Received: by 10.213.65.68 with SMTP id h4csp282503imn;
        Fri, 23 Mar 2018 04:40:48 -0700 (PDT)
X-Google-Smtp-Source: AG47ELtY31gOtAavFgXoaS/LItxOh44FxmlKf5A7zv3ONzA+CEYRf9aXF66jBQHxysk6Kug+UcSy
X-Received: by 10.99.38.135 with SMTP id m129mr9738679pgm.2.1521805248132;
        Fri, 23 Mar 2018 04:40:48 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1521805248; cv=none;
        d=google.com; s=arc-20160816;
        b=GValxUqZH8dnrlpA6iF4eLOI+EAikXD2aTEvKDvBewQoGMrSKmKHEux6rnWvaNQz1B
         EFAoiNn+27wHOSA/MuUHLHwTWiX/rqzvpCZ52O8/aFJI8qmSkvh0jDqTN0JsVoe2DYxb
         HcuKAYKw3LGi8dFudoxYs4HyRapysM9HgTcQUiVqO1Fb9ypq6b/k0VG8Bs2c0ihsT1oe
         GTfdVHSgUvvs4f7ABG01PAiFEGr+XAmLfm/mWCwoTGywhbobzj3+rkSO+dnbdFEVknnS
         6VZuu/DYAU9HLAkxnp4H90BEl2ztGxULOtjqmhzho0+kqkH1GNRgydSnRiOUVLjpEZTB
         Zvyw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:user-agent:references
         :in-reply-to:message-id:date:subject:cc:to:from
         :arc-authentication-results;
        bh=3K4QqGCkzDH5VcXXL0cYu/BtTVyZ3/y5tuyyCy9feB4=;
        b=i/87OKW2WH6imYdg9JFzFVq2yXipJ70ZEG/h+9E25CCAlYSwxqdG9lxjnurbh9J4zJ
         68hFxUQNFe3yqYl0Y9raSDe11AYjNnwnzU+fPp+jXLn2mHswvKgj6BjA434c/nfqQLnR
         UFW3n+kHDN805pugLvdV2f1HZQRCpQtuwii2GC1lAqTce5j6NVnFwZ8K8tjIJ8O0srlP
         tBFKyLZjSJAeKXODv6+ZIlZv4fZngFbtZMM1xLLERRwkNiysO2LoVmDL407ditBbYcYD
         nwFM037FccTpePanZcf5JVhUjqcDlb9935sYgV7wK1yHoCHL17mGp6k60Ls7T3UulRwu
         JFQw==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id p7-v6si2170458plk.653.2018.03.23.04.40.33;
        Fri, 23 Mar 2018 04:40:48 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1754693AbeCWKEU (ORCPT <rfc822;chrisloverchio@gmail.com>
        + 99 others); Fri, 23 Mar 2018 06:04:20 -0400
Received: from mail.linuxfoundation.org ([140.211.169.12]:39096 "EHLO
        mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1754642AbeCWKEQ (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 23 Mar 2018 06:04:16 -0400
Received: from localhost (LFbn-1-12247-202.w90-92.abo.wanadoo.fr [90.92.61.202])
        by mail.linuxfoundation.org (Postfix) with ESMTPSA id DD1CF13C9;
        Fri, 23 Mar 2018 10:04:15 +0000 (UTC)
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Pavel Shilovsky <pshilov@microsoft.com>,
        Steve French <smfrench@gmail.com>
Subject: [PATCH 4.9 004/177] CIFS: Enable encryption during session setup phase
Date:   Fri, 23 Mar 2018 10:52:12 +0100
Message-Id: <20180323094205.390766145@linuxfoundation.org>
X-Mailer: git-send-email 2.16.2
In-Reply-To: <20180323094205.090519271@linuxfoundation.org>
References: <20180323094205.090519271@linuxfoundation.org>
User-Agent: quilt/0.65
X-stable: review
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

4.9-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Pavel Shilovsky <pshilov@microsoft.com>

commit cabfb3680f78981d26c078a26e5c748531257ebb upstream.

In order to allow encryption on SMB connection we need to exchange
a session key and generate encryption and decryption keys.

Signed-off-by: Pavel Shilovsky <pshilov@microsoft.com>
Cc: Steve French <smfrench@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>


---
 fs/cifs/sess.c    |   22 ++++++++++------------
 fs/cifs/smb2pdu.c |   12 ++----------
 2 files changed, 12 insertions(+), 22 deletions(-)

--- a/fs/cifs/sess.c
+++ b/fs/cifs/sess.c
@@ -344,13 +344,12 @@ void build_ntlmssp_negotiate_blob(unsign
 	/* BB is NTLMV2 session security format easier to use here? */
 	flags = NTLMSSP_NEGOTIATE_56 |	NTLMSSP_REQUEST_TARGET |
 		NTLMSSP_NEGOTIATE_128 | NTLMSSP_NEGOTIATE_UNICODE |
-		NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_EXTENDED_SEC;
-	if (ses->server->sign) {
+		NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_EXTENDED_SEC |
+		NTLMSSP_NEGOTIATE_SEAL;
+	if (ses->server->sign)
 		flags |= NTLMSSP_NEGOTIATE_SIGN;
-		if (!ses->server->session_estab ||
-				ses->ntlmssp->sesskey_per_smbsess)
-			flags |= NTLMSSP_NEGOTIATE_KEY_XCH;
-	}
+	if (!ses->server->session_estab || ses->ntlmssp->sesskey_per_smbsess)
+		flags |= NTLMSSP_NEGOTIATE_KEY_XCH;
 
 	sec_blob->NegotiateFlags = cpu_to_le32(flags);
 
@@ -407,13 +406,12 @@ int build_ntlmssp_auth_blob(unsigned cha
 	flags = NTLMSSP_NEGOTIATE_56 |
 		NTLMSSP_REQUEST_TARGET | NTLMSSP_NEGOTIATE_TARGET_INFO |
 		NTLMSSP_NEGOTIATE_128 | NTLMSSP_NEGOTIATE_UNICODE |
-		NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_EXTENDED_SEC;
-	if (ses->server->sign) {
+		NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_EXTENDED_SEC |
+		NTLMSSP_NEGOTIATE_SEAL;
+	if (ses->server->sign)
 		flags |= NTLMSSP_NEGOTIATE_SIGN;
-		if (!ses->server->session_estab ||
-				ses->ntlmssp->sesskey_per_smbsess)
-			flags |= NTLMSSP_NEGOTIATE_KEY_XCH;
-	}
+	if (!ses->server->session_estab || ses->ntlmssp->sesskey_per_smbsess)
+		flags |= NTLMSSP_NEGOTIATE_KEY_XCH;
 
 	tmp = *pbuffer + sizeof(AUTHENTICATE_MESSAGE);
 	sec_blob->NegotiateFlags = cpu_to_le32(flags);
--- a/fs/cifs/smb2pdu.c
+++ b/fs/cifs/smb2pdu.c
@@ -707,15 +707,13 @@ SMB2_sess_establish_session(struct SMB2_
 	struct cifs_ses *ses = sess_data->ses;
 
 	mutex_lock(&ses->server->srv_mutex);
-	if (ses->server->sign && ses->server->ops->generate_signingkey) {
+	if (ses->server->ops->generate_signingkey) {
 		rc = ses->server->ops->generate_signingkey(ses);
-		kfree(ses->auth_key.response);
-		ses->auth_key.response = NULL;
 		if (rc) {
 			cifs_dbg(FYI,
 				"SMB3 session key generation failed\n");
 			mutex_unlock(&ses->server->srv_mutex);
-			goto keygen_exit;
+			return rc;
 		}
 	}
 	if (!ses->server->session_estab) {
@@ -729,12 +727,6 @@ SMB2_sess_establish_session(struct SMB2_
 	ses->status = CifsGood;
 	ses->need_reconnect = false;
 	spin_unlock(&GlobalMid_Lock);
-
-keygen_exit:
-	if (!ses->server->sign) {
-		kfree(ses->auth_key.response);
-		ses->auth_key.response = NULL;
-	}
 	return rc;
 }