From patchwork Tue May 28 12:11:53 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeff Layton X-Patchwork-Id: 2624371 Return-Path: X-Original-To: patchwork-cifs-client@patchwork.kernel.org Delivered-To: patchwork-process-083081@patchwork1.kernel.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by patchwork1.kernel.org (Postfix) with ESMTP id 31E9340077 for ; Tue, 28 May 2013 12:12:21 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933686Ab3E1MMU (ORCPT ); Tue, 28 May 2013 08:12:20 -0400 Received: from mail-gg0-f173.google.com ([209.85.161.173]:61635 "EHLO mail-gg0-f173.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S933681Ab3E1MMU (ORCPT ); Tue, 28 May 2013 08:12:20 -0400 Received: by mail-gg0-f173.google.com with SMTP id l4so2070998ggn.18 for ; Tue, 28 May 2013 05:12:19 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=sender:from:to:cc:subject:date:message-id:x-mailer:in-reply-to :references:x-gm-message-state; bh=SNirXPlksx8X6d1EiDwYb0EyYtTYrrt3S3ATLKg/Tcc=; b=U1Zp0HpibYp6pdSCvtCu5aX0wnq/j6ieUGYGQgwbLhF7b48qXjs4fMKjVfHblBMeLv SUnxkOWeH2zu/aHhxNZCT0xR5kvfJ0XzWm5qMGKgllP6WClgvf7L4ZN6NjWQJ8WvflEn xo69nHy3UT6jlHLYYK6rR2XJfnKe1Phi+GslQlkidMDu/1nZPCYTzgVr3i97ATztXJRN 7N4+pil+Suvw7S417XHoe43cZAqvzrAbwHkeRqS5FmUzNmzFgjBoEFc0fyBBKBZwGkFU J/YJqoKli/6EHSTEAoE8MTukENgGZoA8rQ7c/eAEGmXqv9/wjn/kWySO6slEwQk5nXb8 aoxA== X-Received: by 10.236.135.103 with SMTP id t67mr16131006yhi.54.1369743139719; Tue, 28 May 2013 05:12:19 -0700 (PDT) Received: from salusa.poochiereds.net (cpe-107-015-124-230.nc.res.rr.com. [107.15.124.230]) by mx.google.com with ESMTPSA id d24sm14409623yhi.17.2013.05.28.05.12.18 for (version=TLSv1.2 cipher=RC4-SHA bits=128/128); Tue, 28 May 2013 05:12:19 -0700 (PDT) From: Jeff Layton To: smfrench@gmail.com Cc: linux-cifs@vger.kernel.org, idra@samba.org, piastryyy@gmail.com Subject: [PATCH v2 12/19] cifs: track the flavor of the NEGOTIATE reponse Date: Tue, 28 May 2013 08:11:53 -0400 Message-Id: <1369743120-18941-13-git-send-email-jlayton@redhat.com> X-Mailer: git-send-email 1.8.1.4 In-Reply-To: <1369743120-18941-1-git-send-email-jlayton@redhat.com> References: <1369743120-18941-1-git-send-email-jlayton@redhat.com> X-Gm-Message-State: ALoCoQmhMtPmw1EIdVi1g0tU97+gOvuz4ZNA1ZoeGzQ+Uc0a8emYeWTO1DtRCGyh24YgNrEzhk5Z Sender: linux-cifs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-cifs@vger.kernel.org Track what sort of NEGOTIATE response we get from the server, as that will govern what sort of authentication types this socket will support. There are three possibilities: LANMAN: server sent legacy LANMAN-type response UNENCAP: server sent a newer-style response, but extended security bit wasn't set. This socket will only support unencapsulated auth types. EXTENDED: server sent a newer-style response with the extended security bit set. This is necessary to support krb5 and ntlmssp auth types. Signed-off-by: Jeff Layton Reviewed-by: Pavel Shilovsky --- fs/cifs/cifsglob.h | 4 ++++ fs/cifs/cifssmb.c | 15 ++++++++++----- fs/cifs/smb2pdu.c | 2 ++ 3 files changed, 16 insertions(+), 5 deletions(-) diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h index a858037..c2ef6c1 100644 --- a/fs/cifs/cifsglob.h +++ b/fs/cifs/cifsglob.h @@ -540,6 +540,10 @@ struct TCP_Server_Info { struct session_key session_key; unsigned long lstrp; /* when we got last response from this server */ struct cifs_secmech secmech; /* crypto sec mech functs, descriptors */ +#define CIFS_NEGFLAVOR_LANMAN 0 /* wct == 13, LANMAN */ +#define CIFS_NEGFLAVOR_UNENCAP 1 /* wct == 17, but no ext_sec */ +#define CIFS_NEGFLAVOR_EXTENDED 2 /* wct == 17, ext_sec bit set */ + char negflavor; /* NEGOTIATE response flavor */ /* extended security flavors that server supports */ bool sec_ntlmssp; /* supports NTLMSSP */ bool sec_kerberosu2u; /* supports U2U Kerberos */ diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c index e639610..80ca688 100644 --- a/fs/cifs/cifssmb.c +++ b/fs/cifs/cifssmb.c @@ -615,6 +615,7 @@ CIFSSMBNegotiate(const unsigned int xid, struct cifs_ses *ses) rc = -EOPNOTSUPP; goto neg_err_exit; } else if (pSMBr->hdr.WordCount == 13) { + server->negflavor = CIFS_NEGFLAVOR_LANMAN; rc = decode_lanman_negprot_rsp(server, pSMBr, secFlags); goto signing_check; } else if (pSMBr->hdr.WordCount != 17) { @@ -666,17 +667,21 @@ CIFSSMBNegotiate(const unsigned int xid, struct cifs_ses *ses) server->timeAdj = (int)(__s16)le16_to_cpu(pSMBr->ServerTimeZone); server->timeAdj *= 60; - if (pSMBr->EncryptionKeyLength == CIFS_CRYPTO_KEY_SIZE) + if (pSMBr->EncryptionKeyLength == CIFS_CRYPTO_KEY_SIZE) { + server->negflavor = CIFS_NEGFLAVOR_UNENCAP; memcpy(ses->server->cryptkey, pSMBr->u.EncryptionKey, CIFS_CRYPTO_KEY_SIZE); - else if ((pSMBr->hdr.Flags2 & SMBFLG2_EXT_SEC || + } else if ((pSMBr->hdr.Flags2 & SMBFLG2_EXT_SEC || server->capabilities & CAP_EXTENDED_SECURITY) && - (pSMBr->EncryptionKeyLength == 0)) + (pSMBr->EncryptionKeyLength == 0)) { + server->negflavor = CIFS_NEGFLAVOR_EXTENDED; rc = decode_ext_sec_blob(server, pSMBr); - else if (server->sec_mode & SECMODE_PW_ENCRYPT) + } else if (server->sec_mode & SECMODE_PW_ENCRYPT) { rc = -EIO; /* no crypt key only if plain text pwd */ - else + } else { + server->negflavor = CIFS_NEGFLAVOR_UNENCAP; server->capabilities &= ~CAP_EXTENDED_SECURITY; + } signing_check: if (!rc) diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c index ebb97b4..1609699 100644 --- a/fs/cifs/smb2pdu.c +++ b/fs/cifs/smb2pdu.c @@ -405,6 +405,8 @@ SMB2_negotiate(const unsigned int xid, struct cifs_ses *ses) } server->dialect = le16_to_cpu(rsp->DialectRevision); + /* SMB2 only has an extended negflavor */ + server->negflavor = CIFS_NEGFLAVOR_EXTENDED; server->maxBuf = le32_to_cpu(rsp->MaxTransactSize); server->max_read = le32_to_cpu(rsp->MaxReadSize); server->max_write = le32_to_cpu(rsp->MaxWriteSize);