From patchwork Tue Feb  4 22:57:40 2014
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
X-Patchwork-Id: 3583191
Return-Path: <linux-cifs-owner@kernel.org>
X-Original-To: patchwork-cifs-client@patchwork.kernel.org
Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org
Received: from mail.kernel.org (mail.kernel.org [198.145.19.201])
	by patchwork2.web.kernel.org (Postfix) with ESMTP id E70F0C02DC
	for <patchwork-cifs-client@patchwork.kernel.org>;
	Tue,  4 Feb 2014 22:58:13 +0000 (UTC)
Received: from mail.kernel.org (localhost [127.0.0.1])
	by mail.kernel.org (Postfix) with ESMTP id 1BB3720166
	for <patchwork-cifs-client@patchwork.kernel.org>;
	Tue,  4 Feb 2014 22:58:13 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.kernel.org (Postfix) with ESMTP id 1603E201D3
	for <patchwork-cifs-client@patchwork.kernel.org>;
	Tue,  4 Feb 2014 22:58:12 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S933066AbaBDW5w (ORCPT
	<rfc822;patchwork-cifs-client@patchwork.kernel.org>);
	Tue, 4 Feb 2014 17:57:52 -0500
Received: from mail-ob0-f182.google.com ([209.85.214.182]:41516 "EHLO
	mail-ob0-f182.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S932626AbaBDW5u (ORCPT
	<rfc822; linux-cifs@vger.kernel.org>); Tue, 4 Feb 2014 17:57:50 -0500
Received: by mail-ob0-f182.google.com with SMTP id wm4so10354627obc.13
	for <linux-cifs@vger.kernel.org>;
	Tue, 04 Feb 2014 14:57:49 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20120113;
	h=from:to:cc:subject:date:message-id;
	bh=H+pFp7Vb4GdgjznJUazU/NNJIOfcb7X3kjuHAuq1tPA=;
	b=rzBDEVoKuez/zDEhtgJq4J1IyqByMRe6L/QRQIWSs3ybB4GODz4Jrnx2M5dKt2Mr+k
	HCVDQi1RNUYKtY/x+Le/wzLOd7v4dewmIABZGaGSDY2gjNAhFOAN7lkQucHBy8sfob13
	lkluX33DwFbQSqmSsUmbTz/Afyo6SCHUZCRT4DCQg3m/WYlNGGl1aufNlMR4w0OsmwxC
	J3pwxAPiuo+N1KETExZEnXvosGV5D2zqSH5DuP/ajTpPa88zwW92y5c7bXoUXMLij4+7
	6S8SfSDHe6MIrD4t4qPk/yErZJn9wmOr1TBUvIdpeH0PyannEWi4i0JdRngxB6iOlXTs
	itZw==
X-Received: by 10.60.80.101 with SMTP id q5mr10097240oex.44.1391554669585;
	Tue, 04 Feb 2014 14:57:49 -0800 (PST)
Received: from shirish-ThinkPad-T400.gns.novell.com
	(75-13-85-90.lightspeed.austtx.sbcglobal.net. [75.13.85.90])
	by mx.google.com with ESMTPSA id
	m7sm44595060obo.7.2014.02.04.14.57.47 for <multiple recipients>
	(version=TLSv1.1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
	Tue, 04 Feb 2014 14:57:48 -0800 (PST)
From: shirishpargaonkar@gmail.com
To: smfrench@gmail.com
Cc: linux-cifs@vger.kernel.org,
	Shirish Pargaonkar <spargaonkar@suse.com>
Subject: [PATCH] cifs: Stop using NTLMSSP flag bit
	NTLMSSP_NEGOTIATE_EXTENDED_SEC
Date: Tue,  4 Feb 2014 16:57:40 -0600
Message-Id: <1391554660-11308-1-git-send-email-shirishpargaonkar@gmail.com>
X-Mailer: git-send-email 1.8.3.2
Sender: linux-cifs-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-cifs.vger.kernel.org>
X-Mailing-List: linux-cifs@vger.kernel.org
X-Spam-Status: No, score=-7.4 required=5.0 tests=BAYES_00,
	DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED, FREEMAIL_FROM, RCVD_IN_DNSWL_HI, RP_MATCHES_RCVD,
	T_DKIM_INVALID, UNPARSEABLE_RELAY autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

From: Shirish Pargaonkar <spargaonkar@suse.com>


Since cifs client does not support NTLM2 Session Security, do not set
bit NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY in Negotiate and
Authenticate messages of the NTLMSSP exchange during session setup. 

Send EncryptedRandomSessionKey in an Authenticate message of NTLMSSP exchange
based only on whether server set NTLMSSP_NEGOTIATE_KEY_EXCH in the
Challenge message of the NTLMSSP exchange.


Reported-by: Ben Greear <greearb@candelatech.com>
Signed-off-by: Shirish Pargaonkar <spargaonkar@suse.com>
---
 fs/cifs/sess.c | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c
index e87387d..cdc57be 100644
--- a/fs/cifs/sess.c
+++ b/fs/cifs/sess.c
@@ -343,7 +343,7 @@ void build_ntlmssp_negotiate_blob(unsigned char *pbuffer,
 	/* BB is NTLMV2 session security format easier to use here? */
 	flags = NTLMSSP_NEGOTIATE_56 |	NTLMSSP_REQUEST_TARGET |
 		NTLMSSP_NEGOTIATE_128 | NTLMSSP_NEGOTIATE_UNICODE |
-		NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_EXTENDED_SEC;
+		NTLMSSP_NEGOTIATE_NTLM;
 	if (ses->server->sign) {
 		flags |= NTLMSSP_NEGOTIATE_SIGN;
 		if (!ses->server->session_estab ||
@@ -382,7 +382,7 @@ int build_ntlmssp_auth_blob(unsigned char *pbuffer,
 	flags = NTLMSSP_NEGOTIATE_56 |
 		NTLMSSP_REQUEST_TARGET | NTLMSSP_NEGOTIATE_TARGET_INFO |
 		NTLMSSP_NEGOTIATE_128 | NTLMSSP_NEGOTIATE_UNICODE |
-		NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_EXTENDED_SEC;
+		NTLMSSP_NEGOTIATE_NTLM;
 	if (ses->server->sign) {
 		flags |= NTLMSSP_NEGOTIATE_SIGN;
 		if (!ses->server->session_estab ||
@@ -450,8 +450,7 @@ int build_ntlmssp_auth_blob(unsigned char *pbuffer,
 	sec_blob->WorkstationName.MaximumLength = 0;
 	tmp += 2;
 
-	if (((ses->ntlmssp->server_flags & NTLMSSP_NEGOTIATE_KEY_XCH) ||
-		(ses->ntlmssp->server_flags & NTLMSSP_NEGOTIATE_EXTENDED_SEC))
+	if ((ses->ntlmssp->server_flags & NTLMSSP_NEGOTIATE_KEY_XCH)
 			&& !calc_seckey(ses)) {
 		memcpy(tmp, ses->ntlmssp->ciphertext, CIFS_CPHTXT_SIZE);
 		sec_blob->SessionKey.BufferOffset = cpu_to_le32(tmp - pbuffer);