ksmbd: set NTLMSSP_NEGOTIATE_SEAL flag to challenge blob
authorNamjae Jeon <linkinjeon@kernel.org>
Thu, 22 Sep 2022 14:37:41 +0000 (23:37 +0900)
committerSteve French <stfrench@microsoft.com>
Wed, 5 Oct 2022 06:15:44 +0000 (01:15 -0500)
If NTLMSSP_NEGOTIATE_SEAL flags is set in negotiate blob from client,
Set NTLMSSP_NEGOTIATE_SEAL flag to challenge blob.

Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
fs/ksmbd/auth.c
fs/ksmbd/smb2pdu.c
fs/ksmbd/smb2pdu.h

index 2330d7754cf6df4c759d71a0e7b2bd6bcd286d9a..2a39ffb8423b75dfc205215d4df85b09a1859aa4 100644 (file)
@@ -424,6 +424,9 @@ ksmbd_build_ntlmssp_challenge_blob(struct challenge_message *chgblob,
                                   NTLMSSP_NEGOTIATE_56);
        }
 
+       if (cflags & NTLMSSP_NEGOTIATE_SEAL && smb3_encryption_negotiated(conn))
+               flags |= NTLMSSP_NEGOTIATE_SEAL;
+
        if (cflags & NTLMSSP_NEGOTIATE_ALWAYS_SIGN)
                flags |= NTLMSSP_NEGOTIATE_ALWAYS_SIGN;
 
index 649f9b72707a5c493b213ff5e82ea58e984b4caa..f99698ce955b0e09816776e01c65e981cb7459ef 100644 (file)
@@ -925,7 +925,7 @@ static void decode_encrypt_ctxt(struct ksmbd_conn *conn,
  *
  * Return:     true if connection should be encrypted, else false
  */
-static bool smb3_encryption_negotiated(struct ksmbd_conn *conn)
+bool smb3_encryption_negotiated(struct ksmbd_conn *conn)
 {
        if (!conn->ops->generate_encryptionkey)
                return false;
index 2eb6b819c89dc26d1d3f84499889ec62c8c2a456..092fdd3f8750514e0144116a284148129c8876b7 100644 (file)
@@ -494,6 +494,7 @@ int smb3_decrypt_req(struct ksmbd_work *work);
 int smb3_encrypt_resp(struct ksmbd_work *work);
 bool smb3_11_final_sess_setup_resp(struct ksmbd_work *work);
 int smb2_set_rsp_credits(struct ksmbd_work *work);
+bool smb3_encryption_negotiated(struct ksmbd_conn *conn);
 
 /* smb2 misc functions */
 int ksmbd_smb2_check_message(struct ksmbd_work *work);