From patchwork Thu Aug 29 13:35:10 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Shirish Pargaonkar X-Patchwork-Id: 2851401 Return-Path: X-Original-To: patchwork-cifs-client@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.19.201]) by patchwork1.web.kernel.org (Postfix) with ESMTP id 8936E9F271 for ; Thu, 29 Aug 2013 13:35:29 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 643E820170 for ; Thu, 29 Aug 2013 13:35:28 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 39F34201D5 for ; Thu, 29 Aug 2013 13:35:27 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753209Ab3H2Nf0 (ORCPT ); Thu, 29 Aug 2013 09:35:26 -0400 Received: from mail-oa0-f41.google.com ([209.85.219.41]:61421 "EHLO mail-oa0-f41.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753029Ab3H2Nf0 (ORCPT ); Thu, 29 Aug 2013 09:35:26 -0400 Received: by mail-oa0-f41.google.com with SMTP id j17so435352oag.0 for ; Thu, 29 Aug 2013 06:35:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=SApkaYCLTbo4t7sUnJ4XLeJrgViJ7H6R/y7p0JdcWYI=; b=Tp9p/IAGGHGnUc8crD/o04ZRH+uJe7zjPNBa7vnvbb1OZ0j3H59QEw6/9Oq1xrBhcA YNOw5ITbS2B2I96JL7pa1qWMxSVGCqoGUmGCBG9RnlHoYosWDrQRKkFE+/T+VxkUjlj6 JukbPrFlddptdj6Wk2KC0uHSK113mi1E1ez7yo7YPfJ57DX8nSLcz+4TR32rskq5g8SV hsO+8ZCbWl2P0T2fjD25/Er0uun6SYl15w/P2++ngUPMRND+BghGgT5SxoBrovosGNaY Vxsfh7fN62G4zg4++Oc4Rah5Xru20Xs5+pBZRyNNDYSehD4NMmy58XWrNsC2oAy3Y3KK Ez7A== X-Received: by 10.60.133.133 with SMTP id pc5mr1259904oeb.63.1377783325934; Thu, 29 Aug 2013 06:35:25 -0700 (PDT) Received: from localhost (75-13-85-90.lightspeed.austtx.sbcglobal.net. [75.13.85.90]) by mx.google.com with ESMTPSA id tz10sm31404169obc.10.1969.12.31.16.00.00 (version=TLSv1.2 cipher=RC4-SHA bits=128/128); Thu, 29 Aug 2013 06:35:25 -0700 (PDT) From: Shirish Pargaonkar To: smfrench@gmail.com Cc: linux-cifs@vger.kernel.org, Shirish Pargaonkar Subject: [PATCH 2/3] cifs: Add a variable specific to NTLMSSP for key exchange. Date: Thu, 29 Aug 2013 08:35:10 -0500 Message-Id: <1377783311-3924-3-git-send-email-shirishpargaonkar@gmail.com> X-Mailer: git-send-email 1.8.1.2 In-Reply-To: <1377783311-3924-1-git-send-email-shirishpargaonkar@gmail.com> References: <1377783311-3924-1-git-send-email-shirishpargaonkar@gmail.com> Sender: linux-cifs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-cifs@vger.kernel.org X-Spam-Status: No, score=-9.3 required=5.0 tests=BAYES_00, DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED, FREEMAIL_FROM, RCVD_IN_DNSWL_HI, RP_MATCHES_RCVD, T_DKIM_INVALID, UNPARSEABLE_RELAY autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Add a variable specific to NTLMSSP authentication to determine whether to exchange keys during negotiation and authentication phases. Since session key for smb1 is per smb connection, once a very first sesion is established, there is no need for key exchange during subsequent session setups. As a result, smb1 session setup code sets this variable as false. Since session key for smb2 and smb3 is per smb connection, we need to exchange keys to generate session key for every sesion being established. As a result, smb2/3 session setup code sets this variable as true. Acked-by: Jeff Layton --- fs/cifs/cifsglob.h | 1 + fs/cifs/sess.c | 8 ++++++-- fs/cifs/smb2pdu.c | 1 + 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h index 52ca861..cce26a8 100644 --- a/fs/cifs/cifsglob.h +++ b/fs/cifs/cifsglob.h @@ -135,6 +135,7 @@ struct cifs_secmech { /* per smb session structure/fields */ struct ntlmssp_auth { + bool sesskey_per_smbsess; /* whether session key is per smb session */ __u32 client_flags; /* sent by client in type 1 ntlmsssp exchange */ __u32 server_flags; /* sent by server in type 2 ntlmssp exchange */ unsigned char ciphertext[CIFS_CPHTXT_SIZE]; /* sent to server */ diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c index 7afd54a..d7907c4 100644 --- a/fs/cifs/sess.c +++ b/fs/cifs/sess.c @@ -428,7 +428,8 @@ void build_ntlmssp_negotiate_blob(unsigned char *pbuffer, NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_EXTENDED_SEC; if (ses->server->sign) { flags |= NTLMSSP_NEGOTIATE_SIGN; - if (!ses->server->session_estab) + if (!ses->server->session_estab || + ses->ntlmssp->sesskey_per_smbsess) flags |= NTLMSSP_NEGOTIATE_KEY_XCH; } @@ -466,7 +467,8 @@ int build_ntlmssp_auth_blob(unsigned char *pbuffer, NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_EXTENDED_SEC; if (ses->server->sign) { flags |= NTLMSSP_NEGOTIATE_SIGN; - if (!ses->server->session_estab) + if (!ses->server->session_estab || + ses->ntlmssp->sesskey_per_smbsess) flags |= NTLMSSP_NEGOTIATE_KEY_XCH; } @@ -641,6 +643,8 @@ CIFS_SessSetup(const unsigned int xid, struct cifs_ses *ses, ses->ntlmssp = kmalloc(sizeof(struct ntlmssp_auth), GFP_KERNEL); if (!ses->ntlmssp) return -ENOMEM; + ses->ntlmssp->sesskey_per_smbsess = false; + } ssetup_ntlmssp_authenticate: diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c index 05a0186..28083b4 100644 --- a/fs/cifs/smb2pdu.c +++ b/fs/cifs/smb2pdu.c @@ -491,6 +491,7 @@ SMB2_sess_setup(const unsigned int xid, struct cifs_ses *ses, ses->ntlmssp = kmalloc(sizeof(struct ntlmssp_auth), GFP_KERNEL); if (!ses->ntlmssp) return -ENOMEM; + ses->ntlmssp->sesskey_per_smbsess = true; /* FIXME: allow for other auth types besides NTLMSSP (e.g. krb5) */ ses->sectype = RawNTLMSSP;