Commit cabfb368 authored by Pavel Shilovsky's avatar Pavel Shilovsky Committed by Steve French
Browse files

CIFS: Enable encryption during session setup phase 



In order to allow encryption on SMB connection we need to exchange
a session key and generate encryption and decryption keys.

Signed-off-by: default avatarPavel Shilovsky <pshilov@microsoft.com>
parent 7fb8986e

fs/cifs/sess.c

+10 −12
Original line number Diff line number Diff line
@@ -344,13 +344,12 @@ void build_ntlmssp_negotiate_blob(unsigned char *pbuffer, 
	/* BB is NTLMV2 session security format easier to use here? */

	flags = NTLMSSP_NEGOTIATE_56 |	NTLMSSP_REQUEST_TARGET |

		NTLMSSP_NEGOTIATE_128 | NTLMSSP_NEGOTIATE_UNICODE |

		NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_EXTENDED_SEC;

	if (ses->server->sign) {

		NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_EXTENDED_SEC |

		NTLMSSP_NEGOTIATE_SEAL;

	if (ses->server->sign)

		flags |= NTLMSSP_NEGOTIATE_SIGN;

		if (!ses->server->session_estab ||

				ses->ntlmssp->sesskey_per_smbsess)

	if (!ses->server->session_estab || ses->ntlmssp->sesskey_per_smbsess)

		flags |= NTLMSSP_NEGOTIATE_KEY_XCH;

	}



	sec_blob->NegotiateFlags = cpu_to_le32(flags);
@@ -407,13 +406,12 @@ int build_ntlmssp_auth_blob(unsigned char **pbuffer, 
	flags = NTLMSSP_NEGOTIATE_56 |

		NTLMSSP_REQUEST_TARGET | NTLMSSP_NEGOTIATE_TARGET_INFO |

		NTLMSSP_NEGOTIATE_128 | NTLMSSP_NEGOTIATE_UNICODE |

		NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_EXTENDED_SEC;

	if (ses->server->sign) {

		NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_EXTENDED_SEC |

		NTLMSSP_NEGOTIATE_SEAL;

	if (ses->server->sign)

		flags |= NTLMSSP_NEGOTIATE_SIGN;

		if (!ses->server->session_estab ||

				ses->ntlmssp->sesskey_per_smbsess)

	if (!ses->server->session_estab || ses->ntlmssp->sesskey_per_smbsess)

		flags |= NTLMSSP_NEGOTIATE_KEY_XCH;

	}



	tmp = *pbuffer + sizeof(AUTHENTICATE_MESSAGE);

	sec_blob->NegotiateFlags = cpu_to_le32(flags);

fs/cifs/smb2pdu.c

+2 −10
Original line number Diff line number Diff line
@@ -756,15 +756,13 @@ SMB2_sess_establish_session(struct SMB2_sess_data *sess_data) 
	struct cifs_ses *ses = sess_data->ses;



	mutex_lock(&ses->server->srv_mutex);

	if (ses->server->sign && ses->server->ops->generate_signingkey) {

	if (ses->server->ops->generate_signingkey) {

		rc = ses->server->ops->generate_signingkey(ses);

		kfree(ses->auth_key.response);

		ses->auth_key.response = NULL;

		if (rc) {

			cifs_dbg(FYI,

				"SMB3 session key generation failed\n");

			mutex_unlock(&ses->server->srv_mutex);

			goto keygen_exit;

			return rc;

		}

	}

	if (!ses->server->session_estab) {
@@ -778,12 +776,6 @@ SMB2_sess_establish_session(struct SMB2_sess_data *sess_data) 
	ses->status = CifsGood;

	ses->need_reconnect = false;

	spin_unlock(&GlobalMid_Lock);



keygen_exit:

	if (!ses->server->sign) {

		kfree(ses->auth_key.response);

		ses->auth_key.response = NULL;

	}

	return rc;

}