Re: [PATCH] cifs: don't start signing too early

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 11 Jul 2011 09:28:24 -0500
Shirish Pargaonkar <shirishpargaonkar@xxxxxxxxx> wrote:

> On Mon, Jul 11, 2011 at 9:16 AM, Jeff Layton <jlayton@xxxxxxxxxx> wrote:
> > Sniffing traffic on the wire shows that windows clients send a zeroed
> > out signature field in a NEGOTIATE request, and send "BSRSPYL" in the
> > signature field during SESSION_SETUP. Make the cifs client behave the
> > same way.
> >
> > It doesn't seem to make much difference in any server that I've tested
> > against, but it's probably best to follow windows behavior as closely as
> > possible here.
> >
> > Signed-off-by: Jeff Layton <jlayton@xxxxxxxxxx>
> > ---
> >  fs/cifs/cifsencrypt.c |   16 ++++++++++++++--
> >  1 files changed, 14 insertions(+), 2 deletions(-)
> >
> > diff --git a/fs/cifs/cifsencrypt.c b/fs/cifs/cifsencrypt.c
> > index 5a0ee7f..45ae18e 100644
> > --- a/fs/cifs/cifsencrypt.c
> > +++ b/fs/cifs/cifsencrypt.c
> > @@ -77,9 +77,15 @@ int cifs_sign_smb(struct smb_hdr *cifs_pdu, struct TCP_Server_Info *server,
> >        if ((cifs_pdu == NULL) || (server == NULL))
> >                return -EINVAL;
> >
> > -       if ((cifs_pdu->Flags2 & SMBFLG2_SECURITY_SIGNATURE) == 0)
> > +       if (!(cifs_pdu->Flags2 & SMBFLG2_SECURITY_SIGNATURE) ||
> > +           server->tcpStatus == CifsNeedNegotiate)
> 
> Jeff, why do we need to set the tcpStatus here?  Not sure what would be
> a value of tcpStatus at this point.
> 

Uhh...that's a check to see if it's in CifsNeedNegotiate.

If it is, then we don't want to do anything -- just leave it zeroed out.

> >                return rc;
> >
> > +       if (!server->session_estab) {
> > +               strncpy(cifs_pdu->Signature.SecuritySignature, "BSRSPYL", 8);
> > +               return rc;
> > +       }
> > +
> >        cifs_pdu->Signature.Sequence.SequenceNumber =
> >                        cpu_to_le32(server->sequence_number);
> >        cifs_pdu->Signature.Sequence.Reserved = 0;
> > @@ -154,9 +160,15 @@ int cifs_sign_smb2(struct kvec *iov, int n_vec, struct TCP_Server_Info *server,
> >        if ((cifs_pdu == NULL) || (server == NULL))
> >                return -EINVAL;
> >
> > -       if ((cifs_pdu->Flags2 & SMBFLG2_SECURITY_SIGNATURE) == 0)
> > +       if (!(cifs_pdu->Flags2 & SMBFLG2_SECURITY_SIGNATURE) ||
> > +           server->tcpStatus == CifsNeedNegotiate)
> >                return rc;
> >
> > +       if (!server->session_estab) {
> > +               strncpy(cifs_pdu->Signature.SecuritySignature, "BSRSPYL", 8);
> > +               return rc;
> > +       }
> > +
> >        cifs_pdu->Signature.Sequence.SequenceNumber =
> >                                cpu_to_le32(server->sequence_number);
> >        cifs_pdu->Signature.Sequence.Reserved = 0;
> > --
> > 1.7.6
> >
> > --
> > To unsubscribe from this list: send the line "unsubscribe linux-cifs" in
> > the body of a message to majordomo@xxxxxxxxxxxxxxx
> > More majordomo info at  http://vger.kernel.org/majordomo-info.html
> >


-- 
Jeff Layton <jlayton@xxxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe linux-cifs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux