Skip to content

Commit cabfb36

Browse files
piastrysmfrench
authored andcommitted
CIFS: Enable encryption during session setup phase
In order to allow encryption on SMB connection we need to exchange a session key and generate encryption and decryption keys. Signed-off-by: Pavel Shilovsky <pshilov@microsoft.com>
1 parent 7fb8986 commit cabfb36

File tree

2 files changed

+12
-22
lines changed

2 files changed

+12
-22
lines changed

Diff for: fs/cifs/sess.c

+10-12
Original file line numberDiff line numberDiff line change
@@ -344,13 +344,12 @@ void build_ntlmssp_negotiate_blob(unsigned char *pbuffer,
344344
/* BB is NTLMV2 session security format easier to use here? */
345345
flags = NTLMSSP_NEGOTIATE_56 | NTLMSSP_REQUEST_TARGET |
346346
NTLMSSP_NEGOTIATE_128 | NTLMSSP_NEGOTIATE_UNICODE |
347-
NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_EXTENDED_SEC;
348-
if (ses->server->sign) {
347+
NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_EXTENDED_SEC |
348+
NTLMSSP_NEGOTIATE_SEAL;
349+
if (ses->server->sign)
349350
flags |= NTLMSSP_NEGOTIATE_SIGN;
350-
if (!ses->server->session_estab ||
351-
ses->ntlmssp->sesskey_per_smbsess)
352-
flags |= NTLMSSP_NEGOTIATE_KEY_XCH;
353-
}
351+
if (!ses->server->session_estab || ses->ntlmssp->sesskey_per_smbsess)
352+
flags |= NTLMSSP_NEGOTIATE_KEY_XCH;
354353

355354
sec_blob->NegotiateFlags = cpu_to_le32(flags);
356355

@@ -407,13 +406,12 @@ int build_ntlmssp_auth_blob(unsigned char **pbuffer,
407406
flags = NTLMSSP_NEGOTIATE_56 |
408407
NTLMSSP_REQUEST_TARGET | NTLMSSP_NEGOTIATE_TARGET_INFO |
409408
NTLMSSP_NEGOTIATE_128 | NTLMSSP_NEGOTIATE_UNICODE |
410-
NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_EXTENDED_SEC;
411-
if (ses->server->sign) {
409+
NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_EXTENDED_SEC |
410+
NTLMSSP_NEGOTIATE_SEAL;
411+
if (ses->server->sign)
412412
flags |= NTLMSSP_NEGOTIATE_SIGN;
413-
if (!ses->server->session_estab ||
414-
ses->ntlmssp->sesskey_per_smbsess)
415-
flags |= NTLMSSP_NEGOTIATE_KEY_XCH;
416-
}
413+
if (!ses->server->session_estab || ses->ntlmssp->sesskey_per_smbsess)
414+
flags |= NTLMSSP_NEGOTIATE_KEY_XCH;
417415

418416
tmp = *pbuffer + sizeof(AUTHENTICATE_MESSAGE);
419417
sec_blob->NegotiateFlags = cpu_to_le32(flags);

Diff for: fs/cifs/smb2pdu.c

+2-10
Original file line numberDiff line numberDiff line change
@@ -756,15 +756,13 @@ SMB2_sess_establish_session(struct SMB2_sess_data *sess_data)
756756
struct cifs_ses *ses = sess_data->ses;
757757

758758
mutex_lock(&ses->server->srv_mutex);
759-
if (ses->server->sign && ses->server->ops->generate_signingkey) {
759+
if (ses->server->ops->generate_signingkey) {
760760
rc = ses->server->ops->generate_signingkey(ses);
761-
kfree(ses->auth_key.response);
762-
ses->auth_key.response = NULL;
763761
if (rc) {
764762
cifs_dbg(FYI,
765763
"SMB3 session key generation failed\n");
766764
mutex_unlock(&ses->server->srv_mutex);
767-
goto keygen_exit;
765+
return rc;
768766
}
769767
}
770768
if (!ses->server->session_estab) {
@@ -778,12 +776,6 @@ SMB2_sess_establish_session(struct SMB2_sess_data *sess_data)
778776
ses->status = CifsGood;
779777
ses->need_reconnect = false;
780778
spin_unlock(&GlobalMid_Lock);
781-
782-
keygen_exit:
783-
if (!ses->server->sign) {
784-
kfree(ses->auth_key.response);
785-
ses->auth_key.response = NULL;
786-
}
787779
return rc;
788780
}
789781

0 commit comments

Comments
 (0)