encrypt the tcon itself if seal requested on mount and set encryption support for 3.11 properly

Commit Message

Steve French April 22, 2018, 3:44 p.m. UTC

Needed to add one additional minor change for Samba (samba server
doesn't allow the two byte pad at the end of the negotiate context
that was the result of removing one of the ciphers and returned an
error on SMB311 negprot

I need to add:

sfrench@Ubuntu-17-Virtual-Ma

On Sat, Apr 21, 2018 at 12:04 PM, Steve French <smfrench@gmail.com> wrote:
> Any extra testing would be appreciated of this - I tried to Windows
> 2016 with and without encrypted share and also to Samba 4.7
>
> On Fri, Apr 20, 2018 at 11:55 PM, Steve French <smfrench@gmail.com> wrote:
>> On Fri, Apr 20, 2018 at 7:14 PM, Pavel Shilovsky <piastryyy@gmail.com> wrote:
>>> Looks good. Please also fix the encryption negotiate context:
>>
>>  Fixed. Disabled AES-128GCM.  See attached.
>>
>> Seems to work ok to Windows 3.11 now, and SMB3 tconx is also now
>> encrypted if "seal" chosen on mount - tried it to Windows 2016 and to
>> Samba 4.7
>>
>> Main remaining problem that I see is smb3.11 reconnect (it looks like
>> we are clearing the hash - but must be missing something)
>> --
>> Thanks,
>>
>> Steve
>
>
>
> --
> Thanks,
>
> Steve

Patch

diff --git a/fs/cifs/smb2pdu.h b/fs/cifs/smb2pdu.h
index 6093e5142b2b..d28f358022c5 100644
--- a/fs/cifs/smb2pdu.h
+++ b/fs/cifs/smb2pdu.h
@@ -297,7 +297,7 @@  struct smb2_encryption_neg_context {
        __le16  DataLength;
        __le32  Reserved;
        __le16  CipherCount; /* AES-128-GCM and AES-128-CCM */
-       __le16  Ciphers[2]; /* Ciphers[0] since only one used now */
+       __le16  Ciphers[1]; /* Ciphers[0] since only one used now */
 } __packed;

 struct smb2_negotiate_rsp {