Patch "smb3: do not set NTLMSSP_VERSION flag for negotiate not auth request" has been added to the 6.1-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Sun, 30 Jul 2023 22:04:08 -0400

This is a note to let you know that I've just added the patch titled

    smb3: do not set NTLMSSP_VERSION flag for negotiate not auth request

to the 6.1-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     smb3-do-not-set-ntlmssp_version-flag-for-negotiate-n.patch
and it can be found in the queue-6.1 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit fffe872feb59b994d32a77e5edb9217920a4f623
Author: Steve French <stfrench@xxxxxxxxxxxxx>
Date:   Tue Jul 25 01:05:23 2023 -0500

    smb3: do not set NTLMSSP_VERSION flag for negotiate not auth request
    
    [ Upstream commit 19826558210b9102a7d4681c91784d137d60d71b ]
    
    The NTLMSSP_NEGOTIATE_VERSION flag only needs to be sent during
    the NTLMSSP NEGOTIATE (not the AUTH) request, so filter it out for
    NTLMSSP AUTH requests. See MS-NLMP 2.2.1.3
    
    This fixes a problem found by the gssntlmssp server.
    
    Link: https://github.com/gssapi/gss-ntlmssp/issues/95
    Fixes: 52d005337b2c ("smb3: send NTLMSSP version information")
    Acked-by: Roy Shterman <roy.shterman@xxxxxxxxx>
    Signed-off-by: Steve French <stfrench@xxxxxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/fs/smb/client/sess.c b/fs/smb/client/sess.c
index 81be17845072a..1e3e22979604f 100644
--- a/fs/smb/client/sess.c
+++ b/fs/smb/client/sess.c
@@ -1014,6 +1014,7 @@ int build_ntlmssp_smb3_negotiate_blob(unsigned char **pbuffer,
 }
 
 
+/* See MS-NLMP 2.2.1.3 */
 int build_ntlmssp_auth_blob(unsigned char **pbuffer,
 					u16 *buflen,
 				   struct cifs_ses *ses,
@@ -1048,7 +1049,8 @@ int build_ntlmssp_auth_blob(unsigned char **pbuffer,
 
 	flags = ses->ntlmssp->server_flags | NTLMSSP_REQUEST_TARGET |
 		NTLMSSP_NEGOTIATE_TARGET_INFO | NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED;
-
+	/* we only send version information in ntlmssp negotiate, so do not set this flag */
+	flags = flags & ~NTLMSSP_NEGOTIATE_VERSION;
 	tmp = *pbuffer + sizeof(AUTHENTICATE_MESSAGE);
 	sec_blob->NegotiateFlags = cpu_to_le32(flags);
 






