summaryrefslogtreecommitdiffstats
path: root/fs/cifs/cifsglob.h (follow)
Commit message (Collapse)AuthorAgeFilesLines
* cifs: propagate umode_tAl Viro2012-01-041-2/+2
| | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* CIFS: Implement caching mechanism for mandatory brlocksPavel Shilovsky2011-10-241-0/+2
| | | | | | | | | If we have an oplock and negotiate mandatory locking style we handle all brlock requests on the client. Signed-off-by: Pavel Shilovsky <piastry@etersoft.ru> Acked-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <smfrench@gmail.com>
* cifs: add a callback function to receive the rest of the frameJeff Layton2011-10-191-3/+20
| | | | | | | | | | | | | | | In order to handle larger SMBs for readpages and other calls, we want to be able to read into a preallocated set of buffers. Rather than changing all of the existing code to preallocate buffers however, we instead add a receive callback function to the MID. cifsd will call this function once the mid_q_entry has been identified in order to receive the rest of the SMB. If the mid can't be identified or the receive pointer is unset, then the standard 3rd phase receive function will be called. Reviewed-and-Tested-by: Pavel Shilovsky <piastry@etersoft.ru> Signed-off-by: Jeff Layton <jlayton@redhat.com>
* cifs: move buffer pointers into TCP_Server_InfoJeff Layton2011-10-191-0/+4
| | | | | | | | | We have several functions that need to access these pointers. Currently that's done with a lot of double pointer passing. Instead, move them into the TCP_Server_Info and simplify the handling. Reviewed-and-Tested-by: Pavel Shilovsky <piastry@etersoft.ru> Signed-off-by: Jeff Layton <jlayton@redhat.com>
* cifs: keep a reusable kvec array for receivesJeff Layton2011-10-191-0/+2
| | | | | | | | Having to continually allocate a new kvec array is expensive. Allocate one that's big enough, and only reallocate it as needed. Reviewed-and-Tested-by: Pavel Shilovsky <piastry@etersoft.ru> Signed-off-by: Jeff Layton <jlayton@redhat.com>
* CIFS: Move byte range lock list from fd to inodePavel Shilovsky2011-10-141-3/+4
| | | | | | | that let us do local lock checks before requesting to the server. Signed-off-by: Pavel Shilovsky <piastry@etersoft.ru> Signed-off-by: Steve French <smfrench@gmail.com>
* CIFS: Simplify byte range locking codePavel Shilovsky2011-10-141-0/+1
| | | | | | | | Split cifs_lock into several functions and let CIFSSMBLock get pid as an argument. Signed-off-by: Pavel Shilovsky <piastry@etersoft.ru> Signed-off-by: Steve French <smfrench@gmail.com>
* cifs: Add data structures and functions for uid/gid to SID mapping (try #4)Shirish Pargaonkar2011-10-131-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add data structures and functions necessary to map a uid and gid to SID. These functions are very similar to the ones used to map a SID to uid and gid. This time, instead of storing sid to id mapping sorted on a sid value, id to sid is stored, sorted on an id. A cifs upcall sends an id (uid or gid) and expects a SID structure in return, if mapping was done successfully. A failed id to sid mapping to EINVAL. This patchset aims to enable chown and chgrp commands when cifsacl mount option is specified, especially to Windows SMB servers. Currently we can't do that. So now along with chmod command, chown and chgrp work. Winbind is used to map id to a SID. chown and chgrp use an upcall to provide an id to winbind and upcall returns with corrosponding SID if any exists. That SID is used to build security descriptor. The DACL part of a security descriptor is not changed by either chown or chgrp functionality. cifs client maintains a separate caches for uid to SID and gid to SID mapping. This is similar to the one used earlier to map SID to id (as part of ID mapping code). I tested it by mounting shares from a Windows (2003) server by authenticating as two users, one at a time, as Administrator and as a ordinary user. And then attempting to change owner of a file on the share. Depending on the permissions/privileges at the server for that file, chown request fails to either open a file (to change the ownership) or to set security descriptor. So it all depends on privileges on the file at the server and what user you are authenticated as at the server, cifs client is just a conduit. I compared the security descriptor during chown command to that what smbcacls sends when it is used with -M OWNNER: option and they are similar. This patchset aim to enable chown and chgrp commands when cifsacl mount option is specified, especially to Windows SMB servers. Currently we can't do that. So now along with chmod command, chown and chgrp work. I tested it by mounting shares from a Windows (2003) server by authenticating as two users, one at a time, as Administrator and as a ordinary user. And then attempting to change owner of a file on the share. Depending on the permissions/privileges at the server for that file, chown request fails to either open a file (to change the ownership) or to set security descriptor. So it all depends on privileges on the file at the server and what user you are authenticated as at the server, cifs client is just a conduit. Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com> Signed-off-by: Steve French <smfrench@gmail.com>
* cifs: Add mount options for backup intent (try #6)Shirish Pargaonkar2011-10-131-1/+6
| | | | | | | | | | | | | | | | | | | | | | | | Add mount options backupuid and backugid. It allows an authenticated user to access files with the intent to back them up including their ACLs, who may not have access permission but has "Backup files and directories user right" on them (by virtue of being part of the built-in group Backup Operators. When mount options backupuid is specified, cifs client restricts the use of backup intents to the user whose effective user id is specified along with the mount option. When mount options backupgid is specified, cifs client restricts the use of backup intents to the users whose effective user id belongs to the group id specified along with the mount option. If an authenticated user is not part of the built-in group Backup Operators at the server, access to such files is denied, even if allowed by the client. Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com> Reviewed-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <smfrench@gmail.com>
* add new module parameter 'enable_oplocks'Steve French2011-10-131-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Thus spake Jeff Layton: "Making that a module parm would allow you to set that parameter at boot time without needing to add special startup scripts. IMO, all of the procfile "switches" under /proc/fs/cifs should be module parms instead." This patch doesn't alter the default behavior (Oplocks are enabled by default). To disable oplocks when loading the module, use modprobe cifs enable_oplocks=0 (any of '0' or 'n' or 'N' conventions can be used). To disable oplocks at runtime using the new interface, use echo 0 > /sys/module/cifs/parameters/enable_oplocks The older /proc/fs/cifs/OplockEnabled interface will be deprecated after two releases. A subsequent patch will add an warning message about this deprecation. Changes since v2: - make enable_oplocks a 'bool' Changes since v1: - eliminate the use of extra variable by renaming the old one to enable_oplocks and make it an 'int' type. Reported-by: Alexander Swen <alex@swen.nu> Reviewed-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Suresh Jayaraman <sjayaraman@suse.de> Signed-off-by: Steve French <smfrench@gmail.com>
* [CIFS] Cleanup use of CONFIG_CIFS_STATS2 ifdef to make transport routines ↵Steve French2011-08-111-7/+49
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | more readable Christoph had requested that the stats related code (in CONFIG_CIFS_STATS2) be moved into helpers to make code flow more readable. This patch should help. For example the following section from transport.c spin_unlock(&GlobalMid_Lock); atomic_inc(&ses->server->num_waiters); wait_event(ses->server->request_q, atomic_read(&ses->server->inFlight) < cifs_max_pending); atomic_dec(&ses->server->num_waiters); spin_lock(&GlobalMid_Lock); becomes simpler (with the patch below): spin_unlock(&GlobalMid_Lock); cifs_num_waiters_inc(server); wait_event(server->request_q, atomic_read(&server->inFlight) < cifs_max_pending); cifs_num_waiters_dec(server); spin_lock(&GlobalMid_Lock); Reviewed-by: Jeff Layton <jlayton@redhat.com> CC: Christoph Hellwig <hch@infradead.org> Signed-off-by: Steve French <sfrench@us.ibm.com> Reviewed-by: Pavel Shilovsky <piastry@etersoft.ru>
* cifs: simplify refcounting for oplock breaksJeff Layton2011-07-311-2/+0
| | | | | | | | | | | | | | | | | Currently, we take a sb->s_active reference and a cifsFileInfo reference when an oplock break workqueue job is queued. This is unnecessary and more complicated than it needs to be. Also as Al points out, deactivate_super has non-trivial locking implications so it's best to avoid that if we can. Instead, just cancel any pending oplock breaks for this filehandle synchronously in cifsFileInfo_put after taking it off the lists. That should ensure that this job doesn't outlive the structures it depends on. Reported-by: Al Viro <viro@ZenIV.linux.org.uk> Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
* cifs: use cifs_dirent in cifs_save_resume_keyChristoph Hellwig2011-07-251-1/+1
| | | | | | Signed-off-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
* [CIFS] Rename three structures to avoid camel caseSteve French2011-05-271-11/+11
| | | | | | | | | | secMode to sec_mode and cifsTconInfo to cifs_tcon and cifsSesInfo to cifs_ses Signed-off-by: Steve French <sfrench@us.ibm.com>
* CIFS: Add rwpidforward mount optionPavel Shilovsky2011-05-271-0/+1
| | | | | | | | | | | | | | | | | | Add rwpidforward mount option that switches on a mode when we forward pid of a process who opened a file to any read and write operation. This can prevent applications like WINE from failing on read or write operation on a previously locked file region from the same netfd from another process if we use mandatory brlock style. It is actual for WINE because during a run of WINE program two processes work on the same netfd - share the same file struct between several VFS fds: 1) WINE-server does open and lock; 2) WINE-application does read and write. Signed-off-by: Pavel Shilovsky <piastry@etersoft.ru> Signed-off-by: Steve French <sfrench@us.ibm.com>
* CIFS: Migrate to shared superblock modelPavel Shilovsky2011-05-271-0/+19
| | | | | | | | | | Add cifs_match_super to use in sget to share superblock between mounts that have the same //server/sharename, credentials and mount options. It helps us to improve performance on work with future SMB2.1 leases. Reviewed-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Pavel Shilovsky <piastry@etersoft.ru> Signed-off-by: Steve French <sfrench@us.ibm.com>
* [CIFS] Migrate from prefixpath logicSteve French2011-05-271-0/+75
| | | | | | | | | | | Now we point superblock to a server share root and set a root dentry appropriately. This let us share superblock between mounts like //server/sharename/foo/bar and //server/sharename/foo further. Reviewed-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Pavel Shilovsky <piastry@etersoft.ru> Signed-off-by: Steve French <sfrench@us.ibm.com>
* CIFS: Use pid saved from cifsFileInfo in writepages and set_file_sizePavel Shilovsky2011-05-261-0/+8
| | | | | | | | | We need it to make them work with mandatory locking style because we can fail in a situation like when kernel need to flush dirty pages and there is a lock held by a process who opened file. Signed-off-by: Pavel Shilovsky <piastry@etersoft.ru> Signed-off-by: Steve French <sfrench@us.ibm.com>
* cifs: don't call mid_q_entry->callback under the Global_MidLock (try #5)Jeff Layton2011-05-241-3/+3
| | | | | | | | | | | | | | | | | | | | | Minor revision to the last version of this patch -- the only difference is the fix to the cFYI statement in cifs_reconnect. Holding the spinlock while we call this function means that it can't sleep, which really limits what it can do. Taking it out from under the spinlock also means less contention for this global lock. Change the semantics such that the Global_MidLock is not held when the callback is called. To do this requires that we take extra care not to have sync_mid_result remove the mid from the list when the mid is in a state where that has already happened. This prevents list corruption when the mid is sitting on a private list for reconnect or when cifsd is coming down. Reviewed-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com> Reviewed-by: Pavel Shilovsky <piastry@etersoft.ru> Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
* cifs: Add idmap key and related data structures and functions (try #17 repost)Shirish Pargaonkar2011-05-191-0/+5
| | | | | | | | | | | | | | | | Define (global) data structures to store ids, uids and gids, to which a SID maps. There are two separate trees, one for SID/uid and another one for SID/gid. A new type of key, cifs_idmap_key_type, is used. Keys are instantiated and searched using credential of the root by overriding and restoring the credentials of the caller requesting the key. Id mapping functions are invoked under config option of cifs acl. Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
* Shrink stack space usage in cifs_construct_tconSteve French2011-05-191-1/+2
| | | | | | | | We were reserving MAX_USERNAME (now 256) on stack for something which only needs to fit about 24 bytes ie string krb50x + printf version of uid Signed-off-by: Steve French <sfrench@us.ibm.com>
* Remove unused CIFSSMBNotify worker functionSteve French2011-05-191-0/+2
| | | | | | | | | | | The CIFSSMBNotify worker is unused, pending changes to allow it to be called via inotify, so move it into its own experimental config option so it does not get built in, until the necessary VFS support is fixed. It used to be used in dnotify, but according to Jeff, inotify needs minor changes before we can reenable this. CC: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
* cifs: don't allow mmap'ed pages to be dirtied while under writeback (try #3)Jeff Layton2011-04-121-1/+0
| | | | | | | | | | | | | | | | | | | | | | This is more or less the same patch as before, but with some merge conflicts fixed up. If a process has a dirty page mapped into its page tables, then it has the ability to change it while the client is trying to write the data out to the server. If that happens after the signature has been calculated then that signature will then be wrong, and the server will likely reset the TCP connection. This patch adds a page_mkwrite handler for CIFS that simply takes the page lock. Because the page lock is held over the life of writepage and writepages, this prevents the page from becoming writeable until the write call has completed. With this, we can also remove the "sign_zero_copy" module option and always inline the pages when writing. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
* [CIFS] cifs: clarify the meaning of tcpStatus == CifsGoodSteve French2011-04-121-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | When the TCP_Server_Info is first allocated and connected, tcpStatus == CifsGood means that the NEGOTIATE_PROTOCOL request has completed and the socket is ready for other calls. cifs_reconnect however sets tcpStatus to CifsGood as soon as the socket is reconnected and the optional RFC1001 session setup is done. We have no clear way to tell the difference between these two states, and we need to know this in order to know whether we can send an echo or not. Resolve this by adding a new statusEnum value -- CifsNeedNegotiate. When the socket has been connected but has not yet had a NEGOTIATE_PROTOCOL request done, set it to this value. Once the NEGOTIATE is done, cifs_negotiate_protocol will set tcpStatus to CifsGood. This also fixes and cleans the logic in cifs_reconnect and cifs_reconnect_tcon. The old code checked for specific states when what it really wants to know is whether the state has actually changed from CifsNeedReconnect. Reported-and-Tested-by: JG <jg@cms.ac> Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
* Max share size is too smallSteve French2011-04-121-1/+1
| | | | | | | Max share name was set to 64, and (at least for Windows) can be 80. Signed-off-by: Steve French <sfrench@us.ibm.com>
* Allow user names longer than 32 bytesSteve French2011-04-121-4/+3
| | | | | | | | | We artificially limited the user name to 32 bytes, but modern servers handle larger. Set the maximum length to a reasonable 256, and make the user name string dynamically allocated rather than a fixed size in session structure. Also clean up old checkpatch warning. Signed-off-by: Steve French <sfrench@us.ibm.com>
* cifs: replace /proc/fs/cifs/Experimental with a module parmJeff Layton2011-04-121-1/+1
| | | | | | | | | | | | | | | | | | | | | This flag currently only affects whether we allow "zero-copy" writes with signing enabled. Typically we map pages in the pagecache directly into the write request. If signing is enabled however and the contents of the page change after the signature is calculated but before the write is sent then the signature will be wrong. Servers typically respond to this by closing down the socket. Still, this can provide a performance benefit so the "Experimental" flag was overloaded to allow this. That's really not a good place for this option however since it's not clear what that flag does. Move that flag instead to a new module parameter that better describes its purpose. That's also better since it can be set at module insertion time by configuring modprobe.d. Reviewed-by: Suresh Jayaraman <sjayaraman@suse.de> Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
* cifs: don't always drop malformed replies on the floor (try #3)Jeff Layton2011-02-111-1/+1
| | | | | | | | | | | | | | | | | | | | | Slight revision to this patch...use min_t() instead of conditional assignment. Also, remove the FIXME comment and replace it with the explanation that Steve gave earlier. After receiving a packet, we currently check the header. If it's no good, then we toss it out and continue the loop, leaving the caller waiting on that response. In cases where the packet has length inconsistencies, but the MID is valid, this leads to unneeded delays. That's especially problematic now that the client waits indefinitely for responses. Instead, don't immediately discard the packet if checkSMB fails. Try to find a matching mid_q_entry, mark it as having a malformed response and issue the callback. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
* [CIFS] Do not send SMBEcho requests on new sockets until SMBNegotiateSteve French2011-02-091-0/+2
| | | | | | | | | | | | In order to determine whether an SMBEcho request can be sent we need to know that the socket is established (server tcpStatus == CifsGood) AND that an SMB NegotiateProtocol has been sent (server maxBuf != 0). Without the second check we can send an Echo request during reconnection before the server can accept it. CC: JG <jg@cms.ac> Reviewed-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
* Make CIFS mount work in a container.Rob Landley2011-01-241-0/+33
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Teach cifs about network namespaces, so mounting uses adresses/routing visible from the container rather than from init context. A container is a chroot on steroids that changes more than just the root filesystem the new processes see. One thing containers can isolate is "network namespaces", meaning each container can have its own set of ethernet interfaces, each with its own own IP address and routing to the outside world. And if you open a socket in _userspace_ from processes within such a container, this works fine. But sockets opened from within the kernel still use a single global networking context in a lot of places, meaning the new socket's address and routing are correct for PID 1 on the host, but are _not_ what userspace processes in the container get to use. So when you mount a network filesystem from within in a container, the mount code in the CIFS driver uses the host's networking context and not the container's networking context, so it gets the wrong address, uses the wrong routing, and may even try to go out an interface that the container can't even access... Bad stuff. This patch copies the mount process's network context into the CIFS structure that stores the rest of the server information for that mount point, and changes the socket open code to use the saved network context instead of the global network context. I.E. "when you attempt to use these addresses, do so relative to THIS set of network interfaces and routing rules, not the old global context from back before we supported containers". The big long HOWTO sets up a test environment on the assumption you've never used ocntainers before. It basically says: 1) configure and build a new kernel that has container support 2) build a new root filesystem that includes the userspace container control package (LXC) 3) package/run them under KVM (so you don't have to mess up your host system in order to play with containers). 4) set up some containers under the KVM system 5) set up contradictory routing in the KVM system and the container so that the host and the container see different things for the same address 6) try to mount a CIFS share from both contexts so you can both force it to work and force it to fail. For a long drawn out test reproduction sequence, see: http://landley.livejournal.com/47024.html http://landley.livejournal.com/47205.html http://landley.livejournal.com/47476.html Signed-off-by: Rob Landley <rlandley@parallels.com> Reviewed-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
* cifs: move time field in cifsInodeInfoJeff Layton2011-01-201-5/+5
| | | | | | | | | | | | | | | | | | | | | | ...and remove length qualifiers from bools. Before: /* size: 1176, cachelines: 19, members: 13 */ /* sum members: 1165, holes: 2, sum holes: 11 */ /* bit holes: 1, sum bit holes: 4 bits */ /* last cacheline: 24 bytes */ After: /* size: 1168, cachelines: 19, members: 13 */ /* last cacheline: 16 bytes */ ...savings of 8 bytes per inode. Signed-off-by: Jeff Layton <jlayton@redhat.com> Reviewed-by: Pavel Shilovsky <piastryyy@gmail.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
* cifs: TCP_Server_Info dietJeff Layton2011-01-201-17/+9
| | | | | | | | | | | | | | | | | | | | | | | | Remove fields that are completely unused, and rearrange struct according to recommendations by "pahole". Before: /* size: 1112, cachelines: 18, members: 49 */ /* sum members: 1086, holes: 8, sum holes: 26 */ /* bit holes: 1, sum bit holes: 7 bits */ /* last cacheline: 24 bytes */ After: /* size: 1072, cachelines: 17, members: 42 */ /* sum members: 1065, holes: 3, sum holes: 7 */ /* last cacheline: 48 bytes */ ...savings of 40 bytes per struct on x86_64. 21 bytes by field removal, and 19 by reorganizing to eliminate holes. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
* cifs: remove code for setting timeouts on requestsJeff Layton2011-01-201-6/+3
| | | | | | | | | | Since we don't time out individual requests anymore, remove the code that we used to use for setting timeouts on different requests. Reviewed-by: Pavel Shilovsky <piastryyy@gmail.com> Reviewed-by: Suresh Jayaraman <sjayaraman@suse.de> Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
* [CIFS] cifs: reconnect unresponsive serversSteve French2011-01-201-0/+3
| | | | | | | | | | | | | | | | If the server isn't responding to echoes, we don't want to leave tasks hung waiting for it to reply. At that point, we'll want to reconnect so that soft mounts can return an error to userspace quickly. If the client hasn't received a reply after a specified number of echo intervals, assume that the transport is down and attempt to reconnect the socket. The number of echo_intervals to wait before attempting to reconnect is tunable via a module parameter. Setting it to 0, means that the client will never attempt to reconnect. The default is 5. Signed-off-by: Jeff Layton <jlayton@redhat.com>
* cifs: set up recurring workqueue job to do SMB echo requestsJeff Layton2011-01-201-0/+1
| | | | | | Reviewed-by: Suresh Jayaraman <sjayaraman@suse.de> Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
* cifs: allow for different handling of received responseJeff Layton2011-01-201-1/+14
| | | | | | | | | | | | | | | | | | | | | | In order to incorporate async requests, we need to allow for a more general way to do things on receive, rather than just waking up a process. Turn the task pointer in the mid_q_entry into a callback function and a generic data pointer. When a response comes in, or the socket is reconnected, cifsd can call the callback function in order to wake up the process. The default is to just wake up the current process which should mean no change in behavior for existing code. Also, clean up the locking in cifs_reconnect. There doesn't seem to be any need to hold both the srv_mutex and GlobalMid_Lock when walking the list of mids. Reviewed-by: Suresh Jayaraman <sjayaraman@suse.de> Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
* cifs: use CreationTime like an i_generation fieldJeff Layton2011-01-101-0/+2
| | | | | | | | | | Reduce false inode collisions by using the CreationTime like an i_generation field. This way, even if the server ends up reusing a uniqueid after a delete/create cycle, we can avoid matching the inode incorrectly. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
* cifs: remove unnecessary locking around sequence_numberJeff Layton2011-01-101-1/+1
| | | | | | | | | The server->sequence_number is already protected by the srv_mutex. The GlobalMid_lock is unneeded here. Reviewed-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com> Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
* CIFS: Simplify ipv*_connect functions into one (try #4)Pavel Shilovsky2011-01-061-4/+1
| | | | | | | | | | Make connect logic more ip-protocol independent and move RFC1001 stuff into a separate function. Also replace union addr in TCP_Server_Info structure with sockaddr_storage. Signed-off-by: Pavel Shilovsky <piastryyy@gmail.com> Reviewed-and-Tested-by: Jeff Layton <jlayton@samba.org> Signed-off-by: Steve French <sfrench@us.ibm.com>
* cifs: remove Local_System_NameJeff Layton2010-12-061-2/+0
| | | | | | | ...this string is zeroed out and nothing ever changes it. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
* cifs: add attribute cache timeout (actimeo) tunableSuresh Jayaraman2010-12-021-0/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, the attribute cache timeout for CIFS is hardcoded to 1 second. This means that the client might have to issue a QPATHINFO/QFILEINFO call every 1 second to verify if something has changes, which seems too expensive. On the other hand, if the timeout is hardcoded to a higher value, workloads that expect strict cache coherency might see unexpected results. Making attribute cache timeout as a tunable will allow us to make a tradeoff between performance and cache metadata correctness depending on the application/workload needs. Add 'actimeo' tunable that can be used to tune the attribute cache timeout. The default timeout is set to 1 second. Also, display actimeo option value in /proc/mounts. It appears to me that 'actimeo' and the proposed (but not yet merged) 'strictcache' option cannot coexist, so care must be taken that we reset the other option if one of them is set. Changes since last post: - fix option parsing and handle possible values correcly Reviewed-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Suresh Jayaraman <sjayaraman@suse.de> Signed-off-by: Steve French <sfrench@us.ibm.com>
* cifs: convert tlink_tree to a rbtreeJeff Layton2010-11-021-1/+2
| | | | | | | | | | | | | | | | | Radix trees are ideal when you want to track a bunch of pointers and can't embed a tracking structure within the target of those pointers. The tradeoff is an increase in memory, particularly if the tree is sparse. In CIFS, we use the tlink_tree to track tcon_link structs. A tcon_link can never be in more than one tlink_tree, so there's no impediment to using a rb_tree here instead of a radix tree. Convert the new multiuser mount code to use a rb_tree instead. This should reduce the memory required to manage the tlink_tree. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
* cifs: Cleanup and thus reduce smb session structure and fields used during ↵Shirish Pargaonkar2010-10-291-6/+3
| | | | | | | | | | | | | | | | | | | | | authentication Removed following fields from smb session structure cryptkey, ntlmv2_hash, tilen, tiblob and ntlmssp_auth structure is allocated dynamically only if the auth mech in NTLMSSP. response field within a session_key structure is used to initially store the target info (either plucked from type 2 challenge packet in case of NTLMSSP or fabricated in case of NTLMv2 without extended security) and then to store Message Authentication Key (mak) (session key + client response). Server challenge or cryptkey needed during a NTLMSSP authentication is now part of ntlmssp_auth structure which gets allocated and freed once authenticaiton process is done. Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
* NTLM auth and sign - Use appropriate server challengeShirish Pargaonkar2010-10-291-1/+2
| | | | | | | | | | | | | | | | | | Need to have cryptkey or server challenge in smb connection (struct TCP_Server_Info) for ntlm and ntlmv2 auth types for which cryptkey (Encryption Key) is supplied just once in Negotiate Protocol response during an smb connection setup for all the smb sessions over that smb connection. For ntlmssp, cryptkey or server challenge is provided for every smb session in type 2 packet of ntlmssp negotiation, the cryptkey provided during Negotiation Protocol response before smb connection does not count. Rename cryptKey to cryptkey and related changes. Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
* NTLM auth and sign - minor error corrections and cleanupShirish Pargaonkar2010-10-271-1/+1
| | | | | | | | | | | | | | | | Minor cleanup - Fix spelling mistake, make meaningful (goto) label In function setup_ntlmv2_rsp(), do not return 0 and leak memory, let the tiblob get freed. For function find_domain_name(), pass already available nls table pointer instead of loading and unloading the table again in this function. For ntlmv2, the case sensitive password length is the length of the response, so subtract session key length (16 bytes) from the .len. Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
* NTLM auth and sign - Define crypto hash functions and create and send keys ↵Shirish Pargaonkar2010-10-261-0/+26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | needed for key exchange Mark dependency on crypto modules in Kconfig. Defining per structures sdesc and cifs_secmech which are used to store crypto hash functions and contexts. They are stored per smb connection and used for all auth mechs to genereate hash values and signatures. Allocate crypto hashing functions, security descriptiors, and respective contexts when a smb/tcp connection is established. Release them when a tcp/smb connection is taken down. md5 and hmac-md5 are two crypto hashing functions that are used throught the life of an smb/tcp connection by various functions that calcualte signagure and ntlmv2 hash, HMAC etc. structure ntlmssp_auth is defined as per smb connection. ntlmssp_auth holds ciphertext which is genereated by rc4/arc4 encryption of secondary key, a nonce using ntlmv2 session key and sent in the session key field of the type 3 message sent by the client during ntlmssp negotiation/exchange A key is exchanged with the server if client indicates so in flags in type 1 messsage and server agrees in flag in type 2 message of ntlmssp negotiation. If both client and agree, a key sent by client in type 3 message of ntlmssp negotiation in the session key field. The key is a ciphertext generated off of secondary key, a nonce, using ntlmv2 hash via rc4/arc4. Signing works for ntlmssp in this patch. The sequence number within the server structure needs to be zero until session is established i.e. till type 3 packet of ntlmssp exchange of a to be very first smb session on that smb connection is sent. Acked-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
* NTLM auth and sign - Allocate session key/client response dynamicallyShirish Pargaonkar2010-10-261-8/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Start calculating auth response within a session. Move/Add pertinet data structures like session key, server challenge and ntlmv2_hash in a session structure. We should do the calculations within a session before copying session key and response over to server data structures because a session setup can fail. Only after a very first smb session succeeds, it copy/make its session key, session key of smb connection. This key stays with the smb connection throughout its life. sequence_number within server is set to 0x2. The authentication Message Authentication Key (mak) which consists of session key followed by client response within structure session_key is now dynamic. Every authentication type allocates the key + response sized memory within its session structure and later either assigns or frees it once the client response is sent and if session's session key becomes connetion's session key. ntlm/ntlmi authentication functions are rearranged. A function named setup_ntlm_resp(), similar to setup_ntlmv2_resp(), replaces function cifs_calculate_session_key(). size of CIFS_SESS_KEY_SIZE is changed to 16, to reflect the byte size of the key it holds. Reviewed-by: Jeff Layton <jlayton@samba.org> Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
* cifs: update comments - [s/GlobalSMBSesLock/cifs_file_list_lock/g]Suresh Jayaraman2010-10-251-1/+1
| | | | | | | GlobalSMBSesLock is now cifs_file_list_lock. Update comments to reflect this. Signed-off-by: Suresh Jayaraman <sjayaraman@suse.de> Signed-off-by: Steve French <sfrench@us.ibm.com>
* cifs: eliminate cifsInodeInfo->write_behind_rc (try #6)Jeff Layton2010-10-251-1/+0
| | | | | | | | | | | | | | | write_behind_rc is redundant and just adds complexity to the code. What we really want to do instead is to use mapping_set_error to reset the flags on the mapping when we find a writeback error and can't report it to userspace yet. For cifs_flush and cifs_fsync, we shouldn't reset the flags since errors returned there do get reported to userspace. Signed-off-by: Jeff Layton <jlayton@redhat.com> Reviewed-by: Suresh Jayaraman <sjayaraman@suse.de> Reviewed-by: Dave Kleikamp <shaggy@linux.vnet.ibm.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
* [CIFS] Fix checkpatch warnings and bump cifs version numberSteve French2010-10-251-2/+2
| | | | Signed-off-by: Steve French <sfrench@us.ibm.com>