smb: server: make use of smbdirect.ko

This means we no longer inline the common smbdirect
.c files and use the exported functions from the
module instead.

Note the connection specific logging is st

smb: server: make use of smbdirect.ko

This means we no longer inline the common smbdirect
.c files and use the exported functions from the
module instead.

Note the connection specific logging is still
redirect to ksmbd.ko functions via
smbdirect_socket_set_logging().

We still don't use real socket layer,
but we're very close...

Cc: Namjae Jeon <linkinjeon@kernel.org>
Cc: Steve French <smfrench@gmail.com>
Cc: Tom Talpey <tom@talpey.com>
Cc: linux-cifs@vger.kernel.org
Cc: samba-technical@lists.samba.org
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Acked-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>

show more ...

ksmbd: Remove unnecessary selection of CRYPTO_ECB

Since the SMB server never uses any ecb(...) algorithm from the
crypto_skcipher API, selecting CRYPTO_ECB is unnecessary.

Remove it along with the

ksmbd: Remove unnecessary selection of CRYPTO_ECB

Since the SMB server never uses any ecb(...) algorithm from the
crypto_skcipher API, selecting CRYPTO_ECB is unnecessary.

Remove it along with the unused CRYPTO_BLK_* constants.

Signed-off-by: Eric Biggers <ebiggers@kernel.org>
Acked-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>

show more ...

ksmbd: Compare MACs in constant time

To prevent timing attacks, MAC comparisons need to be constant-time.
Replace the memcmp() with the correct function, crypto_memneq().

Fixes: e2f34481b24d ("cifs

ksmbd: Compare MACs in constant time

To prevent timing attacks, MAC comparisons need to be constant-time.
Replace the memcmp() with the correct function, crypto_memneq().

Fixes: e2f34481b24d ("cifsd: add server-side procedures for SMB3")
Cc: stable@vger.kernel.org
Signed-off-by: Eric Biggers <ebiggers@kernel.org>
Acked-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>

show more ...

ksmbd: Use HMAC-MD5 library for NTLMv2

For the HMAC-MD5 computations in NTLMv2, use the HMAC-MD5 library
instead of a "hmac(md5)" crypto_shash. This is simpler and faster.
With the library there's

ksmbd: Use HMAC-MD5 library for NTLMv2

For the HMAC-MD5 computations in NTLMv2, use the HMAC-MD5 library
instead of a "hmac(md5)" crypto_shash. This is simpler and faster.
With the library there's no need to allocate memory, no need to handle
errors, and the HMAC-MD5 code is accessed directly without inefficient
indirect calls and other unnecessary API overhead.

To preserve the existing behavior of NTLMv2 support being disabled when
the kernel is booted with "fips=1", make ksmbd_auth_ntlmv2() check
fips_enabled itself. Previously it relied on the error from
crypto_alloc_shash("hmac(md5)") being bubbled up. I don't know for sure
that this is actually needed, but this preserves the existing behavior.

Signed-off-by: Eric Biggers <ebiggers@kernel.org>
Acked-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>

show more ...

ksmbd: Use HMAC-SHA256 library for message signing and key generation

Convert ksmbd_sign_smb2_pdu() and generate_key() to use the HMAC-SHA256
library instead of a "hmac(sha256)" crypto_shash. This

ksmbd: Use HMAC-SHA256 library for message signing and key generation

Convert ksmbd_sign_smb2_pdu() and generate_key() to use the HMAC-SHA256
library instead of a "hmac(sha256)" crypto_shash. This is simpler and
faster. With the library there's no need to allocate memory, no need to
handle errors, and the HMAC-SHA256 code is accessed directly without
inefficient indirect calls and other unnecessary API overhead.

Signed-off-by: Eric Biggers <ebiggers@kernel.org>
Acked-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>

show more ...

ksmbd: Use SHA-512 library for SMB3.1.1 preauth hash

Convert ksmbd_gen_preauth_integrity_hash() to use the SHA-512 library
instead of a "sha512" crypto_shash. This is simpler and faster. With
the

ksmbd: Use SHA-512 library for SMB3.1.1 preauth hash

Convert ksmbd_gen_preauth_integrity_hash() to use the SHA-512 library
instead of a "sha512" crypto_shash. This is simpler and faster. With
the library there's no need to allocate memory, no need to handle
errors, and the SHA-512 code is accessed directly without inefficient
indirect calls and other unnecessary API overhead.

Signed-off-by: Eric Biggers <ebiggers@kernel.org>
Acked-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>

show more ...

smb: Use arc4 library instead of duplicate arc4 code

fs/smb/common/cifs_arc4.c has an implementation of ARC4, but a copy of
this same code is also present in lib/crypto/arc4.c to serve the other
use

smb: Use arc4 library instead of duplicate arc4 code

fs/smb/common/cifs_arc4.c has an implementation of ARC4, but a copy of
this same code is also present in lib/crypto/arc4.c to serve the other
users of this legacy algorithm in the kernel. Remove the duplicate
implementation in fs/smb/, which seems to have been added because of a
misunderstanding, and just use the lib/crypto/ one.

Signed-off-by: Eric Biggers <ebiggers@kernel.org>
Reviewed-by: Paulo Alcantara (Red Hat) <pc@manguebit.org>
Signed-off-by: Steve French <stfrench@microsoft.com>

show more ...

ksmbd: use SHA-256 library API instead of crypto_shash API

ksmbd_gen_sd_hash() does not support any other algorithm, so the
crypto_shash abstraction provides no value. Just use the SHA-256
library

ksmbd: use SHA-256 library API instead of crypto_shash API

ksmbd_gen_sd_hash() does not support any other algorithm, so the
crypto_shash abstraction provides no value. Just use the SHA-256
library API instead, which is much simpler and easier to use.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Acked-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>

show more ...

ksmbd: make SMB_SERVER_KERBEROS5 enable by default

The users want to use Kerberos in ksmbd. SMB_SERVER_KERBEROS5 config is
enabled by default.

Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Sig

ksmbd: make SMB_SERVER_KERBEROS5 enable by default

The users want to use Kerberos in ksmbd. SMB_SERVER_KERBEROS5 config is
enabled by default.

Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>

show more ...

ksmbd: remove experimental warning

ksmbd has made significant improvements over the past two
years and is regularly tested and used. Remove the experimental
warning.

Acked-by: Namjae Jeon <linkinj

ksmbd: remove experimental warning

ksmbd has made significant improvements over the past two
years and is regularly tested and used. Remove the experimental
warning.

Acked-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>

show more ...

fs/smb: Swing unicode common code from smb->NLS

Swing most of the inline functions and unicode tables into nls
from the copy in smb/server. This is UCS-2 rather than most
of the rest of the code in

fs/smb: Swing unicode common code from smb->NLS

Swing most of the inline functions and unicode tables into nls
from the copy in smb/server. This is UCS-2 rather than most
of the rest of the code in NLS, but it currently seems like the
best place for it.

The actual unicode.c implementations vary much more between server
and client so they're unmoved.

Signed-off-by: Dr. David Alan Gilbert <linux@treblig.org>
Reviewed-by: Dave Kleikamp <dave.kleikamp@oracle.com>
Signed-off-by: Steve French <stfrench@microsoft.com>

show more ...

smb: move client and server files to common directory fs/smb

Move CIFS/SMB3 related client and server files (cifs.ko and ksmbd.ko
and helper modules) to new fs/smb subdirectory:

fs/cifs --> fs/s

smb: move client and server files to common directory fs/smb

Move CIFS/SMB3 related client and server files (cifs.ko and ksmbd.ko
and helper modules) to new fs/smb subdirectory:

fs/cifs --> fs/smb/client
fs/ksmbd --> fs/smb/server
fs/smbfs_common --> fs/smb/common

Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
Acked-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>

show more ...