CIFS: Enable encryption during session setup phase · 26dc7476ef - evie/android_kernel_oneplus_msm8998 - Gay Catgirls Forgejo: gay catgirls having sex

evie/android_kernel_oneplus_msm8998

CIFS: Enable encryption during session setup phase

commit cabfb3680f78981d26c078a26e5c748531257ebb upstream.

In order to allow encryption on SMB connection we need to exchange
a session key and generate encryption and decryption keys.

Signed-off-by: Pavel Shilovsky <pshilov@microsoft.com>
Signed-off-by: Srivatsa S. Bhat <srivatsa@csail.mit.edu>
Cc: Steve French <smfrench@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

This commit is contained in:

Pavel Shilovsky

2016-11-07 18:20:50 -08:00

• committed by

Greg Kroah-Hartman

parent 0a53587ac6

commit 26dc7476ef

2 changed files with 11 additions and 19 deletions

									
										22

fs/cifs/sess.c
									
										View file
										
				@ -344,13 +344,12 @@ void build_ntlmssp_negotiate_blob(unsigned char *pbuffer,

					/* BB is NTLMV2 session security format easier to use here? */

					flags = NTLMSSP_NEGOTIATE_56 |	NTLMSSP_REQUEST_TARGET |

						NTLMSSP_NEGOTIATE_128 | NTLMSSP_NEGOTIATE_UNICODE |

						NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_EXTENDED_SEC;

					if (ses->server->sign) {

						NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_EXTENDED_SEC |

						NTLMSSP_NEGOTIATE_SEAL;

					if (ses->server->sign)

						flags |= NTLMSSP_NEGOTIATE_SIGN;

						if (!ses->server->session_estab ||

								ses->ntlmssp->sesskey_per_smbsess)

							flags |= NTLMSSP_NEGOTIATE_KEY_XCH;

					}

					if (!ses->server->session_estab || ses->ntlmssp->sesskey_per_smbsess)

						flags |= NTLMSSP_NEGOTIATE_KEY_XCH;

					sec_blob->NegotiateFlags = cpu_to_le32(flags);

				@ -407,13 +406,12 @@ int build_ntlmssp_auth_blob(unsigned char **pbuffer,

					flags = NTLMSSP_NEGOTIATE_56 |

						NTLMSSP_REQUEST_TARGET | NTLMSSP_NEGOTIATE_TARGET_INFO |

						NTLMSSP_NEGOTIATE_128 | NTLMSSP_NEGOTIATE_UNICODE |

						NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_EXTENDED_SEC;

					if (ses->server->sign) {

						NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_EXTENDED_SEC |

						NTLMSSP_NEGOTIATE_SEAL;

					if (ses->server->sign)

						flags |= NTLMSSP_NEGOTIATE_SIGN;

						if (!ses->server->session_estab ||

								ses->ntlmssp->sesskey_per_smbsess)

							flags |= NTLMSSP_NEGOTIATE_KEY_XCH;

					}

					if (!ses->server->session_estab || ses->ntlmssp->sesskey_per_smbsess)

						flags |= NTLMSSP_NEGOTIATE_KEY_XCH;

					tmp = *pbuffer + sizeof(AUTHENTICATE_MESSAGE);

					sec_blob->NegotiateFlags = cpu_to_le32(flags);

									
										8

fs/cifs/smb2pdu.c
									
										View file
										
				@ -832,10 +832,8 @@ ssetup_exit:

					if (!rc) {

						mutex_lock(&server->srv_mutex);

						if (server->sign && server->ops->generate_signingkey) {

						if (server->ops->generate_signingkey) {

							rc = server->ops->generate_signingkey(ses);

							kfree(ses->auth_key.response);

							ses->auth_key.response = NULL;

							if (rc) {

								cifs_dbg(FYI,

									"SMB3 session key generation failed\n");

				@ -857,10 +855,6 @@ ssetup_exit:

					}

				keygen_exit:

					if (!server->sign) {

						kfree(ses->auth_key.response);

						ses->auth_key.response = NULL;

					}

					if (spnego_key) {

						key_invalidate(spnego_key);

						key_put(spnego_key);