>
      Signed-off-by: default avatarSteve French <sfrench@us.ibm.com>
      aa91c7e4
    • Suresh Jayaraman's avatar
      cifs: use type __u32 instead of int for the oplock parameter · a347ecb2
      Suresh Jayaraman authored
      ... and avoid implicit casting from a signed type. Also, pass oplock by value
      instead by reference as we don't intend to change the value in
      cifs_open_inode_helper().
      
      Thanks to Jeff Layton for spotting this.
      Reviewed-by: default avatarJeff Layton <jlayton@samba.org>
      Signed-off-by: default avatarSuresh Jayaraman <sjayaraman@suse.de>
      Signed-off-by: default avatarSteve French <sfrench@us.ibm.com>
      a347ecb2
    • Linus Torvalds's avatar
      Linux 2.6.36-rc6 · 899611ee
      Linus Torvalds authored
      899611ee
    • David Howells's avatar
      MN10300: Handle missing sys_cacheflush() when caching disabled · 62bdb288
      David Howells authored
      When caching is disabled on the MN10300 arch, the sys_cacheflush()
      function is removed by conditional stuff in the makefiles, but is still
      referred to by the syscall table.
      
      Provide a null version that just returns 0 when caching is disabled (or
      -EINVAL if the arguments are silly).
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      62bdb288
  2. 28 Sep, 2010 9 commits
  3. 27 Sep, 2010 25 commits