Re: [PATCH] CIFS: Remove encryption from the capabilities flags

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

lthough may be too large - note that an alternative is to backport current
mainline's SMB3 encryption patch series (from Pavel) to stable (which was
recently merged).  It is a very nice security feature - but larger than
usual for a backport.

On Mon, Feb 27, 2017 at 5:20 PM, Pavel Shilovsky <pshilov@xxxxxxxxxxxxx> wrote:
> Currently the client claims to support encryption but it doesn't.
> This results in rejecting TreeConnect requests by a server that expects
> them to be encrypted. Fix it by removing encryption from the capabilities
> flags. This problem affects kernels from v4.5 to v4.10.
>
> Cc: Steve French <smfrench@xxxxxxxxx>
> Cc: Stable <stable@xxxxxxxxxxxxxxx> # v4.5-v4.10
> Signed-off-by: Pavel Shilovsky <pshilov@xxxxxxxxxxxxx>
> ---
>  fs/cifs/smb2ops.c | 8 ++++++--
>  1 file changed, 6 insertions(+), 2 deletions(-)
>
> diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c
> index 5d456eb..87a58f0 100644
> --- a/fs/cifs/smb2ops.c
> +++ b/fs/cifs/smb2ops.c
> @@ -1925,7 +1925,9 @@ struct smb_version_values smb21_values = {
>  struct smb_version_values smb30_values = {
>         .version_string = SMB30_VERSION_STRING,
>         .protocol_id = SMB30_PROT_ID,
> -       .req_capabilities = SMB2_GLOBAL_CAP_DFS | SMB2_GLOBAL_CAP_LEASING | SMB2_GLOBAL_CAP_LARGE_MTU | SMB2_GLOBAL_CAP_PERSISTENT_HANDLES | SMB2_GLOBAL_CAP_ENCRYPTION,
> +       .req_capabilities = SMB2_GLOBAL_CAP_DFS | SMB2_GLOBAL_CAP_LEASING
> +                       | SMB2_GLOBAL_CAP_LARGE_MTU
> +                       | SMB2_GLOBAL_CAP_PERSISTENT_HANDLES,
>         .large_lock_type = 0,
>         .exclusive_lock_type = SMB2_LOCKFLAG_EXCLUSIVE_LOCK,
>         .shared_lock_type = SMB2_LOCKFLAG_SHARED_LOCK,
> @@ -1945,7 +1947,9 @@ struct smb_version_values smb30_values = {
>  struct smb_version_values smb302_values = {
>         .version_string = SMB302_VERSION_STRING,
>         .protocol_id = SMB302_PROT_ID,
> -       .req_capabilities = SMB2_GLOBAL_CAP_DFS | SMB2_GLOBAL_CAP_LEASING | SMB2_GLOBAL_CAP_LARGE_MTU | SMB2_GLOBAL_CAP_PERSISTENT_HANDLES | SMB2_GLOBAL_CAP_ENCRYPTION,
> +       .req_capabilities = SMB2_GLOBAL_CAP_DFS | SMB2_GLOBAL_CAP_LEASING
> +                       | SMB2_GLOBAL_CAP_LARGE_MTU
> +                       | SMB2_GLOBAL_CAP_PERSISTENT_HANDLES,
>         .large_lock_type = 0,
>         .exclusive_lock_type = SMB2_LOCKFLAG_EXCLUSIVE_LOCK,
>         .shared_lock_type = SMB2_LOCKFLAG_SHARED_LOCK,
> --
> 2.7.4
>



-- 
Thanks,

Steve
[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]