Namjae Jeon [Mon, 28 Jun 2021 06:26:37 +0000 (15:26 +0900)]
ksmbd: allow PROTECTED_DACL_SECINFO and UNPROTECTED_DACL_SECINFO addition information in smb2 set info security
"cifsd: Fix regression in smb2_get_info" patch cause that dacl doesn't
work. windows send smb2 set info security with PROTECTED_DACL_SECINFO to
control dacl. But previous patch doesn't allow it.
This patch add PROTECTED_DACL_SECINFO and UNPROTECTED_DACL_SECINFO
addtional information flags in check.
Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com> Signed-off-by: Steve French <stfrench@microsoft.com>
Hyunchul Lee [Fri, 25 Jun 2021 02:53:26 +0000 (11:53 +0900)]
ksmbd: remove and replace macros with inline functions in smb_common.h
Remove and replace macros with inline functions
in smb_common.h
Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Hyunchul Lee <hyc.lee@gmail.com> Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com> Signed-off-by: Steve French <stfrench@microsoft.com>
Hyunchul Lee [Thu, 24 Jun 2021 22:02:10 +0000 (07:02 +0900)]
ksmbd: remove getting worker state macros
Remove getting worker state macros
Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Hyunchul Lee <hyc.lee@gmail.com> Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com> Signed-off-by: Steve French <stfrench@microsoft.com>
Hyunchul Lee [Thu, 24 Jun 2021 22:02:09 +0000 (07:02 +0900)]
ksmbd: replace PAYLOAD_HEAD with inline function
Replace PAYLOAD_HEAD with inline function.
Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Hyunchul Lee <hyc.lee@gmail.com> Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com> Signed-off-by: Steve French <stfrench@microsoft.com>
Hyunchul Lee [Thu, 24 Jun 2021 22:02:08 +0000 (07:02 +0900)]
ksmbd: replace KSMBD_ALIGN with kernel ALIGN macro
Replace KSMBD_ALIGN with kernel ALIGN macro
Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Hyunchul Lee <hyc.lee@gmail.com> Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com> Signed-off-by: Steve French <stfrench@microsoft.com>
Hyunchul Lee [Thu, 24 Jun 2021 22:02:07 +0000 (07:02 +0900)]
ksmbd: replace BUFFER_NR_PAGES with inline function
Replace BUFFER_NR_PAGES with inline function
Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Hyunchul Lee <hyc.lee@gmail.com> Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com> Signed-off-by: Steve French <stfrench@microsoft.com>
Hyunchul Lee [Thu, 24 Jun 2021 22:02:06 +0000 (07:02 +0900)]
ksmbd: remove macros in transport_ipc.c
Remove macros in transport_ipc.c
Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Hyunchul Lee <hyc.lee@gmail.com> Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com> Signed-off-by: Steve French <stfrench@microsoft.com>
Hyunchul Lee [Wed, 23 Jun 2021 04:48:24 +0000 (13:48 +0900)]
ksmbd: set MAY_* flags together with open flags
set MAY_* flags together with open flags and
remove ksmbd_vfs_inode_permission().
Signed-off-by: Hyunchul Lee <hyc.lee@gmail.com> Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com> Signed-off-by: Steve French <stfrench@microsoft.com>
Hyunchul Lee [Wed, 23 Jun 2021 02:07:43 +0000 (11:07 +0900)]
ksmbd: factor out a ksmbd_vfs_lock_parent helper
Factor out a self-contained helper to
get stable parent dentry.
Signed-off-by: Hyunchul Lee <hyc.lee@gmail.com> Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com> Signed-off-by: Steve French <stfrench@microsoft.com>
Colin Ian King [Fri, 18 Jun 2021 00:54:53 +0000 (09:54 +0900)]
ksmbd: fix kfree of uninitialized pointer oid
Currently function ksmbd_neg_token_init_mech_type can kfree an
uninitialized pointer oid when the call to asn1_oid_decode fails when
vlen is out of range. All the other failure cases in function
asn1_oid_decode set *oid to NULL on an error, so fix the issue by
ensuring the vlen out of range error also nullifies the pointer.
Addresses-Coverity: ("Uninitialized pointer read") Signed-off-by: Colin Ian King <colin.king@canonical.com> Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com> Signed-off-by: Steve French <stfrench@microsoft.com>
Hyunchul Lee [Wed, 9 Jun 2021 01:06:57 +0000 (10:06 +0900)]
cifsd: append ksmbd prefix into names for asn1 decoder
Because functions and variables generated from
ASN1 compiler aren't static, append ksmbd prefix
into thoses to avoid link errors.
Signed-off-by: Hyunchul Lee <hyc.lee@gmail.com> Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com> Signed-off-by: Steve French <stfrench@microsoft.com>
Wan Jiabing [Mon, 7 Jun 2021 04:54:32 +0000 (12:54 +0800)]
cifsd: remove duplicated argument
Fix the following coccicheck warning:
./fs/cifsd/smb2pdu.c:1713:27-41: duplicated argument to & or |
FILE_DELETE_LE is duplicated. Remove one and reorder argument to
make coding style reasonable.
Signed-off-by: Wan Jiabing <wanjiabing@vivo.com> Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com> Signed-off-by: Steve French <stfrench@microsoft.com>
Hyunchul Lee [Sun, 6 Jun 2021 02:42:25 +0000 (11:42 +0900)]
cifsd: fix possible compile error for asn1.c
spnego_negtokeninit.asn1.h and spnego_negtokentarg.asn1.h
have to be generated before asn1.o is compiled.
Because of parallel build, the dependency could be broken,
we need to specify the dependency in Makefile.
Signed-off-by: Hyunchul Lee <hyc.lee@gmail.com> Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com> Signed-off-by: Steve French <stfrench@microsoft.com>
Namjae Jeon [Mon, 7 Jun 2021 00:22:22 +0000 (09:22 +0900)]
cifsd: set epoch in smb2_lease_break response
When running generic/591 after smb2 leases is enable, all smb2 lease ack
requests failed in ksmbd. because cifs client seems to support only smb2
v2 lease. So cifs doesn't update lease state in ack request if epoch is
not set in smb2 lease break request from ksmbd. epoch is used for smb2
v2 leases. So this patch add smb2 create v2 lease context and set
increased epoch in smb2 lease break response.
Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com> Signed-off-by: Steve French <stfrench@microsoft.com>
same work struct can be add to list in smb_break_all_write_oplock() and
smb_grant_oplock(). If client send invalid lease break ack to server,
This issue can occur by calling both functions.
Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com> Signed-off-by: Steve French <stfrench@microsoft.com>
Namjae Jeon [Mon, 31 May 2021 08:26:43 +0000 (17:26 +0900)]
cifsd: fix potential read overflow in ksmbd_vfs_stream_read()
If *pos or *pos + count is greater than v_len, It will read beyond
the stream_buf buffer. This patch add the check and cut down count with
size of the buffer.
Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com> Signed-off-by: Steve French <stfrench@microsoft.com>
Yang Yingliang [Mon, 31 May 2021 08:25:05 +0000 (17:25 +0900)]
cifsd: check return value of ksmbd_vfs_getcasexattr() correctly
If ksmbd_vfs_getcasexattr() returns -ENOMEM, stream_buf is NULL,
it will cause null-ptr-deref when using it to copy memory. So we
need check the return value of ksmbd_vfs_getcasexattr() by comparing
with 0.
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com> Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com> Signed-off-by: Steve French <stfrench@microsoft.com>
Yang Yingliang [Sat, 29 May 2021 08:20:57 +0000 (16:20 +0800)]
cifsd: fix memleak in ksmbd_vfs_stream_read()
Before ksmbd_vfs_stream_read() return, memory allocate in
ksmbd_vfs_getcasexattr() need be freed.
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com> Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com> Signed-off-by: Steve French <stfrench@microsoft.com>
Yang Yingliang [Sat, 29 May 2021 08:20:56 +0000 (16:20 +0800)]
cifsd: fix memleak in ksmbd_vfs_stream_write()
Before assigning wbuf to stream_buf, memory allocate in
ksmbd_vfs_getcasexattr() need be freed.
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com> Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com> Signed-off-by: Steve French <stfrench@microsoft.com>
Hyunchul Lee [Sat, 29 May 2021 00:59:59 +0000 (09:59 +0900)]
cifsd: make alignment match open parenthesis
checkpatch.pl complains as the following:
Alignment should match open parenthesis.
Signed-off-by: Hyunchul Lee <hyc.lee@gmail.com> Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com> Signed-off-by: Steve French <stfrench@microsoft.com>
Hyunchul Lee [Sat, 29 May 2021 13:46:53 +0000 (22:46 +0900)]
cifsd: enclose macro variables in parenthesis
checkpatch.pl complains as the following:
CHECK: Macro argument 'fp' may be better as '(fp)' to avoid
precedence issues.
Signed-off-by: Hyunchul Lee <hyc.lee@gmail.com> Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com> Signed-off-by: Steve French <stfrench@microsoft.com>
Hyunchul Lee [Wed, 26 May 2021 09:59:06 +0000 (18:59 +0900)]
cifsd: lookup a file with LOOKUP_FOLLOW only if 'follow symlinks = yes'
Some vfs help functions lookup a file with
LOOKUP_FOLLOW regardless of the "follow symlinks"
option.
Signed-off-by: Hyunchul Lee <hyc.lee@gmail.com> Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com> Signed-off-by: Steve French <stfrench@microsoft.com>
Namjae Jeon [Wed, 26 May 2021 07:37:05 +0000 (16:37 +0900)]
cifsd: add the check to prevent potential overflow with smb_strtoUTF16() and UNICODE_LEN()
Add the check to prevent potential overflow with smb_strtoUTF16() and
UNICODE_LEN().
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com> Signed-off-by: Steve French <stfrench@microsoft.com>
Namjae Jeon [Wed, 26 May 2021 07:36:15 +0000 (16:36 +0900)]
cifsd: alignment match open parenthesis
Alignment match open parenthesis.
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com> Signed-off-by: Steve French <stfrench@microsoft.com>
Namjae Jeon [Wed, 26 May 2021 07:34:56 +0000 (16:34 +0900)]
cifsd: return -ENOMEM about error from ksmbd_crypto_ctx_find_xxx calls
Return -ENOMEM about error from ksmbd_crypto_ctx_find_xxx calls.
And remove unneeded return value print in debug message.
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com> Signed-off-by: Steve French <stfrench@microsoft.com>
Namjae Jeon [Wed, 26 May 2021 06:56:18 +0000 (15:56 +0900)]
cifsd: simplify error handling in ksmbd_gen_preauth_integrity_hash()
Simplify error handling in ksmbd_gen_preauth_integrity_hash().
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com> Signed-off-by: Steve French <stfrench@microsoft.com>
Namjae Jeon [Wed, 26 May 2021 06:55:35 +0000 (15:55 +0900)]
cifsd: call kzalloc() directly instead of wrapper
Call kzalloc() directly instead of wrapper function.
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com> Signed-off-by: Steve French <stfrench@microsoft.com>
Namjae Jeon [Wed, 26 May 2021 06:54:25 +0000 (15:54 +0900)]
cifsd: add default case in switch statment in alloc_shash_desc()
Add default case in switch statment in alloc_shash_desc().
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com> Signed-off-by: Steve French <stfrench@microsoft.com>
Namjae Jeon [Wed, 26 May 2021 06:53:26 +0000 (15:53 +0900)]
cifsd: change success handling to failure handling
Change success handling to failure handling in ksmbd_crypt_message().
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com> Signed-off-by: Steve French <stfrench@microsoft.com>
Namjae Jeon [Wed, 26 May 2021 06:35:26 +0000 (15:35 +0900)]
cifsd: fix wrong return value in ksmbd_crypt_message()
Change error return instead of returning always success return.
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com> Signed-off-by: Steve French <stfrench@microsoft.com>
Namjae Jeon [Wed, 26 May 2021 06:34:37 +0000 (15:34 +0900)]
cifsd: remove unneeded initialization of rc variable in ksmbd_crypt_message()
Remove unneeded initialization of rc variable in ksmbd_crypt_message().
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com> Signed-off-by: Steve French <stfrench@microsoft.com>
Namjae Jeon [Wed, 26 May 2021 06:32:26 +0000 (15:32 +0900)]
cifsd: len can never be negative in ksmbd_init_sg()
Dan pointed out len can not be negative.
This patch remove unneeded negative check in loop.
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com> Signed-off-by: Steve French <stfrench@microsoft.com>
Namjae Jeon [Wed, 26 May 2021 06:31:37 +0000 (15:31 +0900)]
cifsd: add the check if nvec is zero
Dan Carpenter pointed out that memory can be corrupted when nvec is zero.
This patch add the check to prevent it.
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com> Signed-off-by: Steve French <stfrench@microsoft.com>
Namjae Jeon [Wed, 26 May 2021 06:30:50 +0000 (15:30 +0900)]
cifsd: never return 1 on failure
Never return 1 on failure.
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com> Signed-off-by: Steve French <stfrench@microsoft.com>
Namjae Jeon [Wed, 26 May 2021 06:30:04 +0000 (15:30 +0900)]
cifsd: return zero in always success case
Return zero in always success case.
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com> Signed-off-by: Steve French <stfrench@microsoft.com>
Namjae Jeon [Wed, 26 May 2021 06:29:24 +0000 (15:29 +0900)]
cifsd: set error return value for memcmp() difference
Set error return value for memcmp() difference.
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com> Signed-off-by: Steve French <stfrench@microsoft.com>
Namjae Jeon [Wed, 26 May 2021 06:28:48 +0000 (15:28 +0900)]
cifsd: remove unneeded type casting
Remove unneeded type casting.
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com> Signed-off-by: Steve French <stfrench@microsoft.com>
Namjae Jeon [Wed, 26 May 2021 06:28:09 +0000 (15:28 +0900)]
cifsd: simplify error handling in ksmbd_auth_ntlm()
simplify error handling in ksmbd_auth_ntlm().
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com> Signed-off-by: Steve French <stfrench@microsoft.com>
Namjae Jeon [Wed, 26 May 2021 06:27:11 +0000 (15:27 +0900)]
cifsd: move ret check before the out label
Move ret check before the out label.
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com> Signed-off-by: Steve French <stfrench@microsoft.com>
Namjae Jeon [Wed, 26 May 2021 06:26:33 +0000 (15:26 +0900)]
cifsd: just return smbhash() instead of using rc return value
Just return smbhash() instead of using rc return value.
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com> Signed-off-by: Steve French <stfrench@microsoft.com>
Namjae Jeon [Wed, 26 May 2021 06:25:40 +0000 (15:25 +0900)]
cifsd: move fips_enabled check before the str_to_key()
Move fips_enabled check before the str_to_key().
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com> Signed-off-by: Steve French <stfrench@microsoft.com>
Namjae Jeon [Wed, 26 May 2021 06:24:39 +0000 (15:24 +0900)]
cifsd: add goto fail in neg_token_init_mech_type()
Add goto fail in neg_token_init_mech_type().
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com> Signed-off-by: Steve French <stfrench@microsoft.com>
Namjae Jeon [Wed, 26 May 2021 06:23:55 +0000 (15:23 +0900)]
cifsd: use memcmp instead of for loop check in oid_eq()
Use memcmp instead of for loop check in oid_eq().
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com> Signed-off-by: Steve French <stfrench@microsoft.com>
Namjae Jeon [Wed, 26 May 2021 06:22:37 +0000 (15:22 +0900)]
cifsd: add goto fail in asn1_oid_decode()
Add goto fail in asn1_oid_decode() to clean-up exception handling code.
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com> Signed-off-by: Steve French <stfrench@microsoft.com>
Wei Yongjun [Thu, 20 May 2021 13:42:11 +0000 (13:42 +0000)]
cifsd: fix build error without CONFIG_OID_REGISTRY
Fix build error when CONFIG_OID_REGISTRY is not set:
mips-linux-gnu-ld: fs/cifsd/asn1.o: in function `gssapi_this_mech':
asn1.c:(.text+0xaa0): undefined reference to `sprint_oid'
mips-linux-gnu-ld: fs/cifsd/asn1.o: in function `neg_token_init_mech_type':
asn1.c:(.text+0xbec): undefined reference to `sprint_oid'
Reported-by: Hulk Robot <hulkci@huawei.com> Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com> Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com> Signed-off-by: Steve French <stfrench@microsoft.com>
Namjae Jeon [Tue, 18 May 2021 01:37:59 +0000 (10:37 +0900)]
cifsd: add support for FSCTL_DUPLICATE_EXTENTS_TO_FILE
Add support for FSCTL_DUPLICATE_EXTENTS_TO_FILE in smb2 ioctl.
Reviewed-by: Hyunchul Lee <hyc.lee@gmail.com> Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com> Signed-off-by: Steve French <stfrench@microsoft.com>
Returning TreeID=0 is valid behaviour according to [MS-SMB2] 2.2.1.2:
TreeId (4 bytes): Uniquely identifies the tree connect for the command.
This MUST be 0 for the SMB2 TREE_CONNECT Request. The TreeId can be
any unsigned 32-bit integer that is received from a previous
SMB2 TREE_CONNECT Response. TreeId SHOULD be set to 0 for the
following commands:
[...]
However, some client implementations reject it as invalid. Windows10
assigns ids starting from 1, and samba4 returns a random uint32_t
which suggests there may be other clients that consider it is
invalid behaviour.
Signed-off-by: Marios Makassikis <mmakassikis@freebox.fr> Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com> Signed-off-by: Steve French <stfrench@microsoft.com>
Namjae Jeon [Fri, 14 May 2021 03:20:07 +0000 (12:20 +0900)]
cifsd: fix xfstests generic/504 test failure
If lock length in smb2 lock request from client is over
flock max length size, lock length is changed to flock max length
and don't return error response.
Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com> Signed-off-by: Steve French <stfrench@microsoft.com>
fs/cifsd/smb2pdu.c:8098:8-9: WARNING: return of 0/1 in function
'smb2_is_sign_req' with return type bool
Return statements in functions returning bool should use true/false
instead of 1/0.
Generated by: scripts/coccinelle/misc/boolreturn.cocci
Reported-by: kernel test robot <lkp@intel.com> Signed-off-by: kernel test robot <lkp@intel.com> Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com> Signed-off-by: Steve French <stfrench@microsoft.com>
Hyunchul Lee [Mon, 19 Apr 2021 08:26:15 +0000 (17:26 +0900)]
cifsd: decoding gss token using lib/asn1_decoder.c
Decode gss token of SMB2_SESSSION_SETUP using
lib/asn1_decoder.c
Signed-off-by: Hyunchul Lee <hyc.lee@gmail.com> Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com> Signed-off-by: Steve French <stfrench@microsoft.com>
Namjae Jeon [Thu, 6 May 2021 02:43:37 +0000 (11:43 +0900)]
cifsd: add support for AES256 encryption
Now that 256 bit encryption can be negotiated, update
names of the nonces to match the updated official protocol
documentation (e.g. AES_GCM_NONCE instead of AES_128GCM_NONCE)
since they apply to both 128 bit and 256 bit encryption.
update smb encryption code to set 32 byte key length and to
set gcm256/ccm256 when requested on mount.
Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com> Signed-off-by: Steve French <stfrench@microsoft.com>
cifsd: Fix potential null-ptr-deref in destroy_previous_session()
The user field in the session structure is allocated when the client is
authenticated. If the client explicitly logs off, the user field is freed,
but the session is kept around in case the user reconnects. If the TCP
connection hasn't been closed and the client sends a session setup with
a PreviousSessionId set, destroy_previous_session() will be called to
check if the session needs to be cleaned up.
Signed-off-by: Marios Makassikis <mmakassikis@freebox.fr> Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com> Signed-off-by: Steve French <stfrench@microsoft.com>
cifsd: Update out_buf_len in smb2_populate_readdir_entry()
When processing a SMB2 QUERY_DIRECTORY request,
smb2_populate_readdir_entry() is called first to fill the dot/dotdot
entries. This moves the d_info->wptr pointer but out_buf_len remains
unchanged. As a result, reserve_populate_dentry() may end up writing
past the end of the buffer since the bounds checking is done on
invalid values.
Signed-off-by: Marios Makassikis <mmakassikis@freebox.fr> Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com> Signed-off-by: Steve French <stfrench@microsoft.com>
cifsd: Handle ksmbd_session_rpc_open() failure in create_smb2_pipe()
Currently, a SMB2 client does not receive an error message if
ksmbd_session_rpc_open() fails when opening a pipe.
Fix this by responding with STATUS_NO_MEMORY or STATUS_INVALID_PARAMETER
depending on the error that occurred.
Signed-off-by: Marios Makassikis <mmakassikis@freebox.fr> Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com> Signed-off-by: Steve French <stfrench@microsoft.com>
a Windows 10 client isn't able to store files from ksmbd servers due
unknown local permission problems (code 0x8007003A) if smb3 encryption
is enabled. Windows 10 is requesting for ATTRIBUTE_SECINFO (mask 0x20)
which is not yet handled by ksmbd, this leads to a invalid response.
For now we just reintroduce the old check to avoid processing of unhandled
flags until ATTRIBUTE_SECINFO is properly handled.
Signed-off-by: Sebastian Gottschall <s.gottschall@dd-wrt.com> Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com> Signed-off-by: Steve French <stfrench@microsoft.com>