Commit 9c849ce8 authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge tag '5.15-rc-smb3-fixes-part1' of git://git.samba.org/sfrench/cifs-2.6 

Pull cifs client updates from Steve French:
 "Eleven cifs/smb3 client fixes:

   - mostly restructuring to allow disabling less secure algorithms
     (this will allow eventual removing rc4 and md4 from general use in
     the kernel)

   - four fixes, including two for stable

   - enable r/w support with fscache and cifs.ko

  I am working on a larger set of changes (the usual ... multichannel,
  auth and signing improvements), but wanted to get these in earlier to
  reduce chance of merge conflicts later in the merge window"

* tag '5.15-rc-smb3-fixes-part1' of git://git.samba.org/sfrench/cifs-2.6:
  cifs: Do not leak EDEADLK to dgetents64 for STATUS_USER_SESSION_DELETED
  cifs: add cifs_common directory to MAINTAINERS file
  cifs: cifs_md4 convert to SPDX identifier
  cifs: create a MD4 module and switch cifs.ko to use it
  cifs: fork arc4 and create a separate module for it for cifs and other users
  cifs: remove support for NTLM and weaker authentication algorithms
  cifs: enable fscache usage even for files opened as rw
  oid_registry: Add OIDs for missing Spnego auth mechanisms to Macs
  smb3: fix posix extensions mount option
  cifs: fix wrong release in sess_alloc_buffer() failed path
  CIFS: Fix a potencially linear read overflow
parents e24c567b 3998f0b8

MAINTAINERS

+1 −0
Original line number Diff line number Diff line
@@ -4629,6 +4629,7 @@ W: http://linux-cifs.samba.org/ 
T:	git git://git.samba.org/sfrench/cifs-2.6.git

F:	Documentation/admin-guide/cifs/

F:	fs/cifs/

F:	fs/cifs_common/









COMPACTPCI HOTPLUG CORE









M:	Scott Murray <scott@spiteful.org>
































fs/Kconfig



+7
−0






























Original line number
Diff line number
Diff line







@@ -348,8 +348,15 @@ config NFS_V4_2_SSC_HELPER

















source "net/sunrpc/Kconfig"









source "fs/ceph/Kconfig"



















source "fs/cifs/Kconfig"









source "fs/ksmbd/Kconfig"



















config CIFS_COMMON









	tristate









	default y if CIFS=y









	default m if CIFS=m



















source "fs/coda/Kconfig"









source "fs/afs/Kconfig"









source "fs/9p/Kconfig"
































fs/Makefile



+1
−0






























Original line number
Diff line number
Diff line







@@ -96,6 +96,7 @@ obj-$(CONFIG_LOCKD)		+= lockd/







obj-$(CONFIG_NLS)		+= nls/









obj-$(CONFIG_UNICODE)		+= unicode/









obj-$(CONFIG_SYSV_FS)		+= sysv/









obj-$(CONFIG_CIFS_COMMON)	+= cifs_common/









obj-$(CONFIG_CIFS)		+= cifs/









obj-$(CONFIG_SMB_SERVER)	+= ksmbd/









obj-$(CONFIG_HPFS_FS)		+= hpfs/
































fs/cifs/Kconfig



+0
−30






























Original line number
Diff line number
Diff line







@@ -4,19 +4,16 @@ config CIFS







	depends on INET









	select NLS









	select CRYPTO









	select CRYPTO_MD4









	select CRYPTO_MD5









	select CRYPTO_SHA256









	select CRYPTO_SHA512









	select CRYPTO_CMAC









	select CRYPTO_HMAC









	select CRYPTO_LIB_ARC4









	select CRYPTO_AEAD2









	select CRYPTO_CCM









	select CRYPTO_GCM









	select CRYPTO_ECB









	select CRYPTO_AES









	select CRYPTO_LIB_DES









	select KEYS









	select DNS_RESOLVER









	select ASN1








@@ -85,33 +82,6 @@ config CIFS_ALLOW_INSECURE_LEGACY

















	  If unsure, say Y.



















config CIFS_WEAK_PW_HASH









	bool "Support legacy servers which use weaker LANMAN security"









	depends on CIFS && CIFS_ALLOW_INSECURE_LEGACY









	help









	  Modern CIFS servers including Samba and most Windows versions









	  (since 1997) support stronger NTLM (and even NTLMv2 and Kerberos)









	  security mechanisms. These hash the password more securely









	  than the mechanisms used in the older LANMAN version of the









	  SMB protocol but LANMAN based authentication is needed to









	  establish sessions with some old SMB servers.



















	  Enabling this option allows the cifs module to mount to older









	  LANMAN based servers such as OS/2 and Windows 95, but such









	  mounts may be less secure than mounts using NTLM or more recent









	  security mechanisms if you are on a public network.  Unless you









	  have a need to access old SMB servers (and are on a private









	  network) you probably want to say N.  Even if this support









	  is enabled in the kernel build, LANMAN authentication will not be









	  used automatically. At runtime LANMAN mounts are disabled but









	  can be set to required (or optional) either in









	  /proc/fs/cifs (see Documentation/admin-guide/cifs/usage.rst for









	  more detail) or via an option on the mount command. This support









	  is disabled by default in order to reduce the possibility of a









	  downgrade attack.



















	  If unsure, say N.



















config CIFS_UPCALL









	bool "Kerberos/SPNEGO advanced session setup"









	depends on CIFS
































fs/cifs/cifs_debug.c



+0
−11






























Original line number
Diff line number
Diff line







@@ -250,9 +250,6 @@ static int cifs_debug_data_proc_show(struct seq_file *m, void *v)







#ifdef CONFIG_CIFS_ALLOW_INSECURE_LEGACY









	seq_printf(m, ",ALLOW_INSECURE_LEGACY");









#endif









#ifdef CONFIG_CIFS_WEAK_PW_HASH









	seq_printf(m, ",WEAK_PW_HASH");









#endif









#ifdef CONFIG_CIFS_POSIX









	seq_printf(m, ",CIFS_POSIX");









#endif








@@ -929,14 +926,6 @@ cifs_security_flags_handle_must_flags(unsigned int *flags)







		*flags = CIFSSEC_MUST_NTLMSSP;









	else if ((*flags & CIFSSEC_MUST_NTLMV2) == CIFSSEC_MUST_NTLMV2)









		*flags = CIFSSEC_MUST_NTLMV2;









	else if ((*flags & CIFSSEC_MUST_NTLM) == CIFSSEC_MUST_NTLM)









		*flags = CIFSSEC_MUST_NTLM;









	else if (CIFSSEC_MUST_LANMAN &&









		 (*flags & CIFSSEC_MUST_LANMAN) == CIFSSEC_MUST_LANMAN)









		*flags = CIFSSEC_MUST_LANMAN;









	else if (CIFSSEC_MUST_PLNTXT &&









		 (*flags & CIFSSEC_MUST_PLNTXT) == CIFSSEC_MUST_PLNTXT)









		*flags = CIFSSEC_MUST_PLNTXT;



















	*flags |= signflags;









}