From: Pavel Shilovsky <piastryyy-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
To: Jeff Layton <jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
Cc: Steve French <smfrench-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>,
linux-cifs <linux-cifs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
idra-eUNUBHrolfbYtjvyW6yDsg@public.gmane.org
Subject: Re: [PATCH 12/19] cifs: track the flavor of the NEGOTIATE reponse
Date: Tue, 28 May 2013 09:46:43 +0400 [thread overview]
Message-ID: <CAKywueTSo=+Wis6pfxkz-dM036Rxbs_z8H4nDDDZ5tLRyBZUMA@mail.gmail.com> (raw)
In-Reply-To: <1369321563-16893-13-git-send-email-jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2013/5/23 Jeff Layton <jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>:
> Track what sort of NEGOTIATE response we get from the server, as that
> will govern what sort of authentication types this socket will support.
>
> There are three possibilities:
>
> LANMAN: server sent legacy LANMAN-type response
>
> UNENCAP: server sent a newer-style response, but extended security bit
> wasn't set. This socket will only support unencapsulated auth types.
>
> EXTENDED: server sent a newer-style response with the extended security
> bit set. This is necessary to support krb5 and ntlmssp auth types.
>
> Signed-off-by: Jeff Layton <jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
> ---
> fs/cifs/cifsglob.h | 4 ++++
> fs/cifs/cifssmb.c | 15 ++++++++++-----
> fs/cifs/smb2pdu.c | 2 ++
> 3 files changed, 16 insertions(+), 5 deletions(-)
>
> diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h
> index a858037..c2ef6c1 100644
> --- a/fs/cifs/cifsglob.h
> +++ b/fs/cifs/cifsglob.h
> @@ -540,6 +540,10 @@ struct TCP_Server_Info {
> struct session_key session_key;
> unsigned long lstrp; /* when we got last response from this server */
> struct cifs_secmech secmech; /* crypto sec mech functs, descriptors */
> +#define CIFS_NEGFLAVOR_LANMAN 0 /* wct == 13, LANMAN */
> +#define CIFS_NEGFLAVOR_UNENCAP 1 /* wct == 17, but no ext_sec */
> +#define CIFS_NEGFLAVOR_EXTENDED 2 /* wct == 17, ext_sec bit set */
> + char negflavor; /* NEGOTIATE response flavor */
> /* extended security flavors that server supports */
> bool sec_ntlmssp; /* supports NTLMSSP */
> bool sec_kerberosu2u; /* supports U2U Kerberos */
> diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c
> index e7184b9..b43948a 100644
> --- a/fs/cifs/cifssmb.c
> +++ b/fs/cifs/cifssmb.c
> @@ -616,6 +616,7 @@ CIFSSMBNegotiate(const unsigned int xid, struct cifs_ses *ses)
> goto neg_err_exit;
> } else if (pSMBr->hdr.WordCount == 13) {
> rc = decode_lanman_negprot_rsp(server, pSMBr, secFlags);
> + server->negflavor = CIFS_NEGFLAVOR_LANMAN;
> goto neg_err_exit;
> } else if (pSMBr->hdr.WordCount != 17) {
> /* unknown wct */
> @@ -666,17 +667,21 @@ CIFSSMBNegotiate(const unsigned int xid, struct cifs_ses *ses)
> server->timeAdj = (int)(__s16)le16_to_cpu(pSMBr->ServerTimeZone);
> server->timeAdj *= 60;
>
> - if (pSMBr->EncryptionKeyLength == CIFS_CRYPTO_KEY_SIZE)
> + if (pSMBr->EncryptionKeyLength == CIFS_CRYPTO_KEY_SIZE) {
> + server->negflavor = CIFS_NEGFLAVOR_UNENCAP;
> memcpy(ses->server->cryptkey, pSMBr->u.EncryptionKey,
> CIFS_CRYPTO_KEY_SIZE);
> - else if ((pSMBr->hdr.Flags2 & SMBFLG2_EXT_SEC ||
> + } else if ((pSMBr->hdr.Flags2 & SMBFLG2_EXT_SEC ||
> server->capabilities & CAP_EXTENDED_SECURITY) &&
> - (pSMBr->EncryptionKeyLength == 0))
> + (pSMBr->EncryptionKeyLength == 0)) {
> + server->negflavor = CIFS_NEGFLAVOR_EXTENDED;
> rc = decode_ext_sec_blob(server, pSMBr);
> - else if (server->sec_mode & SECMODE_PW_ENCRYPT)
> + } else if (server->sec_mode & SECMODE_PW_ENCRYPT) {
> rc = -EIO; /* no crypt key only if plain text pwd */
> - else
> + } else {
> + server->negflavor = CIFS_NEGFLAVOR_UNENCAP;
> server->capabilities &= ~CAP_EXTENDED_SECURITY;
> + }
>
> if (!rc)
> rc = cifs_enable_signing(server, secFlags);
> diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c
> index ebb97b4..1609699 100644
> --- a/fs/cifs/smb2pdu.c
> +++ b/fs/cifs/smb2pdu.c
> @@ -405,6 +405,8 @@ SMB2_negotiate(const unsigned int xid, struct cifs_ses *ses)
> }
> server->dialect = le16_to_cpu(rsp->DialectRevision);
>
> + /* SMB2 only has an extended negflavor */
> + server->negflavor = CIFS_NEGFLAVOR_EXTENDED;
> server->maxBuf = le32_to_cpu(rsp->MaxTransactSize);
> server->max_read = le32_to_cpu(rsp->MaxReadSize);
> server->max_write = le32_to_cpu(rsp->MaxWriteSize);
> --
> 1.8.1.4
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-cifs" in
> the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
Reviewed-by: Pavel Shilovsky <piastry-7qunaywFIewox3rIn2DAYQ@public.gmane.org>
--
Best regards,
Pavel Shilovsky.
next prev parent reply other threads:[~2013-05-28 5:46 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-05-23 15:05 [PATCH 00/19] cifs: overhaul of auth selection code Jeff Layton
[not found] ` <1369321563-16893-1-git-send-email-jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2013-05-23 15:05 ` [PATCH 01/19] cifs: remove protocolEnum definition Jeff Layton
[not found] ` <1369321563-16893-2-git-send-email-jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2013-05-24 12:08 ` Pavel Shilovsky
2013-05-23 15:05 ` [PATCH 02/19] cifs: remove useless memset in LANMAN auth code Jeff Layton
[not found] ` <1369321563-16893-3-git-send-email-jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2013-05-24 12:08 ` Pavel Shilovsky
2013-05-23 15:05 ` [PATCH 03/19] cifs: make decode_ascii_ssetup void return Jeff Layton
[not found] ` <1369321563-16893-4-git-send-email-jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2013-05-24 12:10 ` Pavel Shilovsky
2013-05-23 15:05 ` [PATCH 04/19] cifs: throw a warning if negotiate or sess_setup ops are passed NULL server or session pointers Jeff Layton
[not found] ` <1369321563-16893-5-git-send-email-jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2013-05-24 12:15 ` Pavel Shilovsky
[not found] ` <CAKywueQWk_r+TcSebVHzyWs_Gnbdj523CETqXB4u25QkebPrqA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2013-05-24 12:20 ` Jeff Layton
2013-05-23 15:05 ` [PATCH 05/19] cifs: remove the cifs_ses->flags field Jeff Layton
[not found] ` <1369321563-16893-6-git-send-email-jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2013-05-24 12:16 ` Pavel Shilovsky
2013-05-23 15:05 ` [PATCH 06/19] cifs: remove "seal" stubs Jeff Layton
[not found] ` <1369321563-16893-7-git-send-email-jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2013-05-24 12:17 ` Pavel Shilovsky
2013-05-24 18:32 ` Steve French
[not found] ` <CAH2r5mv3bRxXKzBSkD9BUGxLVdvtcrD1vTfqsEp=cX2MrcQAvw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2013-05-24 19:42 ` Jeff Layton
[not found] ` <20130524154206.4cd7e357-4QP7MXygkU+dMjc06nkz3ljfA9RmPOcC@public.gmane.org>
2013-05-25 4:17 ` Shirish Pargaonkar
2013-05-23 15:05 ` [PATCH 07/19] cifs: break out decoding of security blob into separate function Jeff Layton
[not found] ` <1369321563-16893-8-git-send-email-jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2013-05-24 12:24 ` Pavel Shilovsky
2013-05-23 15:05 ` [PATCH 08/19] cifs: break out lanman NEGOTIATE handling " Jeff Layton
[not found] ` <1369321563-16893-9-git-send-email-jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2013-05-24 12:31 ` Pavel Shilovsky
2013-05-23 15:05 ` [PATCH 09/19] cifs: move handling of signed connections " Jeff Layton
[not found] ` <1369321563-16893-10-git-send-email-jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2013-05-24 12:41 ` Pavel Shilovsky
[not found] ` <CAKywueQEwagjBhXsuSBEMRdnAAHyFovnoaR+28Gb7B9QpEXbqw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2013-05-24 12:45 ` Jeff Layton
2013-05-23 15:05 ` [PATCH 10/19] cifs: factor out check for extended security bit " Jeff Layton
[not found] ` <1369321563-16893-11-git-send-email-jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2013-05-28 6:02 ` Pavel Shilovsky
2013-05-23 15:05 ` [PATCH 11/19] cifs: add new "Unspecified" securityEnum value Jeff Layton
[not found] ` <1369321563-16893-12-git-send-email-jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2013-05-28 5:43 ` Pavel Shilovsky
2013-05-23 15:05 ` [PATCH 12/19] cifs: track the flavor of the NEGOTIATE reponse Jeff Layton
[not found] ` <1369321563-16893-13-git-send-email-jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2013-05-28 5:46 ` Pavel Shilovsky [this message]
2013-05-23 15:05 ` [PATCH 13/19] cifs: add new fields to smb_vol to track the requested security flavor Jeff Layton
[not found] ` <1369321563-16893-14-git-send-email-jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2013-05-28 5:49 ` Pavel Shilovsky
2013-05-23 15:05 ` [PATCH 14/19] cifs: add new fields to cifs_ses to track " Jeff Layton
[not found] ` <1369321563-16893-15-git-send-email-jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2013-05-24 12:56 ` Jeff Layton
2013-05-23 15:05 ` [PATCH 15/19] cifs: track the enablement of signing in the TCP_Server_Info Jeff Layton
[not found] ` <1369321563-16893-16-git-send-email-jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2013-05-28 6:00 ` Pavel Shilovsky
2013-05-23 15:06 ` [PATCH 16/19] cifs: move sectype to the cifs_ses instead of TCP_Server_Info Jeff Layton
[not found] ` <1369321563-16893-17-git-send-email-jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2013-05-28 6:32 ` Pavel Shilovsky
2013-05-23 15:06 ` [PATCH 17/19] cifs: update the default global_secflags to include "raw" NTLMv2 Jeff Layton
[not found] ` <1369321563-16893-18-git-send-email-jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2013-05-28 6:34 ` Pavel Shilovsky
2013-05-23 15:06 ` [PATCH 18/19] cifs: clean up the SecurityFlags write handler Jeff Layton
[not found] ` <1369321563-16893-19-git-send-email-jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2013-05-28 6:36 ` Pavel Shilovsky
2013-05-23 15:06 ` [PATCH 19/19] cifs: try to handle the MUST SecurityFlags sanely Jeff Layton
[not found] ` <1369321563-16893-20-git-send-email-jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2013-05-28 6:38 ` Pavel Shilovsky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAKywueTSo=+Wis6pfxkz-dM036Rxbs_z8H4nDDDZ5tLRyBZUMA@mail.gmail.com' \
--to=piastryyy-re5jqeeqqe8avxtiumwx3w@public.gmane.org \
--cc=idra-eUNUBHrolfbYtjvyW6yDsg@public.gmane.org \
--cc=jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=linux-cifs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=smfrench-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.