Check SMB3 dialects against downgrade attacks
authorSteve French <smfrench@gmail.com>
Wed, 20 Nov 2013 05:44:46 +0000 (23:44 -0600)
committerSteve French <smfrench@gmail.com>
Wed, 20 Nov 2013 05:52:54 +0000 (23:52 -0600)
commitff1c038addc4f205d5f1ede449426c7d316c0eed
tree6beb176bfee8d237bc06586474493f73702f0959
parent7d3fb24bce87a240ee5a5f99cdd72b1f336d5c3b
Check SMB3 dialects against downgrade attacks

When we are running SMB3 or SMB3.02 connections which are signed
we need to validate the protocol negotiation information,
to ensure that the negotiate protocol response was not tampered with.

Add the missing FSCTL which is sent at mount time (immediately after
the SMB3 Tree Connect) to validate that the capabilities match
what we think the server sent.

"Secure dialect negotiation is introduced in SMB3 to protect against
man-in-the-middle attempt to downgrade dialect negotiation.
The idea is to prevent an eavesdropper from downgrading the initially
negotiated dialect and capabilities between the client and the server."

For more explanation see 2.2.31.4 of MS-SMB2 or
http://blogs.msdn.com/b/openspecification/archive/2012/06/28/smb3-secure-dialect-negotiation.aspx

Reviewed-by: Pavel Shilovsky <piastry@etersoft.ru>
Signed-off-by: Steve French <smfrench@gmail.com>
fs/cifs/cifsglob.h
fs/cifs/smb2ops.c
fs/cifs/smb2pdu.c
fs/cifs/smb2pdu.h
fs/cifs/smb2proto.h
fs/cifs/smbfsctl.h