From patchwork Sat Oct 17 09:03:44 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve French X-Patchwork-Id: 11842689 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.6 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1C154C433DF for ; Sat, 17 Oct 2020 09:03:59 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id CB286206DD for ; Sat, 17 Oct 2020 09:03:58 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="oNAeAZ/0" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2411724AbgJQJD6 (ORCPT ); Sat, 17 Oct 2020 05:03:58 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57046 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2408830AbgJQJD5 (ORCPT ); Sat, 17 Oct 2020 05:03:57 -0400 Received: from mail-lj1-x22b.google.com (mail-lj1-x22b.google.com [IPv6:2a00:1450:4864:20::22b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3CCDDC061755 for ; Sat, 17 Oct 2020 02:03:57 -0700 (PDT) Received: by mail-lj1-x22b.google.com with SMTP id i2so5316163ljg.4 for ; Sat, 17 Oct 2020 02:03:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to:cc; bh=1644VA1in5OCiyTa4ZQ9eoTWA69oPpYauzaK3e8eaBY=; b=oNAeAZ/0JkpHve+/+j9KmYV7WYZ0Q0FUgsNczgUrb+PCwoA6P+B4ECphfjfjfuf0ov C/LzikQVh1bh6WR/o3DcKO/6UtMksOnnxGFiC7ei/FjMhFSUEY3IPZK2hJNAd39ssEwF LbhtrWWFESrWu8JiWb0vzoRqqbOmU+AJgAIoNgf8dCBsmiPcRzaCm/h8Wv1fN8oB0eGf eu3S72CZQjA4HS3HEoaRJ/2pKfaEZiDh+C/mily5vrd2I73yybPpVF1e12+7Esjq3iAD YpivPSU3YGw2jXNlGRHKRkOySnUnwczqXdZB7ds6qOUVBYmzqI50QtAYJDMvabvJX7LQ GwPw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=1644VA1in5OCiyTa4ZQ9eoTWA69oPpYauzaK3e8eaBY=; b=lJSo1CeKpMfIrZhiNdcxl0ywd7cZd+XHCwwUSkub3+2Pmojij77Wo8LtMGDd0zMGmr FSewjb1swngn9CLTTWcsMzwdL44+J4Ol9z1yq4orjS8RPfOltSNT6OYkAgR1Ns2SOcbz RyCWm6OZderem6cyoxqJ7wB56NBnE7IFze0Q7LpVwS+CP1WOgeyr1naVDd5InL/tlAoL RTW0tzXS0FzIo7KgDjreQfzyrCF5EWeCd0x2O6JV18xMRWSAh+FMTCvu13l0nsL4ir5u fx4YVAam+le0cN813MHH23MWIYH+B8OOBhA55hhNfEEBzPnUrfR3hldXUEoGK/kaYboW kxFw== X-Gm-Message-State: AOAM533h6JXaiDQeBjV5jM8ZXGdM67NOzTrRZ08OxzfyG8MMQ6+xNztr Si8cgKyGmd4UnDDbFihVFDME/wMItI6AD66nfy+NaGWw5qurCw== X-Google-Smtp-Source: ABdhPJyJwg4vHgeJIP2EQ6jUcrL/olzDbIn99dvz67q2n67VS0/OGNmDCg2tXLA7PDWW9M07XvTFfsyoCR6T5NX2Qtk= X-Received: by 2002:a2e:82cf:: with SMTP id n15mr2876594ljh.394.1602925435415; Sat, 17 Oct 2020 02:03:55 -0700 (PDT) MIME-Version: 1.0 From: Steve French Date: Sat, 17 Oct 2020 04:03:44 -0500 Message-ID: Subject: [PATCH][SMB3.1.1] do not fail if no encryption required when server doesn't support encryption To: CIFS Cc: =?utf-8?q?Aur=C3=A9lien_Aptel?= , Pavel Shilovsky Precedence: bulk List-ID: X-Mailing-List: linux-cifs@vger.kernel.org There are cases where the server can return a cipher type of 0 and it not be an error. For example, if server only supported AES256_CCM (very unlikely) or server supported no encryption types or had all disabled. In those cases encryption would not be supported, but that can be ok if the client did not require encryption on mount. In the case in which mount requested encryption ("seal" on mount) then checks later on during tree connection will return the proper rc, but if seal was not requested by client, since server is allowed to return 0 to indicate no supported cipher, we should not fail mount. Reported-by: Pavel Shilovsky Signed-off-by: Steve French Reviewed-by: Pavel Shilovsky From c6db40cc1a46730a78dc3e79d0791e10752d6853 Mon Sep 17 00:00:00 2001 From: Steve French Date: Sat, 17 Oct 2020 03:54:27 -0500 Subject: [PATCH] smb3.1.1: do not fail if no encryption required but server doesn't support it There are cases where the server can return a cipher type of 0 and it not be an error. For example, if server only supported AES256_CCM (very unlikely) or server supported no encryption types or had all disabled. In those cases encryption would not be supported, but that can be ok if the client did not require encryption on mount. In the case in which mount requested encryption ("seal" on mount) then checks later on during tree connection will return the proper rc, but if seal was not requested by client, since server is allowed to return 0 to indicate no supported cipher, we should not fail mount. Reported-by: Pavel Shilovsky Signed-off-by: Steve French --- fs/cifs/smb2pdu.c | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c index d504bc296349..025db5e8c183 100644 --- a/fs/cifs/smb2pdu.c +++ b/fs/cifs/smb2pdu.c @@ -616,9 +616,19 @@ static int decode_encrypt_ctx(struct TCP_Server_Info *server, return -EOPNOTSUPP; } } else if (ctxt->Ciphers[0] == 0) { - /* e.g. if server only supported AES256_CCM (very unlikely) */ - cifs_dbg(VFS, "Server does not support requested encryption types\n"); - return -EOPNOTSUPP; + /* + * e.g. if server only supported AES256_CCM (very unlikely) + * or server supported no encryption types or had all disabled. + * Since GLOBAL_CAP_ENCRYPTION will be not set, in the case + * in which mount requested encryption ("seal") checks later + * on during tree connection will return proper rc, but if + * seal not requested by client, since server is allowed to + * return 0 to indicate no supported cipher, we can't fail here + */ + server->cipher_type = 0; + server->capabilities &= ~SMB2_GLOBAL_CAP_ENCRYPTION; + pr_warn_once("Server does not support requested encryption types\n"); + return 0; } else if ((ctxt->Ciphers[0] != SMB2_ENCRYPTION_AES128_CCM) && (ctxt->Ciphers[0] != SMB2_ENCRYPTION_AES128_GCM) && (ctxt->Ciphers[0] != SMB2_ENCRYPTION_AES256_GCM)) { -- 2.25.1