From a001e5b558f25eb1e588522d73ac949b643b7a37 Mon Sep 17 00:00:00 2001 From: David Howells Date: Fri, 14 Nov 2008 10:38:47 +1100 Subject: CRED: Wrap task credential accesses in the CIFS filesystem Wrap access to task credentials so that they can be separated more easily from the task_struct during the introduction of COW creds. Change most current->(|e|s|fs)[ug]id to current_(|e|s|fs)[ug]id(). Change some task->e?[ug]id to task_e?[ug]id(). In some places it makes more sense to use RCU directly rather than a convenient wrapper; these will be addressed by later patches. Signed-off-by: David Howells Reviewed-by: James Morris Acked-by: Serge Hallyn Cc: Steve French Cc: linux-cifs-client@lists.samba.org Signed-off-by: James Morris --- fs/cifs/misc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'fs/cifs/misc.c') diff --git a/fs/cifs/misc.c b/fs/cifs/misc.c index 88786ba02d2..ec36410a912 100644 --- a/fs/cifs/misc.c +++ b/fs/cifs/misc.c @@ -347,13 +347,13 @@ header_assemble(struct smb_hdr *buffer, char smb_command /* command */ , /* BB Add support for establishing new tCon and SMB Session */ /* with userid/password pairs found on the smb session */ /* for other target tcp/ip addresses BB */ - if (current->fsuid != treeCon->ses->linux_uid) { + if (current_fsuid() != treeCon->ses->linux_uid) { cFYI(1, ("Multiuser mode and UID " "did not match tcon uid")); read_lock(&GlobalSMBSeslock); list_for_each(temp_item, &GlobalSMBSessionList) { ses = list_entry(temp_item, struct cifsSesInfo, cifsSessionList); - if (ses->linux_uid == current->fsuid) { + if (ses->linux_uid == current_fsuid()) { if (ses->server == treeCon->ses->server) { cFYI(1, ("found matching uid substitute right smb_uid")); buffer->Uid = ses->Suid; -- cgit v1.2.3-70-g09d2 From 55162dec9371a6f6ac63ff546c182cc6144a649e Mon Sep 17 00:00:00 2001 From: Jeff Layton Date: Fri, 5 Dec 2008 20:41:21 -0500 Subject: cifs: zero out session password before freeing it cifs: zero out session password before freeing it ...just to be on the safe side. Signed-off-by: Jeff Layton Signed-off-by: Steve French --- fs/cifs/misc.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'fs/cifs/misc.c') diff --git a/fs/cifs/misc.c b/fs/cifs/misc.c index 9ee3f689c2b..7c3f4b9230d 100644 --- a/fs/cifs/misc.c +++ b/fs/cifs/misc.c @@ -97,7 +97,10 @@ sesInfoFree(struct cifsSesInfo *buf_to_free) kfree(buf_to_free->serverOS); kfree(buf_to_free->serverDomain); kfree(buf_to_free->serverNOS); - kfree(buf_to_free->password); + if (buf_to_free->password) { + memset(buf_to_free->password, 0, strlen(buf_to_free->password)); + kfree(buf_to_free->password); + } kfree(buf_to_free->domainName); kfree(buf_to_free); } -- cgit v1.2.3-70-g09d2 From 00e485b0198ea4f509341373f1d9adb0a5977a2f Mon Sep 17 00:00:00 2001 From: Jeff Layton Date: Fri, 5 Dec 2008 20:41:21 -0500 Subject: cifs: store password in tcon cifs: store password in tcon Each tcon has its own password for share-level security. Store it in the tcon and wipe it clean and free it when freeing the tcon. When doing the tree connect with share-level security, use the tcon password instead of the session password. Signed-off-by: Jeff Layton Signed-off-by: Steve French --- fs/cifs/cifsglob.h | 1 + fs/cifs/connect.c | 25 ++++++++++++++++++------- fs/cifs/misc.c | 4 ++++ 3 files changed, 23 insertions(+), 7 deletions(-) (limited to 'fs/cifs/misc.c') diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h index 0fb934d3623..94c1ca0ec95 100644 --- a/fs/cifs/cifsglob.h +++ b/fs/cifs/cifsglob.h @@ -242,6 +242,7 @@ struct cifsTconInfo { struct cifsSesInfo *ses; /* pointer to session associated with */ char treeName[MAX_TREE_SIZE + 1]; /* UNC name of resource in ASCII */ char *nativeFileSystem; + char *password; /* for share-level security */ __u16 tid; /* The 2 byte tree id */ __u16 Flags; /* optional support bits */ enum statusEnum tidStatus; diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c index 3a84a375cb6..3caadf12d76 100644 --- a/fs/cifs/connect.c +++ b/fs/cifs/connect.c @@ -2282,9 +2282,12 @@ cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb, /* volume_info->password freed at unmount */ if (volume_info->password) { - pSesInfo->password = volume_info->password; - /* set to NULL to prevent freeing on exit */ - volume_info->password = NULL; + pSesInfo->password = kstrdup(volume_info->password, + GFP_KERNEL); + if (!pSesInfo->password) { + rc = -ENOMEM; + goto mount_fail_check; + } } if (volume_info->username) strncpy(pSesInfo->userName, volume_info->username, @@ -2324,7 +2327,16 @@ cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb, rc = -ENOMEM; goto mount_fail_check; } + tcon->ses = pSesInfo; + if (volume_info->password) { + tcon->password = kstrdup(volume_info->password, + GFP_KERNEL); + if (!tcon->password) { + rc = -ENOMEM; + goto mount_fail_check; + } + } /* check for null share name ie connect to dfs root */ if ((strchr(volume_info->UNC + 3, '\\') == NULL) @@ -3532,15 +3544,14 @@ CIFSTCon(unsigned int xid, struct cifsSesInfo *ses, NTLMv2 password here) */ #ifdef CONFIG_CIFS_WEAK_PW_HASH if ((extended_security & CIFSSEC_MAY_LANMAN) && - (ses->server->secType == LANMAN)) - calc_lanman_hash(ses->password, ses->server->cryptKey, + (ses->server->secType == LANMAN)) + calc_lanman_hash(tcon->password, ses->server->cryptKey, ses->server->secMode & SECMODE_PW_ENCRYPT ? true : false, bcc_ptr); else #endif /* CIFS_WEAK_PW_HASH */ - SMBNTencrypt(ses->password, - ses->server->cryptKey, + SMBNTencrypt(tcon->password, ses->server->cryptKey, bcc_ptr); bcc_ptr += CIFS_SESS_KEY_SIZE; diff --git a/fs/cifs/misc.c b/fs/cifs/misc.c index 7c3f4b9230d..a0513605d7e 100644 --- a/fs/cifs/misc.c +++ b/fs/cifs/misc.c @@ -132,6 +132,10 @@ tconInfoFree(struct cifsTconInfo *buf_to_free) } atomic_dec(&tconInfoAllocCount); kfree(buf_to_free->nativeFileSystem); + if (buf_to_free->password) { + memset(buf_to_free->password, 0, strlen(buf_to_free->password)); + kfree(buf_to_free->password); + } kfree(buf_to_free); } -- cgit v1.2.3-70-g09d2