cifs: don't start signing too early
authorJeff Layton <jlayton@redhat.com>
Tue, 26 Jul 2011 16:21:17 +0000 (12:21 -0400)
committerSteve French <sfrench@us.ibm.com>
Sun, 31 Jul 2011 21:21:06 +0000 (21:21 +0000)
Sniffing traffic on the wire shows that windows clients send a zeroed
out signature field in a NEGOTIATE request, and send "BSRSPYL" in the
signature field during SESSION_SETUP. Make the cifs client behave the
same way.

It doesn't seem to make much difference in any server that I've tested
against, but it's probably best to follow windows behavior as closely as
possible here.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Reviewed-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
fs/cifs/cifsencrypt.c

index 259991bd2112b4d40bd919d5d405b2440317831d..e76bfeb68267d19c5874eb85ddd12fac970a804e 100644 (file)
@@ -87,9 +87,15 @@ int cifs_sign_smb(struct smb_hdr *cifs_pdu, struct TCP_Server_Info *server,
        if ((cifs_pdu == NULL) || (server == NULL))
                return -EINVAL;
 
-       if ((cifs_pdu->Flags2 & SMBFLG2_SECURITY_SIGNATURE) == 0)
+       if (!(cifs_pdu->Flags2 & SMBFLG2_SECURITY_SIGNATURE) ||
+           server->tcpStatus == CifsNeedNegotiate)
                return rc;
 
+       if (!server->session_estab) {
+               strncpy(cifs_pdu->Signature.SecuritySignature, "BSRSPYL", 8);
+               return rc;
+       }
+
        cifs_pdu->Signature.Sequence.SequenceNumber =
                        cpu_to_le32(server->sequence_number);
        cifs_pdu->Signature.Sequence.Reserved = 0;
@@ -178,9 +184,15 @@ int cifs_sign_smb2(struct kvec *iov, int n_vec, struct TCP_Server_Info *server,
        if ((cifs_pdu == NULL) || (server == NULL))
                return -EINVAL;
 
-       if ((cifs_pdu->Flags2 & SMBFLG2_SECURITY_SIGNATURE) == 0)
+       if (!(cifs_pdu->Flags2 & SMBFLG2_SECURITY_SIGNATURE) ||
+           server->tcpStatus == CifsNeedNegotiate)
                return rc;
 
+       if (!server->session_estab) {
+               strncpy(cifs_pdu->Signature.SecuritySignature, "BSRSPYL", 8);
+               return rc;
+       }
+
        cifs_pdu->Signature.Sequence.SequenceNumber =
                                cpu_to_le32(server->sequence_number);
        cifs_pdu->Signature.Sequence.Reserved = 0;