tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag '5.16-rc4-smb3-fixes' of git://git.samba.org/sfrench/cifs-2.6

Pull cifs fixes from Steve French:
"Two cifs/smb3 fixes - one for stable, the other fixes a recently
reported NTLMSSP auth problem"

* tag '5.16-rc4-smb3-fixes' of git://git.samba.org/sfrench/cifs-2.6:
cifs: fix ntlmssp auth when there is no key exchange
cifs: Fix crash on unload of cifs_arc4.ko

Linus Torvalds e1b96811 e80bdc5e

+36 -31
+36 -18
fs/cifs/sess.c
··· 590 590 { 591 591 unsigned int tioffset; /* challenge message target info area */ 592 592 unsigned int tilen; /* challenge message target info area length */ 593 - 594 593 CHALLENGE_MESSAGE *pblob = (CHALLENGE_MESSAGE *)bcc_ptr; 594 + __u32 server_flags; 595 595 596 596 if (blob_len < sizeof(CHALLENGE_MESSAGE)) { 597 597 cifs_dbg(VFS, "challenge blob len %d too small\n", blob_len); ··· 609 609 return -EINVAL; 610 610 } 611 611 612 + server_flags = le32_to_cpu(pblob->NegotiateFlags); 613 + cifs_dbg(FYI, "%s: negotiate=0x%08x challenge=0x%08x\n", __func__, 614 + ses->ntlmssp->client_flags, server_flags); 615 + 616 + if ((ses->ntlmssp->client_flags & (NTLMSSP_NEGOTIATE_SEAL | NTLMSSP_NEGOTIATE_SIGN)) && 617 + (!(server_flags & NTLMSSP_NEGOTIATE_56) && !(server_flags & NTLMSSP_NEGOTIATE_128))) { 618 + cifs_dbg(VFS, "%s: requested signing/encryption but server did not return either 56-bit or 128-bit session key size\n", 619 + __func__); 620 + return -EINVAL; 621 + } 622 + if (!(server_flags & NTLMSSP_NEGOTIATE_NTLM) && !(server_flags & NTLMSSP_NEGOTIATE_EXTENDED_SEC)) { 623 + cifs_dbg(VFS, "%s: server does not seem to support either NTLMv1 or NTLMv2\n", __func__); 624 + return -EINVAL; 625 + } 626 + if (ses->server->sign && !(server_flags & NTLMSSP_NEGOTIATE_SIGN)) { 627 + cifs_dbg(VFS, "%s: forced packet signing but server does not seem to support it\n", 628 + __func__); 629 + return -EOPNOTSUPP; 630 + } 631 + if ((ses->ntlmssp->client_flags & NTLMSSP_NEGOTIATE_KEY_XCH) && 632 + !(server_flags & NTLMSSP_NEGOTIATE_KEY_XCH)) 633 + pr_warn_once("%s: authentication has been weakened as server does not support key exchange\n", 634 + __func__); 635 + 636 + ses->ntlmssp->server_flags = server_flags; 637 + 612 638 memcpy(ses->ntlmssp->cryptkey, pblob->Challenge, CIFS_CRYPTO_KEY_SIZE); 613 - /* BB we could decode pblob->NegotiateFlags; some may be useful */ 614 639 /* In particular we can examine sign flags */ 615 640 /* BB spec says that if AvId field of MsvAvTimestamp is populated then 616 641 we must set the MIC field of the AUTHENTICATE_MESSAGE */ 617 - ses->ntlmssp->server_flags = le32_to_cpu(pblob->NegotiateFlags); 642 + 618 643 tioffset = le32_to_cpu(pblob->TargetInfoArray.BufferOffset); 619 644 tilen = le16_to_cpu(pblob->TargetInfoArray.Length); 620 645 if (tioffset > blob_len || tioffset + tilen > blob_len) { ··· 746 721 flags = NTLMSSP_NEGOTIATE_56 | NTLMSSP_REQUEST_TARGET | 747 722 NTLMSSP_NEGOTIATE_128 | NTLMSSP_NEGOTIATE_UNICODE | 748 723 NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_EXTENDED_SEC | 749 - NTLMSSP_NEGOTIATE_SEAL; 750 - if (server->sign) 751 - flags |= NTLMSSP_NEGOTIATE_SIGN; 724 + NTLMSSP_NEGOTIATE_ALWAYS_SIGN | NTLMSSP_NEGOTIATE_SEAL | 725 + NTLMSSP_NEGOTIATE_SIGN; 752 726 if (!server->session_estab || ses->ntlmssp->sesskey_per_smbsess) 753 727 flags |= NTLMSSP_NEGOTIATE_KEY_XCH; 754 728 755 729 tmp = *pbuffer + sizeof(NEGOTIATE_MESSAGE); 730 + ses->ntlmssp->client_flags = flags; 756 731 sec_blob->NegotiateFlags = cpu_to_le32(flags); 757 732 758 733 /* these fields should be null in negotiate phase MS-NLMP 3.1.5.1.1 */ ··· 804 779 memcpy(sec_blob->Signature, NTLMSSP_SIGNATURE, 8); 805 780 sec_blob->MessageType = NtLmAuthenticate; 806 781 807 - flags = NTLMSSP_NEGOTIATE_56 | 808 - NTLMSSP_REQUEST_TARGET | NTLMSSP_NEGOTIATE_TARGET_INFO | 809 - NTLMSSP_NEGOTIATE_128 | NTLMSSP_NEGOTIATE_UNICODE | 810 - NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_EXTENDED_SEC | 811 - NTLMSSP_NEGOTIATE_SEAL | NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED; 812 - if (ses->server->sign) 813 - flags |= NTLMSSP_NEGOTIATE_SIGN; 814 - if (!ses->server->session_estab || ses->ntlmssp->sesskey_per_smbsess) 815 - flags |= NTLMSSP_NEGOTIATE_KEY_XCH; 782 + flags = ses->ntlmssp->server_flags | NTLMSSP_REQUEST_TARGET | 783 + NTLMSSP_NEGOTIATE_TARGET_INFO | NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED; 816 784 817 785 tmp = *pbuffer + sizeof(AUTHENTICATE_MESSAGE); 818 786 sec_blob->NegotiateFlags = cpu_to_le32(flags); ··· 852 834 *pbuffer, &tmp, 853 835 nls_cp); 854 836 855 - if (((ses->ntlmssp->server_flags & NTLMSSP_NEGOTIATE_KEY_XCH) || 856 - (ses->ntlmssp->server_flags & NTLMSSP_NEGOTIATE_EXTENDED_SEC)) 857 - && !calc_seckey(ses)) { 837 + if ((ses->ntlmssp->server_flags & NTLMSSP_NEGOTIATE_KEY_XCH) && 838 + (!ses->server->session_estab || ses->ntlmssp->sesskey_per_smbsess) && 839 + !calc_seckey(ses)) { 858 840 memcpy(tmp, ses->ntlmssp->ciphertext, CIFS_CPHTXT_SIZE); 859 841 sec_blob->SessionKey.BufferOffset = cpu_to_le32(tmp - *pbuffer); 860 842 sec_blob->SessionKey.Length = cpu_to_le16(CIFS_CPHTXT_SIZE);
-13
fs/smbfs_common/cifs_arc4.c
··· 72 72 ctx->y = y; 73 73 } 74 74 EXPORT_SYMBOL_GPL(cifs_arc4_crypt); 75 - 76 - static int __init 77 - init_smbfs_common(void) 78 - { 79 - return 0; 80 - } 81 - static void __init 82 - exit_smbfs_common(void) 83 - { 84 - } 85 - 86 - module_init(init_smbfs_common) 87 - module_exit(exit_smbfs_common)