From patchwork Thu May 23 15:05:56 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeff Layton X-Patchwork-Id: 2607541 Return-Path: X-Original-To: patchwork-cifs-client@patchwork.kernel.org Delivered-To: patchwork-process-083081@patchwork2.kernel.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by patchwork2.kernel.org (Postfix) with ESMTP id A7DB2DFB78 for ; Thu, 23 May 2013 15:06:25 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1759428Ab3EWPGY (ORCPT ); Thu, 23 May 2013 11:06:24 -0400 Received: from mail-qa0-f46.google.com ([209.85.216.46]:63738 "EHLO mail-qa0-f46.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1759358Ab3EWPGX (ORCPT ); Thu, 23 May 2013 11:06:23 -0400 Received: by mail-qa0-f46.google.com with SMTP id bv4so3475901qab.19 for ; Thu, 23 May 2013 08:06:22 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=sender:from:to:cc:subject:date:message-id:x-mailer:in-reply-to :references:x-gm-message-state; bh=7o8LeyubkJe6js2oS7iQTAdhIwerkK87WOH8nNx3cro=; b=QlV3TGJ629sNFqBQ/DOZac4yrur5Cq6ZpfCEMrJ/KV/zXrb/wq2HxBVerhWKMJ5P/s qRklGC/PzV/KtG2pmME39zlHvFdb4HltICagFYpq+TtMyU+6sOyl+2SHGQITkwKmE2jh tIqQX7/L5JXPryBvLByACuAsZvp441MSAYNxPKWeir3tQpO9J4S3pD5Veam0r/ktui/g 2wm33YHD3Qi/tV6TT+a+Qs8qOHKDL01rNfQ9EQj+9vbEYRPkbvVEzzbeBXlB6r+TUlhW z5apdt5lWA03hGrhszYs2Zrev2BzvzVAjoc7hA8vLaZzLIEUinFebHxFhiaQxAW3XtFA Kjcw== X-Received: by 10.224.172.1 with SMTP id j1mr12099427qaz.15.1369321582510; Thu, 23 May 2013 08:06:22 -0700 (PDT) Received: from salusa.poochiereds.net (cpe-107-015-113-143.nc.res.rr.com. [107.15.113.143]) by mx.google.com with ESMTPSA id y1sm12688520qad.5.2013.05.23.08.06.21 for (version=TLSv1.2 cipher=RC4-SHA bits=128/128); Thu, 23 May 2013 08:06:21 -0700 (PDT) From: Jeff Layton To: smfrench@gmail.com Cc: linux-cifs@vger.kernel.org, idra@samba.org Subject: [PATCH 12/19] cifs: track the flavor of the NEGOTIATE reponse Date: Thu, 23 May 2013 11:05:56 -0400 Message-Id: <1369321563-16893-13-git-send-email-jlayton@redhat.com> X-Mailer: git-send-email 1.8.1.4 In-Reply-To: <1369321563-16893-1-git-send-email-jlayton@redhat.com> References: <1369321563-16893-1-git-send-email-jlayton@redhat.com> X-Gm-Message-State: ALoCoQn3JptV2ZtOfFNCsWMXMH+MNhQGe6KY6C1cFBG/zobpXfMuxQoRXN07PkBiGCUVdl8CSH4T Sender: linux-cifs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-cifs@vger.kernel.org Track what sort of NEGOTIATE response we get from the server, as that will govern what sort of authentication types this socket will support. There are three possibilities: LANMAN: server sent legacy LANMAN-type response UNENCAP: server sent a newer-style response, but extended security bit wasn't set. This socket will only support unencapsulated auth types. EXTENDED: server sent a newer-style response with the extended security bit set. This is necessary to support krb5 and ntlmssp auth types. Signed-off-by: Jeff Layton Reviewed-by: Pavel Shilovsky --- fs/cifs/cifsglob.h | 4 ++++ fs/cifs/cifssmb.c | 15 ++++++++++----- fs/cifs/smb2pdu.c | 2 ++ 3 files changed, 16 insertions(+), 5 deletions(-) diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h index a858037..c2ef6c1 100644 --- a/fs/cifs/cifsglob.h +++ b/fs/cifs/cifsglob.h @@ -540,6 +540,10 @@ struct TCP_Server_Info { struct session_key session_key; unsigned long lstrp; /* when we got last response from this server */ struct cifs_secmech secmech; /* crypto sec mech functs, descriptors */ +#define CIFS_NEGFLAVOR_LANMAN 0 /* wct == 13, LANMAN */ +#define CIFS_NEGFLAVOR_UNENCAP 1 /* wct == 17, but no ext_sec */ +#define CIFS_NEGFLAVOR_EXTENDED 2 /* wct == 17, ext_sec bit set */ + char negflavor; /* NEGOTIATE response flavor */ /* extended security flavors that server supports */ bool sec_ntlmssp; /* supports NTLMSSP */ bool sec_kerberosu2u; /* supports U2U Kerberos */ diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c index e7184b9..b43948a 100644 --- a/fs/cifs/cifssmb.c +++ b/fs/cifs/cifssmb.c @@ -616,6 +616,7 @@ CIFSSMBNegotiate(const unsigned int xid, struct cifs_ses *ses) goto neg_err_exit; } else if (pSMBr->hdr.WordCount == 13) { rc = decode_lanman_negprot_rsp(server, pSMBr, secFlags); + server->negflavor = CIFS_NEGFLAVOR_LANMAN; goto neg_err_exit; } else if (pSMBr->hdr.WordCount != 17) { /* unknown wct */ @@ -666,17 +667,21 @@ CIFSSMBNegotiate(const unsigned int xid, struct cifs_ses *ses) server->timeAdj = (int)(__s16)le16_to_cpu(pSMBr->ServerTimeZone); server->timeAdj *= 60; - if (pSMBr->EncryptionKeyLength == CIFS_CRYPTO_KEY_SIZE) + if (pSMBr->EncryptionKeyLength == CIFS_CRYPTO_KEY_SIZE) { + server->negflavor = CIFS_NEGFLAVOR_UNENCAP; memcpy(ses->server->cryptkey, pSMBr->u.EncryptionKey, CIFS_CRYPTO_KEY_SIZE); - else if ((pSMBr->hdr.Flags2 & SMBFLG2_EXT_SEC || + } else if ((pSMBr->hdr.Flags2 & SMBFLG2_EXT_SEC || server->capabilities & CAP_EXTENDED_SECURITY) && - (pSMBr->EncryptionKeyLength == 0)) + (pSMBr->EncryptionKeyLength == 0)) { + server->negflavor = CIFS_NEGFLAVOR_EXTENDED; rc = decode_ext_sec_blob(server, pSMBr); - else if (server->sec_mode & SECMODE_PW_ENCRYPT) + } else if (server->sec_mode & SECMODE_PW_ENCRYPT) { rc = -EIO; /* no crypt key only if plain text pwd */ - else + } else { + server->negflavor = CIFS_NEGFLAVOR_UNENCAP; server->capabilities &= ~CAP_EXTENDED_SECURITY; + } if (!rc) rc = cifs_enable_signing(server, secFlags); diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c index ebb97b4..1609699 100644 --- a/fs/cifs/smb2pdu.c +++ b/fs/cifs/smb2pdu.c @@ -405,6 +405,8 @@ SMB2_negotiate(const unsigned int xid, struct cifs_ses *ses) } server->dialect = le16_to_cpu(rsp->DialectRevision); + /* SMB2 only has an extended negflavor */ + server->negflavor = CIFS_NEGFLAVOR_EXTENDED; server->maxBuf = le32_to_cpu(rsp->MaxTransactSize); server->max_read = le32_to_cpu(rsp->MaxReadSize); server->max_write = le32_to_cpu(rsp->MaxWriteSize);