From patchwork Wed May 27 12:06:23 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Noel Power X-Patchwork-Id: 6489691 Return-Path: X-Original-To: patchwork-cifs-client@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.136]) by patchwork2.web.kernel.org (Postfix) with ESMTP id A1A82C0020 for ; Wed, 27 May 2015 12:07:01 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 311C6206A6 for ; Wed, 27 May 2015 12:06:56 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 5761B206AC for ; Wed, 27 May 2015 12:06:55 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751656AbbE0MGy (ORCPT ); Wed, 27 May 2015 08:06:54 -0400 Received: from mail.emea.novell.com ([130.57.118.101]:52608 "EHLO mail.emea.novell.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751307AbbE0MGy (ORCPT ); Wed, 27 May 2015 08:06:54 -0400 Received: from [192.168.1.1] (86-44-41-172-dynamic.agg7.trr.lmk-mlw.eircom.net [86.44.41.172]) by mail.emea.novell.com with ESMTP (TLS encrypted); Wed, 27 May 2015 13:06:29 +0100 Message-ID: <5565B33F.2020302@suse.com> Date: Wed, 27 May 2015 13:06:23 +0100 From: Noel Power Reply-To: noel.power@suse.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.6.0 MIME-Version: 1.0 To: smfrench@gmail.com, linux-cifs@vger.kernel.org, samba-technical Subject: cifs client not forgiving enough when neg prot smb1 (with extended security) Sender: linux-cifs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-cifs@vger.kernel.org X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_HI, T_RP_MATCHES_RCVD, T_TVD_MIME_EPI, UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Hi Steve, Just came across a situation where cifs client was failing to mount a share with ntlmssp served by cifsd based server. The server is misbehaving in that is should have set the EncryptionKeyLength to zero (when offering extended security). Regardless though, a windows client will happily continue whereas the cifs client will return IO(5) error. Looking in the MS-SMB spec (2.2.4.5.2.1) mentions "ChallengeLength (1 byte): When the CAP_EXTENDED_SECURITY bit is set, the server MUST set this value to zero and clients MUST ignore this value." I attach a patch to cifs for this thanks, Noel From ccd99a91f3b73e4281cabd8dd84b0e46bff71865 Mon Sep 17 00:00:00 2001 From: Noel Power Date: Wed, 27 May 2015 09:22:10 +0100 Subject: [PATCH] client MUST ignore EncryptionKeyLength if CAP_EXTENDED_SECURITY is set [MS-SMB] 2.2.4.5.2.1 states: "ChallengeLength (1 byte): When the CAP_EXTENDED_SECURITY bit is set, the server MUST set this value to zero and clients MUST ignore this value." Signed-off-by: Noel Power --- fs/cifs/cifssmb.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c index 5f1f328..ea938a8 100644 --- a/fs/cifs/cifssmb.c +++ b/fs/cifs/cifssmb.c @@ -629,9 +629,8 @@ CIFSSMBNegotiate(const unsigned int xid, struct cifs_ses *ses) server->negflavor = CIFS_NEGFLAVOR_UNENCAP; memcpy(ses->server->cryptkey, pSMBr->u.EncryptionKey, CIFS_CRYPTO_KEY_SIZE); - } else if ((pSMBr->hdr.Flags2 & SMBFLG2_EXT_SEC || - server->capabilities & CAP_EXTENDED_SECURITY) && - (pSMBr->EncryptionKeyLength == 0)) { + } else if (pSMBr->hdr.Flags2 & SMBFLG2_EXT_SEC || + server->capabilities & CAP_EXTENDED_SECURITY) { server->negflavor = CIFS_NEGFLAVOR_EXTENDED; rc = decode_ext_sec_blob(ses, pSMBr); } else if (server->sec_mode & SECMODE_PW_ENCRYPT) {