summaryrefslogtreecommitdiffstats
path: root/fs
Commit message (Collapse)AuthorAgeFilesLines
* Merge branch 'for-linus' of ↵Linus Torvalds2010-10-295-12/+55
|\ | | | | | | | | | | | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/ecryptfs/ecryptfs-2.6 * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ecryptfs/ecryptfs-2.6: eCryptfs: Print mount_auth_tok_only param in ecryptfs_show_options ecryptfs: added ecryptfs_mount_auth_tok_only mount parameter ecryptfs: checking return code of ecryptfs_find_auth_tok_for_sig() ecryptfs: release keys loaded in ecryptfs_keyring_auth_tok_for_sig() eCryptfs: Clear LOOKUP_OPEN flag when creating lower file ecryptfs: call vfs_setxattr() in ecryptfs_setxattr()
| * eCryptfs: Print mount_auth_tok_only param in ecryptfs_show_optionsTyler Hicks2010-10-291-0/+2
| | | | | | | | | | | | | | When printing mount options, print the new ecryptfs_mount_auth_tok_only mount option. Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
| * ecryptfs: added ecryptfs_mount_auth_tok_only mount parameterRoberto Sassu2010-10-293-1/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch adds a new mount parameter 'ecryptfs_mount_auth_tok_only' to force ecryptfs to use only authentication tokens which signature has been specified at mount time with parameters 'ecryptfs_sig' and 'ecryptfs_fnek_sig'. In this way, after disabling the passthrough and the encrypted view modes, it's possible to make available to users only files encrypted with the specified authentication token. Signed-off-by: Roberto Sassu <roberto.sassu@polito.it> Cc: Dustin Kirkland <kirkland@canonical.com> Cc: James Morris <jmorris@namei.org> [Tyler: Clean up coding style errors found by checkpatch] Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
| * ecryptfs: checking return code of ecryptfs_find_auth_tok_for_sig()Roberto Sassu2010-10-291-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | This patch replaces the check of the 'matching_auth_tok' pointer with the exit status of ecryptfs_find_auth_tok_for_sig(). This avoids to use authentication tokens obtained through the function ecryptfs_keyring_auth_tok_for_sig which are not valid. Signed-off-by: Roberto Sassu <roberto.sassu@polito.it> Cc: Dustin Kirkland <kirkland@canonical.com> Cc: James Morris <jmorris@namei.org> Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
| * ecryptfs: release keys loaded in ecryptfs_keyring_auth_tok_for_sig()Roberto Sassu2010-10-291-6/+28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch allows keys requested in the function ecryptfs_keyring_auth_tok_for_sig()to be released when they are no longer required. In particular keys are directly released in the same function if the obtained authentication token is not valid. Further, a new function parameter 'auth_tok_key' has been added to ecryptfs_find_auth_tok_for_sig() in order to provide callers the key pointer to be passed to key_put(). Signed-off-by: Roberto Sassu <roberto.sassu@polito.it> Cc: Dustin Kirkland <kirkland@canonical.com> Cc: James Morris <jmorris@namei.org> [Tyler: Initialize auth_tok_key to NULL in ecryptfs_parse_packet_set] Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
| * eCryptfs: Clear LOOKUP_OPEN flag when creating lower fileTyler Hicks2010-10-291-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | eCryptfs was passing the LOOKUP_OPEN flag through to the lower file system, even though ecryptfs_create() doesn't support the flag. A valid filp for the lower filesystem could be returned in the nameidata if the lower file system's create() function supported LOOKUP_OPEN, possibly resulting in unencrypted writes to the lower file. However, this is only a potential problem in filesystems (FUSE, NFS, CIFS, CEPH, 9p) that eCryptfs isn't known to support today. https://bugs.launchpad.net/ecryptfs/+bug/641703 Reported-by: Kevin Buhr Cc: stable <stable@kernel.org> Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
| * ecryptfs: call vfs_setxattr() in ecryptfs_setxattr()Roberto Sassu2010-10-291-4/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Ecryptfs is a stackable filesystem which relies on lower filesystems the ability of setting/getting extended attributes. If there is a security module enabled on the system it updates the 'security' field of inodes according to the owned extended attribute set with the function vfs_setxattr(). When this function is performed on a ecryptfs filesystem the 'security' field is not updated for the lower filesystem since the call security_inode_post_setxattr() is missing for the lower inode. Further, the call security_inode_setxattr() is missing for the lower inode, leading to policy violations in the security module because specific checks for this hook are not performed (i. e. filesystem 'associate' permission on SELinux is not checked for the lower filesystem). This patch replaces the call of the setxattr() method of the lower inode in the function ecryptfs_setxattr() with vfs_setxattr(). Signed-off-by: Roberto Sassu <roberto.sassu@polito.it> Cc: stable <stable@kernel.org> Cc: Dustin Kirkland <kirkland@canonical.com> Acked-by: James Morris <jmorris@namei.org> Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
* | Merge git://git.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6Linus Torvalds2010-10-2914-290/+526
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * git://git.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6: cifs: Cleanup and thus reduce smb session structure and fields used during authentication NTLM auth and sign - Use appropriate server challenge cifs: add kfree() on error path NTLM auth and sign - minor error corrections and cleanup NTLM auth and sign - Use kernel crypto apis to calculate hashes and smb signatures NTLM auth and sign - Define crypto hash functions and create and send keys needed for key exchange cifs: cifs_convert_address() returns zero on error NTLM auth and sign - Allocate session key/client response dynamically cifs: update comments - [s/GlobalSMBSesLock/cifs_file_list_lock/g] cifs: eliminate cifsInodeInfo->write_behind_rc (try #6) [CIFS] Fix checkpatch warnings and bump cifs version number cifs: wait for writeback to complete in cifs_flush cifs: convert cifsFileInfo->count to non-atomic counter
| * | cifs: Cleanup and thus reduce smb session structure and fields used during ↵Shirish Pargaonkar2010-10-294-47/+55
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | authentication Removed following fields from smb session structure cryptkey, ntlmv2_hash, tilen, tiblob and ntlmssp_auth structure is allocated dynamically only if the auth mech in NTLMSSP. response field within a session_key structure is used to initially store the target info (either plucked from type 2 challenge packet in case of NTLMSSP or fabricated in case of NTLMv2 without extended security) and then to store Message Authentication Key (mak) (session key + client response). Server challenge or cryptkey needed during a NTLMSSP authentication is now part of ntlmssp_auth structure which gets allocated and freed once authenticaiton process is done. Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
| * | NTLM auth and sign - Use appropriate server challengeShirish Pargaonkar2010-10-295-12/+21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Need to have cryptkey or server challenge in smb connection (struct TCP_Server_Info) for ntlm and ntlmv2 auth types for which cryptkey (Encryption Key) is supplied just once in Negotiate Protocol response during an smb connection setup for all the smb sessions over that smb connection. For ntlmssp, cryptkey or server challenge is provided for every smb session in type 2 packet of ntlmssp negotiation, the cryptkey provided during Negotiation Protocol response before smb connection does not count. Rename cryptKey to cryptkey and related changes. Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
| * | cifs: add kfree() on error pathDan Carpenter2010-10-281-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | We leak 256 bytes here on this error path. Signed-off-by: Dan Carpenter <error27@gmail.com> Acked-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
| * | NTLM auth and sign - minor error corrections and cleanupShirish Pargaonkar2010-10-274-15/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Minor cleanup - Fix spelling mistake, make meaningful (goto) label In function setup_ntlmv2_rsp(), do not return 0 and leak memory, let the tiblob get freed. For function find_domain_name(), pass already available nls table pointer instead of loading and unloading the table again in this function. For ntlmv2, the case sensitive password length is the length of the response, so subtract session key length (16 bytes) from the .len. Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
| * | NTLM auth and sign - Use kernel crypto apis to calculate hashes and smb ↵Shirish Pargaonkar2010-10-262-60/+136
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | signatures Use kernel crypto sync hash apis insetead of cifs crypto functions. The calls typically corrospond one to one except that insead of key init, setkey is used. Use crypto apis to generate smb signagtures also. Use hmac-md5 to genereate ntlmv2 hash, ntlmv2 response, and HMAC (CR1 of ntlmv2 auth blob. User crypto apis to genereate signature and to verify signature. md5 hash is used to calculate signature. Use secondary key to calculate signature in case of ntlmssp. For ntlmv2 within ntlmssp, during signature calculation, only 16 bytes key (a nonce) stored within session key is used. during smb signature calculation. For ntlm and ntlmv2 without extended security, 16 bytes key as well as entire response (24 bytes in case of ntlm and variable length in case of ntlmv2) is used for smb signature calculation. For kerberos, there is no distinction between key and response. Acked-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
| * | NTLM auth and sign - Define crypto hash functions and create and send keys ↵Shirish Pargaonkar2010-10-267-10/+184
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | needed for key exchange Mark dependency on crypto modules in Kconfig. Defining per structures sdesc and cifs_secmech which are used to store crypto hash functions and contexts. They are stored per smb connection and used for all auth mechs to genereate hash values and signatures. Allocate crypto hashing functions, security descriptiors, and respective contexts when a smb/tcp connection is established. Release them when a tcp/smb connection is taken down. md5 and hmac-md5 are two crypto hashing functions that are used throught the life of an smb/tcp connection by various functions that calcualte signagure and ntlmv2 hash, HMAC etc. structure ntlmssp_auth is defined as per smb connection. ntlmssp_auth holds ciphertext which is genereated by rc4/arc4 encryption of secondary key, a nonce using ntlmv2 session key and sent in the session key field of the type 3 message sent by the client during ntlmssp negotiation/exchange A key is exchanged with the server if client indicates so in flags in type 1 messsage and server agrees in flag in type 2 message of ntlmssp negotiation. If both client and agree, a key sent by client in type 3 message of ntlmssp negotiation in the session key field. The key is a ciphertext generated off of secondary key, a nonce, using ntlmv2 hash via rc4/arc4. Signing works for ntlmssp in this patch. The sequence number within the server structure needs to be zero until session is established i.e. till type 3 packet of ntlmssp exchange of a to be very first smb session on that smb connection is sent. Acked-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
| * | cifs: cifs_convert_address() returns zero on errorDan Carpenter2010-10-261-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The cifs_convert_address() returns zero on error but this caller is testing for negative returns. Btw. "i" is unsigned here, so it's never negative. Reviewed-by: Jeff Layton <jlayton@samba.org> Signed-off-by: Dan Carpenter <error27@gmail.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
| * | NTLM auth and sign - Allocate session key/client response dynamicallyShirish Pargaonkar2010-10-267-137/+134
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Start calculating auth response within a session. Move/Add pertinet data structures like session key, server challenge and ntlmv2_hash in a session structure. We should do the calculations within a session before copying session key and response over to server data structures because a session setup can fail. Only after a very first smb session succeeds, it copy/make its session key, session key of smb connection. This key stays with the smb connection throughout its life. sequence_number within server is set to 0x2. The authentication Message Authentication Key (mak) which consists of session key followed by client response within structure session_key is now dynamic. Every authentication type allocates the key + response sized memory within its session structure and later either assigns or frees it once the client response is sent and if session's session key becomes connetion's session key. ntlm/ntlmi authentication functions are rearranged. A function named setup_ntlm_resp(), similar to setup_ntlmv2_resp(), replaces function cifs_calculate_session_key(). size of CIFS_SESS_KEY_SIZE is changed to 16, to reflect the byte size of the key it holds. Reviewed-by: Jeff Layton <jlayton@samba.org> Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
| * | cifs: update comments - [s/GlobalSMBSesLock/cifs_file_list_lock/g]Suresh Jayaraman2010-10-253-3/+3
| | | | | | | | | | | | | | | | | | | | | GlobalSMBSesLock is now cifs_file_list_lock. Update comments to reflect this. Signed-off-by: Suresh Jayaraman <sjayaraman@suse.de> Signed-off-by: Steve French <sfrench@us.ibm.com>
| * | cifs: eliminate cifsInodeInfo->write_behind_rc (try #6)Jeff Layton2010-10-254-39/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | write_behind_rc is redundant and just adds complexity to the code. What we really want to do instead is to use mapping_set_error to reset the flags on the mapping when we find a writeback error and can't report it to userspace yet. For cifs_flush and cifs_fsync, we shouldn't reset the flags since errors returned there do get reported to userspace. Signed-off-by: Jeff Layton <jlayton@redhat.com> Reviewed-by: Suresh Jayaraman <sjayaraman@suse.de> Reviewed-by: Dave Kleikamp <shaggy@linux.vnet.ibm.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
| * | [CIFS] Fix checkpatch warnings and bump cifs version numberSteve French2010-10-252-3/+3
| | | | | | | | | | | | Signed-off-by: Steve French <sfrench@us.ibm.com>
| * | cifs: wait for writeback to complete in cifs_flushJeff Layton2010-10-251-14/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The f_op->flush operation is the last chance to return a writeback related error when closing a file. Ensure that we don't miss reporting any errors by waiting for writeback to complete in cifs_flush before proceeding. There's no reason to do this when the file isn't open for write however. Signed-off-by: Jeff Layton <jlayton@redhat.com> Reviewed-by: Suresh Jayaraman <sjayaraman@suse.de> Reviewed-by: David Kleikamp <shaggy@linux.vnet.ibm.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
| * | cifs: convert cifsFileInfo->count to non-atomic counterJeff Layton2010-10-252-6/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The count for cifsFileInfo is currently an atomic, but that just adds complexity for little value. We generally need to hold cifs_file_list_lock to traverse the lists anyway so we might as well make this counter non-atomic and simply use the cifs_file_list_lock to protect it. Signed-off-by: Jeff Layton <jlayton@redhat.com> Reviewed-by: Suresh Jayaraman <sjayaraman@suse.de> Signed-off-by: Steve French <sfrench@us.ibm.com>
* | | readv/writev: do the same MAX_RW_COUNT truncation that read/write doesLinus Torvalds2010-10-292-35/+39
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We used to protect against overflow, but rather than return an error, do what read/write does, namely to limit the total size to MAX_RW_COUNT. This is not only more consistent, but it also means that any broken low-level read/write routine that still keeps counts in 'int' can't break. Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* | | Merge git://git.kernel.org/pub/scm/linux/kernel/git/pkl/squashfs-linusLinus Torvalds2010-10-293-6/+8
|\ \ \ | | | | | | | | | | | | | | | | | | | | * git://git.kernel.org/pub/scm/linux/kernel/git/pkl/squashfs-linus: Squashfs: fix function prototype Squashfs: fix use of __le64 annotated variable
| * | | Squashfs: fix function prototypePhillip Lougher2010-10-282-2/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The fourth argument should be unsigned. Also add missing include so that the function prototype is defined in xattr_id.c This fixes a couple of sparse warnings. Signed-off-by: Phillip Lougher <phillip@lougher.demon.co.uk>
| * | | Squashfs: fix use of __le64 annotated variablePhillip Lougher2010-10-281-4/+5
| | |/ | |/| | | | | | | | | | | | | This fixes a sparse with endian checking warning. Signed-off-by: Phillip Lougher <phillip@lougher.demon.co.uk>
* | | braino in internal.hAl Viro2010-10-291-1/+1
| | | | | | | | | | | | | | | | | | wrong return type... Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* | | convert simple cases of nfs-related ->get_sb() to ->mount()Al Viro2010-10-291-50/+46
| | | | | | | | | | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* | | convert btrfsAl Viro2010-10-291-9/+6
| | | | | | | | | | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* | | convert cephAl Viro2010-10-291-23/+27
| | | | | | | | | | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* | | convert gfs2Al Viro2010-10-291-29/+22
| | | | | | | | | | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* | | convert afsAl Viro2010-10-291-12/+7
| | | | | | | | | | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* | | convert ecryptfsAl Viro2010-10-291-7/+5
| | | | | | | | | | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* | | convert sysfsAl Viro2010-10-291-19/+13
| | | | | | | | | | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* | | switch get_sb_ns() usersAl Viro2010-10-291-8/+6
| | | | | | | | | | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* | | switch procfs to ->mount()Al Viro2010-10-291-7/+6
| | | | | | | | | | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* | | setting ->proc_mnt doesn't belong in proc_get_sb()Al Viro2010-10-291-1/+2
| | | | | | | | | | | | | | | | | | take that to kern_mount_data()-using callers Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* | | convert cifsAl Viro2010-10-291-8/+7
| | | | | | | | | | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* | | convert nilfsAl Viro2010-10-291-9/+7
| | | | | | | | | | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* | | switch logfs to ->mount()Al Viro2010-10-292-27/+23
| | | | | | | | | | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* | | logfs: fix a leak in get_sbAl Viro2010-10-294-7/+8
| | | | | | | | | | | | | | | | | | | | | a) switch ->put_device() to logfs_super * b) actually call it on early failures in logfs_get_sb_device() Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* | | logfs get_sb, part 3Al Viro2010-10-294-39/+29
| | | | | | | | | | | | | | | | | | take logfs_get_sb_device() calls to logfs_get_sb() itself Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* | | logfs get_sb, part 2Al Viro2010-10-294-14/+13
| | | | | | | | | | | | | | | | | | | | | take setting s_bdev/s_mtd/s_devops to callers of logfs_get_sb_device(), don't bother passing them separately Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* | | logfs get_sb massage, part 1Al Viro2010-10-294-21/+39
| | | | | | | | | | | | | | | | | | | | | move allocation of logfs_super to logfs_get_sb, pass it to logfs_get_sb_...(). Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* | | convert v9fsAl Viro2010-10-291-12/+10
| | | | | | | | | | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* | | convert ubifsAl Viro2010-10-291-7/+6
| | | | | | | | | | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* | | convert get_sb_pseudo() usersAl Viro2010-10-294-23/+18
| | | | | | | | | | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* | | convert get_sb_nodev() usersAl Viro2010-10-2911-53/+65
| | | | | | | | | | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* | | convert get_sb_single() usersAl Viro2010-10-298-49/+58
| | | | | | | | | | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* | | convert get_sb_mtd() users to ->mount()Al Viro2010-10-292-14/+12
| | | | | | | | | | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* | | new helper: mount_bdev()Al Viro2010-10-2930-161/+147
| | | | | | | | | | | | | | | | | | ... and switch of the obvious get_sb_bdev() users to ->mount() Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
OpenPOWER on IntegriCloud