From patchwork Mon Jan 30 21:39:37 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Pavel Shilovskiy X-Patchwork-Id: 9546149 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 7BED660425 for ; Mon, 30 Jan 2017 21:59:02 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 782F9283EB for ; Mon, 30 Jan 2017 21:59:02 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 61EF5283EF; Mon, 30 Jan 2017 21:59:02 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 79196283F2 for ; Mon, 30 Jan 2017 21:59:00 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754543AbdA3V66 (ORCPT ); Mon, 30 Jan 2017 16:58:58 -0500 Received: from mail-by2nam03on0090.outbound.protection.outlook.com ([104.47.42.90]:9248 "EHLO NAM03-BY2-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1754541AbdA3V6V (ORCPT ); Mon, 30 Jan 2017 16:58:21 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=VuoY1M80cQD863NryBRkvCFM8uZSAfuMn2Fn5fePFQY=; b=nwQqASjESzCb1EbSibFSoT6f5G7f28EgNvsgeTJll3Oldlt6CrLMxC0JBbkiVVCHJ+OKOiTWft4AFKme4DbP72GIbf2yyAGTYj3Zb6z0C+mAMytuxrZdHiQKVEmyg/gBD/2GaSr2hC8lfj/m6LzKAn7KOsMokuyDoEU5Sudig7o= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=pshilov@microsoft.com; Received: from ubuntu-vm.corp.microsoft.com (2001:4898:80e8:b::63b) by BN6PR03MB2545.namprd03.prod.outlook.com (10.173.142.148) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.874.12; Mon, 30 Jan 2017 21:40:31 +0000 From: Pavel Shilovsky To: Subject: [PATCH v2 08/15] CIFS: Enable encryption during session setup phase Date: Mon, 30 Jan 2017 13:39:37 -0800 Message-ID: <1485812384-28870-9-git-send-email-pshilov@microsoft.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1485812384-28870-1-git-send-email-pshilov@microsoft.com> References: <1485812384-28870-1-git-send-email-pshilov@microsoft.com> MIME-Version: 1.0 X-Originating-IP: [2001:4898:80e8:b::63b] X-ClientProxiedBy: BN6PR1401CA0011.namprd14.prod.outlook.com (10.174.237.149) To BN6PR03MB2545.namprd03.prod.outlook.com (10.173.142.148) X-MS-Office365-Filtering-Correlation-Id: 6e375802-81e3-4fda-0ce3-08d449589da6 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001); SRVR:BN6PR03MB2545; X-Microsoft-Exchange-Diagnostics: 1; BN6PR03MB2545; 3:+iCZj7acqaCt+Fw/FH8MLrPIZV8+hboKIlyVqgRxlMiQLHEFUwScE8M09GmFghiIRk1dUvY++8LJU/Pnd8FKdr8b8/5LU5+KVsyoBrBYFOJDGDU6z5AeFH7OraZsvM7u2v7AarBIeZjcRozmz32XS4P4obQnoAPII1gzAb7qx5ISKUrPgWlZOd7OcTfC77JduTMUMMITIytItlqBJj2SR6TKQPbujnOJkAk5hbVZnxQmYp5d4D68srI6J1LW+smSp2p1OVq7ap21UxglVK7a4Q==; 25:Seaxtbi5rUQArVk3ZabrCCVx1t9FW8texG1GLkUToDC++K9XvQEub+m9PCSM9f8uM9cxNAYuCzzYRVCRSuMWTgQQLi0YJoNz5AL53alTIDBJEGPPOKF/c/upeOjYJsLDP2CNkbpQ1jMVsgl4HfiI0MFkHc/sNJZKvZLcXnXvDShAJD3eCiYvc/HF7GE5zO5r0z4olt8bvNEV4tUqT3FHJsCCl5ulfKM+lzjg+4YGQAvLRxLUli65GYAfdp7wt51tDQtW3/LCvLLR9/biWBvqamAxEN5yXHezEBHKUUFLLmFl1CIuACGV6GTKtVkppDJW8O4fXzTUbpl0bBHvhMFg9mj3XCtxriuWa+/xkVMeATWNbYs6Di6KqyoziI5VYE8f9QgWN0O2eW4vfmFzBSwFbA1E4ISbKS6FJqSfNefzq0qW3ykovkQvGPsrch4oQp6d2v2A3UaCxV/Sx+KXwDuckQ== X-Microsoft-Exchange-Diagnostics: 1; BN6PR03MB2545; 31:IhY1CHnuynHB9JJYdb/bPfwNrWfteUif0Gg43NJk9Dbb1DZkdPeg7LVNxfpzewtr9ZxjBdwt0mb0g+E8z4qE4dwdHEHLFZYDkey+WCYmGSNoBdpOoFUwdsPN558NDewvSQCFAO/nnpGTJ/o2CuN3h95RbYVRHRMG2J/jtg6Oel0Ml8Ij50UOt5gHgZso0GGkcSlD9KW3rERtl+9qGzYmNCaRHrAgcfB/6z3tZWfLyGzC9lTUHGCOTAiCg5UYV4CY/pL72FWz2YpIGIQIZMr06gwoUHPp5qvx/fW5iBldYdM=; 20:u24fIva+V0YQyY1d/KbAV20CRAaKwKI+bUgWfU4DGCYrjU0fjJBthrSWWoJm1sLpg5aWTQ2laRyqXLigeGeYwUwLw5h2SBeHXdyC4WqWLLGlbDFdd92NDzW4/ICNJkAxcfNv/LHBmIoTC56Ei/RmLAkU+ZRaHmH1A4LdjwG1B4xSjo5LaMwvMZppqQd5R7jJM86MrpbYrkK7xcOzejTaYtcb1A+CiHREjlybaW/dJoxnlYgXcXGfYCdOVKiHscG06gAGHMJ1dv2B5Qe3J3e+IfmfArjzsY+ti3Co3DepufR8/QMN/7cGsdWy4v022WTbMEzuDTHp4XxRld5apSDcol6yLGC+RGYzpu+FYLbqUE4sOPtOQfMGp0qohRmf13uEYxpknqywkBCkaP2n/j7p4ZMbfOtJErkDuInU3PlyPB+7Uj09kskDUKHMJBffIl6JwzuYmcfyUzYPRktEeWaMXXzC70jtkBdvdOWaJI1ogLGTODaYiSWIh0ymr8Vox3W8 X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(192374486261705); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040375)(601004)(2401047)(5005006)(8121501046)(3002001)(10201501046)(6055026)(6041248)(20161123555025)(20161123564025)(20161123562025)(20161123560025)(6072148)(6047074); SRVR:BN6PR03MB2545; BCL:0; PCL:0; RULEID:; SRVR:BN6PR03MB2545; X-Microsoft-Exchange-Diagnostics: 1; BN6PR03MB2545; 4:rdY+04eHF4QyypVLq8hpqcZz3WpsuqrsbVGtH0OCKzSHEU1uQHxbvjX2J4Rf6R0XV6KUUm3dOzMMVWclWK4HDfmQo4jaL3V5vT1kbFCadDqkRNlDdtPmJCbpo0oni7nxfKCaQfvaoDbRPwQW5OysbN3PEKdnkpuRYF7NokMuDHVaa1YjXvnIgB/bxYnuQxa/ScFg39NLQm8SYx6BmLSqdH0v3X5DtuTsq4xpAEUffEMG1K6qvyKJ7u4Beqj8kqKxG4+QCgW7d85UX5wCIdLOzX7mA+nCsCNArvn3NqqBWGlP3SqPQnATR+q/1wgpMpXMiahMcZS/9rHEkm+LywFl0IprzpaRxQm5+gGuA44XHmBgJCtyjx67WEpkG2cNOdFMaA1P4w+jp0D7YAzYsv0w5HSJFNo0z9rxE8yka3gK5L7JtJyoPgRipsr7jDUuu2OlvfyU+2ILPd1Lp38PU0cXKYGgq4+Q8aMJRy5F5VWk8VHvKVgumQMKg/RQgaHCyJv9XjjVTOXSfWPpVzxASBddQaGNiuPKGqOt2ChJ7I1l5TPZO1jJ81xFEAsGgyEQjKqbuKbzfpaRXe9ssCIhvIqMYOu5LNmF9a53dQobUnJlBllo+JM3bGYKvEUo36s0Y5XfY0L+h7htHkMsSDwFGEQzHaonu0bcCGU1rriQ3d8vr7c= X-Forefront-PRVS: 0203C93D51 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10019020)(4630300001)(6009001)(7916002)(39450400003)(39410400002)(39840400002)(39860400002)(39850400002)(189002)(199003)(69234005)(86612001)(38730400001)(25786008)(6916009)(106356001)(2950100002)(189998001)(50986999)(76176999)(86362001)(50226002)(105586002)(68736007)(107886002)(97736004)(2906002)(450100001)(6486002)(53936002)(101416001)(42186005)(8676002)(5660300001)(81166006)(305945005)(50466002)(81156014)(48376002)(5003940100001)(6116002)(36756003)(2351001)(92566002)(10290500002)(110136003)(7736002)(10090500001)(33646002)(47776003)(5005710100001); DIR:OUT; SFP:1102; SCL:1; SRVR:BN6PR03MB2545; H:ubuntu-vm.corp.microsoft.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; Received-SPF: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; BN6PR03MB2545; 23:/jwhwxT8l2pvjRFpCj5BTzvzZcviZid4iNoWfM3JQ?= =?us-ascii?Q?gxF0Qr8mqFVfb1P8mjNXbFPIgxgzKgostjorJhCmdfmKtyE3bg24ucviPeow?= =?us-ascii?Q?8WfhxQEDpJXQHBtydvXDekHf+NnnHTOkBh+eLVK9dDYR9g+8gSpHN2GqCH/o?= =?us-ascii?Q?ND8VKBTw2CYYC4MkQAS9Ko0o3JK5JmVFh2jXZu+xLVpOg8m1DuOAXnQI1deo?= =?us-ascii?Q?XydfiT7JklyXStR7VSgX3jH7KcajXp3yeWtAxUkxKOJvFSHcy2PPX+dVtZMk?= =?us-ascii?Q?a1AkfxbMv8mRdGjMiLGuDXvFNdaz7aECJKxW0IVMmnpF4pw9muUO5qLx0/gk?= =?us-ascii?Q?AMcs9ANywV8V4GDmmt4jLJ1Kz8+xGPbZ3XaLYxvnfCLzxIY/gedatYUuQ3xq?= =?us-ascii?Q?oQG6tLTJd0FDaeUQkdQ3ppKsLBI6xSVV+djDqMSX5bTBuzUPilqSB1lzwNVB?= =?us-ascii?Q?wTBgEldhUtxg4+8utNhEPxDY1V1Bwh3yZlyVSWk3rE1YuI7fYWyJHurZv/FH?= =?us-ascii?Q?MBYm5kb55JmAmhixpf932slh/HIvmvT+Vbm+bb4vEQlPkaMfd+Sueim2gyIE?= =?us-ascii?Q?0r1YL/t9/f5gaIONhrNt87bgn3AGgF6gj+Yy/v2jbM7hrHr6aIiIw624rFYV?= =?us-ascii?Q?tE4ZtbYDu5nZY8jRB6gCRTX078PXncPoc9892BcuS7uQuLZdIGQMQE+aUMnn?= =?us-ascii?Q?RbFOdGRpgFanlJQXAzP5uD524IzFaKr9TZ8Rp5nLSCy9jnWz4IDwMJVuvNSw?= =?us-ascii?Q?8BsB/OF3HzCt9HqsDdYr5ycaD8qCQFoWKxAHvQYH9ASdUiW9y8/Wvj+kZDpg?= =?us-ascii?Q?Rc7nCZd42x5kJtcLMc33NQ6b0a1VPpmTThj5RG6aAP9tsXJky+/xhsN5c4HS?= =?us-ascii?Q?WEwSI84PexiYR0UFOUXKvLUmX5p2Off9Kk+sSUGzCuWYSUYs7hmL26VQ0xDA?= =?us-ascii?Q?VQoGJ3n7xiJyROrKVjEAPsS7oHW29tf4326+uM/Wg4UdJ+iQBUp5VJY+jRdk?= =?us-ascii?Q?Dxo8vxuQvRGkcaObNAFFxGBc9OgTDGadxC0AFCtu/4xEP38q0ccnOGbgAmnd?= =?us-ascii?Q?o01JSXzWnGn2kV+TjLmcuxPUGOkg/Bsac5y+xWLl3M41anspdBLLQEeM5Cil?= =?us-ascii?Q?1mkMwkN4yFPHnt7hnGd3kpaePWh+QnY/ySDDffE8kiSSjTqQbETDNcM7nUU5?= =?us-ascii?Q?m6pTuMpPYdVpLlWCkhp7HivU2fj5qeqJZ/pi7uXyx2tA3Q5i6uohAsnuoLEM?= =?us-ascii?Q?l0jKx68jDwB7ZVJXh9EwMZ+xGto/rMzLmqdCFwMZclxMw07YtbSOvVQPPXys?= =?us-ascii?B?UT09?= X-Microsoft-Exchange-Diagnostics: 1; BN6PR03MB2545; 6:uguAYFRgyya08BvCe5M0mkg3OUonI94U3GVJUjjxD9xA+/ogHaxUFQ/OrPMyQWHjXfdEurvfLv6ts1RFz2HNuGQtdIxymGARNaY1YtfYM8eiradzWFchOfwRUbUNZh4EALX61+W+kBg3/r0FKkO8r/Vj993sUBDXn+nfB/2elU2ZbaiO24Ak0dtAwMzw3uEaJxaK7IltHPJWxc3/zeQR1mTQQ8l1LvmYZAoZNITXBsgZrJOHTw3JpzsjDrqCzT98p56PYrZtQFghI6vfkj8gXAYkK3UPv0IiNAIE4d/kqCnUSXWf9/Ma7De+2LzzxABvDi0VLXphM1zgeAprZWhtfHCORkE2faGXk4oFtg8iFNX6YmNp0LDNr8cEUiUiUh2Qm8Y21KntzBgsIFEC8nPpjRZ2rS1ROsXUHteGe8PycDndCFiQDtQUaye80KSCxw8t; 5:pVkUABr9ewN/DJ14S5K3nQuTmeGNtOeLnk3XX5M0KGF3Z9Up6qFqxGfqej6urGaCHSvrhz9kvBFmfqKeXalnfxwVIuubhbrm1r0/7c/CS+fOPWppjtNywzt3Fh+JytbGs+44HFuHRM5Amc1OUol3PIbVC/hF0ZHtUlINoYRN7fw=; 24:msD5nIJsIxDlbsU9qNstOJIzA+XsCjrJNDaPwoWFmvObApbmNr5JqgjjcOIM66T+Xv/gcMAQs4461WRuUCpbhcBwTGGf6qWR89sjTpOsMpY= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; BN6PR03MB2545; 7:I/VCTGhJh5n+w8vWcz89H8LUkGkyEL8ZBDsnbXyRJBg7ktMTxNgf6+pnDLBWDzP9W646iWDG/3glnss3q++P0de+BTFs1N5czyyBQpxiW83HdkvVuAPdPoCglvpb9E5M5ivsz5P8V2Dsx4/w06z339Q+6YKzkOORt0t1Zw+zVcu/NyuPX3JPvVG4bDvCz/Nx/N8+6SD6uKUo9uOCaAF9MTj+tR6LZpFn7rsPh3TqB9Amg00Sdttom1PGe9BvOpdx39hamfdNNIXcSansKK01CVFOmElLEkExlePMKQ6pGiXfYujQulcwR835YqvBViwyz2uu3SaFjBTmTVv98d/Ddjmp+B+ee4IfiufPGfnQsF8FJExE1++2gYTfd3l+kNSCQ6EpQJeXElbCfDw1RdnRac2TMMitlbytgGqHs6vf2O4H20DvdxQ/4Qvut4NTCCOdTuRJKRtfUMlEC3GjtDNF/A== X-OriginatorOrg: microsoft.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Jan 2017 21:40:31.4675 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR03MB2545 Sender: linux-cifs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-cifs@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP In order to allow encryption on SMB connection we need to exchange a session key and generate encryption and decryption keys. Signed-off-by: Pavel Shilovsky --- fs/cifs/sess.c | 22 ++++++++++------------ fs/cifs/smb2pdu.c | 12 ++---------- 2 files changed, 12 insertions(+), 22 deletions(-) diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c index a1118e3..dcbcc92 100644 --- a/fs/cifs/sess.c +++ b/fs/cifs/sess.c @@ -344,13 +344,12 @@ void build_ntlmssp_negotiate_blob(unsigned char *pbuffer, /* BB is NTLMV2 session security format easier to use here? */ flags = NTLMSSP_NEGOTIATE_56 | NTLMSSP_REQUEST_TARGET | NTLMSSP_NEGOTIATE_128 | NTLMSSP_NEGOTIATE_UNICODE | - NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_EXTENDED_SEC; - if (ses->server->sign) { + NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_EXTENDED_SEC | + NTLMSSP_NEGOTIATE_SEAL; + if (ses->server->sign) flags |= NTLMSSP_NEGOTIATE_SIGN; - if (!ses->server->session_estab || - ses->ntlmssp->sesskey_per_smbsess) - flags |= NTLMSSP_NEGOTIATE_KEY_XCH; - } + if (!ses->server->session_estab || ses->ntlmssp->sesskey_per_smbsess) + flags |= NTLMSSP_NEGOTIATE_KEY_XCH; sec_blob->NegotiateFlags = cpu_to_le32(flags); @@ -407,13 +406,12 @@ int build_ntlmssp_auth_blob(unsigned char **pbuffer, flags = NTLMSSP_NEGOTIATE_56 | NTLMSSP_REQUEST_TARGET | NTLMSSP_NEGOTIATE_TARGET_INFO | NTLMSSP_NEGOTIATE_128 | NTLMSSP_NEGOTIATE_UNICODE | - NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_EXTENDED_SEC; - if (ses->server->sign) { + NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_EXTENDED_SEC | + NTLMSSP_NEGOTIATE_SEAL; + if (ses->server->sign) flags |= NTLMSSP_NEGOTIATE_SIGN; - if (!ses->server->session_estab || - ses->ntlmssp->sesskey_per_smbsess) - flags |= NTLMSSP_NEGOTIATE_KEY_XCH; - } + if (!ses->server->session_estab || ses->ntlmssp->sesskey_per_smbsess) + flags |= NTLMSSP_NEGOTIATE_KEY_XCH; tmp = *pbuffer + sizeof(AUTHENTICATE_MESSAGE); sec_blob->NegotiateFlags = cpu_to_le32(flags); diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c index bf5b693..b088c50 100644 --- a/fs/cifs/smb2pdu.c +++ b/fs/cifs/smb2pdu.c @@ -756,15 +756,13 @@ SMB2_sess_establish_session(struct SMB2_sess_data *sess_data) struct cifs_ses *ses = sess_data->ses; mutex_lock(&ses->server->srv_mutex); - if (ses->server->sign && ses->server->ops->generate_signingkey) { + if (ses->server->ops->generate_signingkey) { rc = ses->server->ops->generate_signingkey(ses); - kfree(ses->auth_key.response); - ses->auth_key.response = NULL; if (rc) { cifs_dbg(FYI, "SMB3 session key generation failed\n"); mutex_unlock(&ses->server->srv_mutex); - goto keygen_exit; + return rc; } } if (!ses->server->session_estab) { @@ -778,12 +776,6 @@ SMB2_sess_establish_session(struct SMB2_sess_data *sess_data) ses->status = CifsGood; ses->need_reconnect = false; spin_unlock(&GlobalMid_Lock); - -keygen_exit: - if (!ses->server->sign) { - kfree(ses->auth_key.response); - ses->auth_key.response = NULL; - } return rc; }