[CIFS] Fix CIFS to recognize share mode security

Use fsuid (fsgid) more consistently instead of uid (gid). Improve performance

Use fsuid (fsgid) more consistently instead of uid (gid). Improve performance

of readpages by eliminating one extra memcpy. Allow update of file size

of readpages by eliminating one extra memcpy. Allow update of file size

from remote server even if file is open for write as long as mount is

from remote server even if file is open for write as long as mount is

directio.

directio.  Recognize share mode security and send NTLM encrypted password

on tree connect if share mode negotiated.

Version 1.39

Version 1.39

------------

------------

	__u8 revision; /* revision level */

	__u8 revision; /* revision level */

	__u8 num_subauths;

	__u8 num_subauths;

	__u8 authority[6];

	__u8 authority[6];

	__u8 sub_auth[4];

	__u32 sub_auth[4];

	/* next sub_auth if any ... */

	/* next sub_auth if any ... */

} __attribute__((packed));

} __attribute__((packed));

/* everyone */

/* everyone */

const cifs_sid sid_everyone = {1, 1, {0, 0, 0, 0, 0, 0}, {0, 0, 0, 0}};

extern const struct cifs_sid sid_everyone;

/* group users */

/* group users */

const cifs_sid sid_user = {1, 2 , {0, 0, 0, 0, 0, 5}, {32, 545, 0, 0}};

extern const struct cifs_sid sid_user;

#endif /* _CIFSACL_H */

#endif /* _CIFSACL_H */

#include "cifsproto.h"

#include "cifsproto.h"

#include "cifs_unicode.h"

#include "cifs_unicode.h"

#include "cifs_debug.h"

#include "cifs_debug.h"

#include "cifsacl.h"

#ifdef CONFIG_CIFS_POSIX

#ifdef CONFIG_CIFS_POSIX

static struct {

static struct {

			 (struct smb_hdr *) pSMBr, &bytes_returned, 0);

			 (struct smb_hdr *) pSMBr, &bytes_returned, 0);

	if (rc == 0) {

	if (rc == 0) {

		server->secMode = pSMBr->SecurityMode;

		server->secMode = pSMBr->SecurityMode;

		if((server->secMode & SECMODE_USER) == 0)

			cFYI(1,("share mode security"));

		server->secType = NTLM; /* BB override default for

		server->secType = NTLM; /* BB override default for

					   NTLMv2 or kerberos v5 */

					   NTLMv2 or kerberos v5 */

		/* one byte - no need to convert this or EncryptionKeyLen

		/* one byte - no need to convert this or EncryptionKeyLen

						(server->server_GUID,

						(server->server_GUID,

						pSMBr->u.extended_response.

						pSMBr->u.extended_response.

						GUID, 16) != 0) {

						GUID, 16) != 0) {

						cFYI(1,

						cFYI(1, ("server UID changed"));

						     ("UID of server does not match previous connection to same ip address"));

						memcpy(server->

						memcpy(server->

							server_GUID,

							server_GUID,

							pSMBr->u.

							pSMBr->u.

#endif /* CONFIG_POSIX */

#endif /* CONFIG_POSIX */

/* security id for everyone */

const struct cifs_sid sid_everyone = {1, 1, {0, 0, 0, 0, 0, 0}, {0, 0, 0, 0}};

/* group users */

const struct cifs_sid sid_user = {1, 2 , {0, 0, 0, 0, 0, 5}, {32, 545, 0, 0}};

/* Convert CIFS ACL to POSIX form */

/* Convert CIFS ACL to POSIX form */

static int parse_sec_desc(struct sec_desc * psec_desc, int acl_len)

static int parse_sec_desc(struct cifs_sid * psec_desc, int acl_len)

{

{

	return 0;

	return 0;

}

}

		cifs_sb->mnt_gid = volume_info.linux_gid;

		cifs_sb->mnt_gid = volume_info.linux_gid;

		cifs_sb->mnt_file_mode = volume_info.file_mode;

		cifs_sb->mnt_file_mode = volume_info.file_mode;

		cifs_sb->mnt_dir_mode = volume_info.dir_mode;

		cifs_sb->mnt_dir_mode = volume_info.dir_mode;

		cFYI(1,("file mode: 0x%x  dir mode: 0x%x",cifs_sb->mnt_file_mode,cifs_sb->mnt_dir_mode));

		cFYI(1,("file mode: 0x%x  dir mode: 0x%x",

			cifs_sb->mnt_file_mode,cifs_sb->mnt_dir_mode));

		if(volume_info.noperm)

		if(volume_info.noperm)

			cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_PERM;

			cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_PERM;

	pSMB->AndXCommand = 0xFF;

	pSMB->AndXCommand = 0xFF;

	pSMB->Flags = cpu_to_le16(TCON_EXTENDED_SECINFO);

	pSMB->Flags = cpu_to_le16(TCON_EXTENDED_SECINFO);

	pSMB->PasswordLength = cpu_to_le16(1);	/* minimum */

	bcc_ptr = &pSMB->Password[0];

	bcc_ptr = &pSMB->Password[0];

	if((ses->server->secMode) & SECMODE_USER) {

		pSMB->PasswordLength = cpu_to_le16(1);	/* minimum */

		bcc_ptr++;              /* skip password */

		bcc_ptr++;              /* skip password */

	} else {

		pSMB->PasswordLength = cpu_to_le16(CIFS_SESSION_KEY_SIZE);

		/* BB FIXME add code to fail this if NTLMv2 or Kerberos

		   specified as required (when that support is added to

		   the vfs in the future) as only NTLM or the much

		   weaker LANMAN (which we do not send) is accepted

		   by Samba (not sure whether other servers allow

		   NTLMv2 password here) */

		SMBNTencrypt(ses->password,

			     ses->server->cryptKey,

			     bcc_ptr);

		bcc_ptr += CIFS_SESSION_KEY_SIZE;

		*bcc_ptr = 0;

		bcc_ptr++; /* align */

	}

	if(ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))

	if(ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))

		smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;

		smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;

		bcc_ptr += 2 * length;	/* convert num of 16 bit words to bytes */

		bcc_ptr += 2 * length;	/* convert num of 16 bit words to bytes */

		bcc_ptr += 2;	/* skip trailing null */

		bcc_ptr += 2;	/* skip trailing null */

	} else {		/* ASCII */

	} else {		/* ASCII */

		strcpy(bcc_ptr, tree);

		strcpy(bcc_ptr, tree);

		bcc_ptr += strlen(tree) + 1;

		bcc_ptr += strlen(tree) + 1;

	}

	}