From patchwork Tue Dec 6 22:02:31 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Pavel Shilovskiy X-Patchwork-Id: 9463309 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id F107C60231 for ; Tue, 6 Dec 2016 22:17:43 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E20E3284F0 for ; Tue, 6 Dec 2016 22:17:43 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id D51F3284F4; Tue, 6 Dec 2016 22:17:43 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5BA68284F0 for ; Tue, 6 Dec 2016 22:17:43 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751725AbcLFWRm (ORCPT ); Tue, 6 Dec 2016 17:17:42 -0500 Received: from mail-bn3nam01on0100.outbound.protection.outlook.com ([104.47.33.100]:51568 "EHLO NAM01-BN3-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1751139AbcLFWRl (ORCPT ); Tue, 6 Dec 2016 17:17:41 -0500 X-Greylist: delayed 892 seconds by postgrey-1.27 at vger.kernel.org; Tue, 06 Dec 2016 17:17:41 EST DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=VuoY1M80cQD863NryBRkvCFM8uZSAfuMn2Fn5fePFQY=; b=R3jYz07pV6KNiTaMsSZ3ivmgzJix9ihqgryKOVb8l7mqeQ0nGUJZW72V7hLMS5ppj4Nidmms1Pfubn6t0nTvVyWs+T5+eI777pSYAz0k0aEUAZLVjLmtx6w4guwVDiOMiXO/cFn6b9bIRkfw8Ec0JNXEqb4v3ZAzgPooxvyZ0H4= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=pshilov@microsoft.com; Received: from ubuntu-vm.corp.microsoft.com (2001:4898:80e8:2::63b) by CY4PR03MB2549.namprd03.prod.outlook.com (10.173.41.148) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.761.9; Tue, 6 Dec 2016 22:02:48 +0000 From: Pavel Shilovsky To: linux-cifs@vger.kernel.org Subject: [PATCH 08/15] CIFS: Enable encryption during session setup phase Date: Tue, 6 Dec 2016 14:02:31 -0800 Message-Id: <1481061758-52020-9-git-send-email-pshilov@microsoft.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1481061758-52020-1-git-send-email-pshilov@microsoft.com> References: <1481061758-52020-1-git-send-email-pshilov@microsoft.com> MIME-Version: 1.0 X-Originating-IP: [2001:4898:80e8:2::63b] X-ClientProxiedBy: CY1PR17CA0004.namprd17.prod.outlook.com (10.163.68.14) To CY4PR03MB2549.namprd03.prod.outlook.com (10.173.41.148) X-MS-Office365-Filtering-Correlation-Id: 8d50332e-a430-4983-0bc5-08d41e239dd6 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001); SRVR:CY4PR03MB2549; X-Microsoft-Exchange-Diagnostics: 1; CY4PR03MB2549; 3:LJYMMXdn4weaRZFfcu1sauCMSs3Rn2T/eHsiHhOs69Ao8QQULy6dUg48TFI6p9BuXy6NT/bg/r7aHTr5CfeRgeTsAODAeVNlnduW4DKYWe+7J127Vw2GS4gfOFaq4UTgCkkjBQ2pCUX//O6eiv4EbpErQzFSgdbmcU6iu9/Q6+qDaFpF1iVGpyTU3MOYJIVwArBLJcgr3jq8bDcmv7P3nEuNK/A1Da5/qXH9K0h5y8EsyyxeiHL233O+Q6bsQEcREKfyVZ80VOZIR1N6Waiz+g==; 25:AL2J2Cvs6JR1KjfWKGFQyhKvbHLY5aLBtra2luiIuevEZtWZMR928EpmK+rjFIv+DcY+to6J305E6dq9KM9bk64l94Pv0EHs/OWmoPLHnH1JiTaBHEAOp6qvQbXdhe+ST+b4cxH7KHx+My+XUt0nRtLoZpMxtOdrx1e6iQWb7t5mMukunWx7Bsjy8UEmsCJ8l3BaMiCGfd6DW9aWGyZrbsqcxSiBhhuG6KRRmjKv0h0gstKGUbD+rHisAfX5/f8L5Pr/CIbDEfJJ7uC03IdhigFr+lx8Mxp+XCuG0yoLuCxBeER6US/fMtwXyoUNJGSdE6L7h/1LzLMA5rH3iUxaqrV9Cv/KVxZXlsGFJsKQN9w6hiRUXsZWl5d3u0xCXg71mDmbytUtZhZPY5TCLcLhdrgV/Vm2N0D2bnYfyvffXu51472pSSMSVMTGaZ7BdLNiq++Jgic9am8X1yCOO2O3SA== X-Microsoft-Exchange-Diagnostics: 1; CY4PR03MB2549; 31:c/OXEaqR3G0Hlkn2rHg9IvGLMarDBxAUIxZVz+ARaEBAjMxeBathckr40xujMX1QrZCkkXOGhWhvzoeNecjyfTeJcy7tkbQTSvGmpk7VGkERVoIG3ufMSrvcVHIf5/FItBdtb/fAO6dliFXbOfKoC23JLK53pKVQtdoQqqqqw1870PJRXvyhWXjo7itxSQcLLZdtm+E/X4PyP3hGaQkuA3PgsuyzdWsMXuf4N8FHwR3hVcqmpR2tQHjwI1YaqBB4VRZvhyBma3i57HcdQWM2NA==; 20:PhhyEMyKIECNEJcz7XQtV/Nm/9S550iPDrMCL5na+dEUGsMSY9ZLFNUJOpF06H4vWn7pH3rL8lWGJ+A4aW0FDbT679WU7NKxhfmflaqPOOTSsCdDWCYSvxEgjiVwuHb3LzPioOZipmfquQ7TkXmVclIkn1o6Q3FskxqyqBk/XcdvqC91p3HN8TkLxzk5KvbrwNeaQqwWmrkv+2AXy3J/A4yPHSebc6Un/dPU75Jx5GHPS0SUfFXiJMiA8WblS9Z24Ly1MwI2QxSvccorUi4eLQiizK9La9Y9cco5y8dAB7HB1J+6Ut0GEvI0EeWe7hhBe8SPsPFBrYwd0J0rfhP9PXiWrZu1bNRSMIgWVgy/MY4R86FMEpr2sT/wSX6kDoPjN37f9ea8lCN+oFMhkeHrUDUcxPYuQdlgLBXElhmtCxRQAoBYiXhxiLN/QuGXjZRS4ndZ/VVTVcmf3puA5f4luE/m4TghVsH+QCMsqgtneioeKEXs/ZqFxK81W5LR2ZbQ X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(192374486261705); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040375)(601004)(2401047)(5005006)(8121501046)(3002001)(10201501046)(6055026)(6041248)(20161123560025)(20161123562025)(20161123564025)(20161123555025)(6047074)(6072148); SRVR:CY4PR03MB2549; BCL:0; PCL:0; RULEID:; SRVR:CY4PR03MB2549; X-Microsoft-Exchange-Diagnostics: 1; CY4PR03MB2549; 4:yAzrO78Tr8xHfG6NPNWYnS7OWz63ZtNSXDXFydz4r/2jVz2aLYKTqaFyiK62x/t3+JzFTEiLrM8U8i1XfC/IXQwmGQvklxf5nce1A2FzxuZFYcLGYsbfXodv71R2FbtWnaMR/sqFTX/tltMXeODMgnn9abQvz80KCN2ducUNQXRSZu/pEwk3hMOWUzcxlkLONSUSpmBle8+Kd+vdwnFq7jhiU6t7F7J0thdeVEZUZUQf2oWzaHD2SiexhWvHs3TAdaRgLnIPmBU924hbtUZvfPS85QMlxirmOTptAQBH2VZG5aUK6mGDaZp1sBtZu4c0O+hsRxE2ZPYuJh8vdUDw30tLFrZrWMco38Dz2/lFqFV4O98xVAGSC8iZWO8KXCkDsCwr5ZiOJWH+xnxr+c5IUWHPC9IM3hX1klSK4V03nAXbDuHoJiQDlBCxxMCgYir8/Rl3eXvXxHJXdpmXRppfUFF24AzAAogLoZyLIhS522XR8gY5ck8sZrB96qk6Lw4guWbb9aO0k3dju+B52LNvHIUuMpHXMd2iJixBROKLPn7vebv5dThVHvpLX5xxtAP9H1coRYKHpuggILDlk0RiXGx4xfYdGoPrMllDTz5EAE/5r2h8Nt2j8NkHMu8uByXxFlevP8+unKdEYb8RS22gMLxYHQxSEJPhRsbL5JiXvDc= X-Forefront-PRVS: 01480965DA X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10019020)(4630300001)(979002)(6009001)(7916002)(69234005)(199003)(189002)(50466002)(92566002)(101416001)(86362001)(33646002)(47776003)(48376002)(2950100002)(6916009)(106356001)(105586002)(6666003)(50986999)(42186005)(39860400001)(39850400001)(39840400001)(86612001)(76176999)(2361001)(110136003)(2351001)(450100001)(189998001)(5660300001)(10090500001)(5003940100001)(10290500002)(38730400001)(5005710100001)(8676002)(6116002)(36756003)(107886002)(39410400001)(733004)(7846002)(2906002)(39450400002)(6486002)(7736002)(50226002)(68736007)(305945005)(81156014)(97736004)(81166006)(969003)(989001)(999001)(1009001)(1019001); DIR:OUT; SFP:1102; SCL:1; SRVR:CY4PR03MB2549; H:ubuntu-vm.corp.microsoft.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; CY4PR03MB2549; 23:DmNxy3v1ol9AB/skCBlfTag9m7vx8s+AzpT1Z0P5h?= =?us-ascii?Q?A8EegcQ5A9SuUw/8dVSx6h+KcvkMPNfRh6xEm0wJMRwlheJtBY4k6gvDQl79?= =?us-ascii?Q?kd6XjXiXBbepZPtYhaBHRL/haDn7L9ayGt+TzXYapiGDbAzlrz8LBa6Utgkv?= =?us-ascii?Q?2qucZhO4SeJ16II3ACMCwharBOUjVCAmAvgeax1DZsaK4rfU1kjhC/+e9eyu?= =?us-ascii?Q?mmaDfXJhXeyxSLyR/VS7zj4HZ65X1oqsAKTqmwaZqv2WfbMElpTpMDsw7jK1?= =?us-ascii?Q?R90m/3ziQVWbXxJ5FIlNlPJRH3442FLBdM5XPRLwWvmjOCAs/qa3si1x9xzZ?= =?us-ascii?Q?GvIjy1SXIx9PW+gr5g5Xpsf485mJ+LcNmj5qzG8XB6xZy0/YCTO0gfn0MEVG?= =?us-ascii?Q?LyIc07EW4o23ExmZxmdYD4BysygtuNcJ+Mv8vwgy3EMaALQdnIWaJjzzCL57?= =?us-ascii?Q?c00Bpme+Y9jVwA+1uwIFu/5tr7ToclDPXo3HQF5QEyZzhkgUJRv/a/we+1kF?= =?us-ascii?Q?+s/nG/n+UMbdu1VmHce98/h0eGk/i6yrKN5872kWJPkm4yQ9Q67IBanraN40?= =?us-ascii?Q?Y58tcVeM7ZTGFFZuXSxoN4v9iaHYlVrYZt7hDiD0czwZIfRRKrBGZ17t42DM?= =?us-ascii?Q?WmYXwUGnLMU2ZKkQI3eI3A35En7WHWtg5m/y58L8MHLbYU02swmKPGoLCCsM?= =?us-ascii?Q?HI813+Gu/v9ClZqM0rgMvO4u+w6OMvWOx0fpN7TqR7WZqfxnr8F3iVw3+DiB?= =?us-ascii?Q?aU7YuP0NFNtVjj/H2eIlHzBKfsxqkTFuU4RX5+WSkGkQUmwC937tIotpmY3w?= =?us-ascii?Q?NieEc5wg00S1wTYXwykll4BHzZj8ML17JKb9vIAnn4Htj7iS7AAztzlZxF4n?= =?us-ascii?Q?pUle+MiHCiqGR01Usia8Vb/s/zRj4rRRLVs8F4sVQb1o6eEHWYh+k96Iudno?= =?us-ascii?Q?5hka2GnVGoL2/kBoza+YFtIqiB+UOhKi4g4kFt1G15jkF09L/YqbbFmdA0hU?= =?us-ascii?Q?9bwv0S2HPgFMS5pHbAEG2aCAjlKZ65RjUEViRS/+nSeXzKx9C2z/4ZZSVFEh?= =?us-ascii?Q?OwzGsshLZQEMWI4fXNL87MJQtb9VrrBKCLaK6eNteJLSHZq97DO+RDVIipg2?= =?us-ascii?Q?ZdFZaijsmIXSemZIh25A+hsYdGZ9gdnH8QvBRM3DYKr222HuMVuA4+pQ2dxH?= =?us-ascii?Q?d+ZWNiSlWBg+3/LCgUArcegy/TxjjINADsvK6o2GXv5YulXF0XNGIXUYbGgb?= =?us-ascii?Q?kt6cQjBhogczP/hpRmQCal5fifP7Cz4hFleHmyBYnJBZyesQvZUbLbRfvVOn?= =?us-ascii?Q?Jhrqr67RK3q3DR5A4ONwF5KGHAVH83MdLh5YLk9w/ZrjrdfEOdB4Y2vjWNK+?= =?us-ascii?Q?Vs5iZlA77beF8LRLCyXnIBqQ5g6l4MLJGSMcQ1DbMSQNsrlwA5D4gpaIBoeh?= =?us-ascii?Q?mNzc/EfpQ=3D=3D?= X-Microsoft-Exchange-Diagnostics: 1; CY4PR03MB2549; 6:PeNIf33JVmOaq/DUFC54IkX+nY/CqRkyffcOLZVasmfHpojojtzVozczdLONQ6Cmy9wqgR8BpAVn5JqJ6sCGGDVsNYYdifbv4Zvo9IGxXTANLtYGGfzn2Xer9g/larPLAA6qThFOJihaYty/IjLbZ+FUMp4luL5FCJn4MwkoMRY35TsOcZ5AaZyMIc30MoScAPtF1Unj828fCUJErqjPd7fNX9eM4YGFXZs+tkPIEZilLRwcMHtoAVhDwPNUWXBJ1PM+wC/Dw5ZoTYjrqaFerA6lG/tblx9vbWsqRYDRCgWZaDLFVLUI+FcKQK2UJOJmVzivtJNv3jXdIXsCuX2ZaZkD6+r2Ij6ckTqfqq0EBQBZupMiEFZjvOu6qE1AuZttZeUF++v7qsajBJLsM/TRGtLWdDTVD/sh1Gzh51hkDsxKcYu++KjJXkaxd3aDn7ytuswCs9XYVD2DrfKvpf7IGQ==; 5:ob00aBDwnWr1+ii2rNnsVFA+W/nDn4cC6O3Xmhq4r8f1kfCz28uXZJ+rlN+niN+a6ACiTYnimxriTjZCbEEofRbNnAwoHDCHnYyohM9kGh9IYLEh8Y3M6mSm9JJg7Fkk/kmhRJeFHxWRfXgjCb9t93UZnGyyBd+yXwCXTn6lOnM=; 24:quqcfJEktrjXkaRzdqr03nt2X+sFXVZLanJO4UdyxUOjWTm4SuR0Uv5uDyXJxQSXwc/h8neHeCVriwFQIYp94CepebHEO6kJBWaXG5CKhmU= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; CY4PR03MB2549; 7:cvCset676Szw0eJLUqhw/A2uE0MzRivP0BHhgU71AzUHwuTJlljGsgQdr00kpS79Ja6Hb8ExUtgx2/2myRk/P7SjoehADKO1pnOcB9wOJZp1amXO5/W9txhZmXVVVyBPgRkrjTBmZzbMftXqNAmD02FfV8Gk9nxc68rpUpm8NZOSJxD7LR+TZlryTeZoN8BNJIoxSrvgPQGxH2S6SzupmY3knezkgJWmb2O9OSGkegnucWKN+sakPV1Q6qSsnHRvYxtuPd9Ph0dr2lKv2CCovEKZ/lNZnZPf/N+C3MZjkTqlKuhfAaEazNi5gG61AuFqWgjMlp9jboDAxh8XkjWkjdjsLg1fpSlGrXrE4RI0lSyzJJMfvqi4aDcSP9rngA9umWKBiGsmFl51ckGn7/HwXaPLCh2Ow67zn8fi/jx7js2BudvmG/6Ht17kIYgAXzNo2OL9ZjTls9I5IsqBAtgV6Q== X-OriginatorOrg: microsoft.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Dec 2016 22:02:48.5961 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR03MB2549 Sender: linux-cifs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-cifs@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP In order to allow encryption on SMB connection we need to exchange a session key and generate encryption and decryption keys. Signed-off-by: Pavel Shilovsky --- fs/cifs/sess.c | 22 ++++++++++------------ fs/cifs/smb2pdu.c | 12 ++---------- 2 files changed, 12 insertions(+), 22 deletions(-) diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c index a1118e3..dcbcc92 100644 --- a/fs/cifs/sess.c +++ b/fs/cifs/sess.c @@ -344,13 +344,12 @@ void build_ntlmssp_negotiate_blob(unsigned char *pbuffer, /* BB is NTLMV2 session security format easier to use here? */ flags = NTLMSSP_NEGOTIATE_56 | NTLMSSP_REQUEST_TARGET | NTLMSSP_NEGOTIATE_128 | NTLMSSP_NEGOTIATE_UNICODE | - NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_EXTENDED_SEC; - if (ses->server->sign) { + NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_EXTENDED_SEC | + NTLMSSP_NEGOTIATE_SEAL; + if (ses->server->sign) flags |= NTLMSSP_NEGOTIATE_SIGN; - if (!ses->server->session_estab || - ses->ntlmssp->sesskey_per_smbsess) - flags |= NTLMSSP_NEGOTIATE_KEY_XCH; - } + if (!ses->server->session_estab || ses->ntlmssp->sesskey_per_smbsess) + flags |= NTLMSSP_NEGOTIATE_KEY_XCH; sec_blob->NegotiateFlags = cpu_to_le32(flags); @@ -407,13 +406,12 @@ int build_ntlmssp_auth_blob(unsigned char **pbuffer, flags = NTLMSSP_NEGOTIATE_56 | NTLMSSP_REQUEST_TARGET | NTLMSSP_NEGOTIATE_TARGET_INFO | NTLMSSP_NEGOTIATE_128 | NTLMSSP_NEGOTIATE_UNICODE | - NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_EXTENDED_SEC; - if (ses->server->sign) { + NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_EXTENDED_SEC | + NTLMSSP_NEGOTIATE_SEAL; + if (ses->server->sign) flags |= NTLMSSP_NEGOTIATE_SIGN; - if (!ses->server->session_estab || - ses->ntlmssp->sesskey_per_smbsess) - flags |= NTLMSSP_NEGOTIATE_KEY_XCH; - } + if (!ses->server->session_estab || ses->ntlmssp->sesskey_per_smbsess) + flags |= NTLMSSP_NEGOTIATE_KEY_XCH; tmp = *pbuffer + sizeof(AUTHENTICATE_MESSAGE); sec_blob->NegotiateFlags = cpu_to_le32(flags); diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c index bf5b693..b088c50 100644 --- a/fs/cifs/smb2pdu.c +++ b/fs/cifs/smb2pdu.c @@ -756,15 +756,13 @@ SMB2_sess_establish_session(struct SMB2_sess_data *sess_data) struct cifs_ses *ses = sess_data->ses; mutex_lock(&ses->server->srv_mutex); - if (ses->server->sign && ses->server->ops->generate_signingkey) { + if (ses->server->ops->generate_signingkey) { rc = ses->server->ops->generate_signingkey(ses); - kfree(ses->auth_key.response); - ses->auth_key.response = NULL; if (rc) { cifs_dbg(FYI, "SMB3 session key generation failed\n"); mutex_unlock(&ses->server->srv_mutex); - goto keygen_exit; + return rc; } } if (!ses->server->session_estab) { @@ -778,12 +776,6 @@ SMB2_sess_establish_session(struct SMB2_sess_data *sess_data) ses->status = CifsGood; ses->need_reconnect = false; spin_unlock(&GlobalMid_Lock); - -keygen_exit: - if (!ses->server->sign) { - kfree(ses->auth_key.response); - ses->auth_key.response = NULL; - } return rc; }