From patchwork Sat Mar  3 22:12:25 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve French <smfrench@gmail.com>
X-Patchwork-Id: 10256269
Return-Path: <linux-cifs-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	DBA4660211 for <patchwork-cifs-client@patchwork.kernel.org>;
	Sat,  3 Mar 2018 22:12:49 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id BAC5328689
	for <patchwork-cifs-client@patchwork.kernel.org>;
	Sat,  3 Mar 2018 22:12:49 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id AB45E285AB; Sat,  3 Mar 2018 22:12:49 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00,
	DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED, FREEMAIL_FROM, RCVD_IN_DNSWL_HI, T_DKIM_INVALID,
	T_TVD_MIME_EPI autolearn=ham version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3DBDF285AB
	for <patchwork-cifs-client@patchwork.kernel.org>;
	Sat,  3 Mar 2018 22:12:48 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752321AbeCCWMr (ORCPT
	<rfc822;patchwork-cifs-client@patchwork.kernel.org>);
	Sat, 3 Mar 2018 17:12:47 -0500
Received: from mail-pg0-f51.google.com ([74.125.83.51]:33017 "EHLO
	mail-pg0-f51.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1752205AbeCCWMq (ORCPT
	<rfc822; linux-cifs@vger.kernel.org>); Sat, 3 Mar 2018 17:12:46 -0500
Received: by mail-pg0-f51.google.com with SMTP id g12so5280566pgs.0
	for <linux-cifs@vger.kernel.org>;
	Sat, 03 Mar 2018 14:12:46 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20161025;
	h=mime-version:in-reply-to:references:from:date:message-id:subject:to
	:cc; bh=wPe2gZBbzrmFli3OHvWa8ZhYjL+W+YuLlN2JxZEs68U=;
	b=O1wlu6Hu/FX7nbmeM8By26F9pSi7y7+hvGGX6Xngw49CyvNRFiKI9G7wu1cQ+JQmvs
	weF0eHncJgp7i5BQCzMBpTs25xuUDB6ltidnMcMJvdc7ruAxk7j7ji0W3iZuZSNo3ZIv
	nk2POYqPHSmoBJHRWWtyC/Nc4akd//ULjg0kGlFYpClOTRD4BJFCl5hdbYmVgm/Ct1V5
	My+KrKbNlHkbDSK9GJF2EWj3d9XqbiyBX76QaLmhh4h38YZABZ5ocQ1cmhTpdvaJPR9N
	Hmb+YXkEz6t78nvIj4Xx8UqCEcNxO+GJ6re1AKMt0L9AlGyuCJ+YKV8wChXEM+mvBaVv
	Fk4A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:mime-version:in-reply-to:references:from:date
	:message-id:subject:to:cc;
	bh=wPe2gZBbzrmFli3OHvWa8ZhYjL+W+YuLlN2JxZEs68U=;
	b=SThlYSzriMlXLvnWR84eL19jdD+zXQDAH8csnSrTlHtnFCGWr5Y9ikq8gFH6E6FIvH
	DoA4/xhM1nEyrozAn+pIC5+x0cw4YgBpr4/OCaTsbwsZGspDQYJ/0eM+6hHTcQjq8ZPU
	oHF+fwS3UANED7ojjIarxWxZo+aS9BQHEj2TDcpBQvODU9IMSUE0Y6n7MItJsuxQpT1W
	ChGdt/tCURi/ZohxDe1cyYAvqnIf6Tcq7Swpqst3Rumrt9xdI4h3ODFLzlGcejPJ5sUu
	6TsjDHHC+DERlyoo+1p3l/D/Q+q5TAuKhkgFro8k6gywE5+lwOFXi3p6ewKDaLJ+wjSe
	aY3w==
X-Gm-Message-State: APf1xPDhbszEwIuDX334V4v+SfEw2fIgNwtzKG3X8KmjlJbSadaCci1+
	skf054RSK7LqH7vYG7gbuxYpVkwU6EwRnWif02Adi3D2
X-Google-Smtp-Source: 
 AG47ELuAZE5jmI0B6I8ilwYb9L9YEeebM8exPATW9muwzE65C6Ppcidb33cIa9Q9Lcv9N/c3nvnNRoOqbEbQ6eMXKdY=
X-Received: by 10.99.128.195 with SMTP id j186mr8207028pgd.15.1520115165675;
	Sat, 03 Mar 2018 14:12:45 -0800 (PST)
MIME-Version: 1.0
Received: by 10.100.171.78 with HTTP; Sat, 3 Mar 2018 14:12:25 -0800 (PST)
In-Reply-To: 
 <CAH2r5msnQfLsGro30bahXY=6KFW8BuU00Tk2b98NyL9Hkep0ZA@mail.gmail.com>
References: 
 <CAH2r5msnQfLsGro30bahXY=6KFW8BuU00Tk2b98NyL9Hkep0ZA@mail.gmail.com>
From: Steve French <smfrench@gmail.com>
Date: Sat, 3 Mar 2018 16:12:25 -0600
Message-ID: 
 <CAH2r5muD2oTRksmnPkNqCTwrXyX5knuA_ph2beLxvWDVyiDUgA@mail.gmail.com>
Subject: Re: SMB3.11 security fixes
To: CIFS <linux-cifs@vger.kernel.org>
Cc: =?UTF-8?Q?Aur=C3=A9lien_Aptel?= <aaptel@suse.com>
Sender: linux-cifs-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-cifs.vger.kernel.org>
X-Mailing-List: linux-cifs@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

Proposed fix for the SMB3.11 (non-mandatory signing) case.

See MS-SMB2 3.2.4.1.1

On Sat, Mar 3, 2018 at 3:08 PM, Steve French <smfrench@gmail.com> wrote:
> SMB3.11 signing now works, thanks to Aurelien's patches (it had
> already worked as guest, but not as a regular user).
>
> It needs one minor fix (to send the signature on SMB3.11 tcon) to fix
> the non-signing case.  Am testing that now, but getting SMB3.11
> signing working is a big step and important for security.
>
> --
> Thanks,
>
> Steve

From 350477ecdbe087b790b86527db39b5e80a08c20e Mon Sep 17 00:00:00 2001
From: Steve French <sfrench@localhost.localdomain>
Date: Sat, 3 Mar 2018 16:08:45 -0600
Subject: [PATCH] [SMB3.11] Tree connect for SMB3.11 must be signed for
 non-guest users

SMB3.11 tree connect was only being signed when signing was mandatory
but needs to always be signed (for non-guest users).

See MS-SMB2 section 3.2.4.1.1

Signed-off-by: Steve French <smfrench@gmail.com>
CC: Stable <stable@vger.kernel.org>
---
 fs/cifs/smb2pdu.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c
index 4b6920de2541..fe1d52c235ee 100644
--- a/fs/cifs/smb2pdu.c
+++ b/fs/cifs/smb2pdu.c
@@ -1305,6 +1305,11 @@ SMB2_tcon(const unsigned int xid, struct cifs_ses *ses, const char *tree,
 	iov[1].iov_base = unc_path;
 	iov[1].iov_len = unc_path_len;
 
+	/* 3.11 tcon req must be signed if not guest. See MS-SMB2 3.2.4.1.1 */
+	if ((ses->server->dialect == SMB311_PROT_ID) &&
+	    !(ses->session_flags & SMB2_SESSION_FLAG_IS_GUEST))
+		req->sync_hdr.Flags |= SMB2_FLAGS_SIGNED;
+
 	rc = smb2_send_recv(xid, ses, iov, 2, &resp_buftype, flags, &rsp_iov);
 	cifs_small_buf_release(req);
 	rsp = (struct smb2_tree_connect_rsp *)rsp_iov.iov_base;
-- 
2.14.3