smb3: do not set NTLMSSP_VERSION flag for negotiate not auth request

The NTLMSSP_NEGOTIATE_VERSION flag only needs to be sent during the NTLMSSP NEGOTIATE (not the AUTH) request, so filter it out for NTLMSSP AUTH requests. See MS-NLMP 2.2.1.3 This fixes a problem found by the gssntlmssp server. Link: https://github.com/gssapi/gss-ntlmssp/issues/95 Fixes: 52d00533 ("smb3: send NTLMSSP version information") Acked-by: Roy Shterman <roy.shterman@gmail.com> Signed-off-by: Steve French <stfrench@microsoft.com>

smb3: do not set NTLMSSP_VERSION flag for negotiate not auth request
The NTLMSSP_NEGOTIATE_VERSION flag only needs to be sent during the NTLMSSP NEGOTIATE (not the AUTH) request, so filter it out for NTLMSSP AUTH requests. See MS-NLMP 2.2.1.3 This fixes a problem found by the gssntlmssp server. Link: https://github.com/gssapi/gss-ntlmssp/issues/95 Fixes: 52d00533 ("smb3: send NTLMSSP version information") Acked-by: Roy Shterman <roy.shterman@gmail.com> Signed-off-by: Steve French <stfrench@microsoft.com>
19826558 · Steve French · a43f95fd · 19826558
Commit 19826558 authored Jul 25, 2023 by Steve French
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 1 deletion

fs/smb/client/sess.c fs/smb/client/sess.c +3 -1

No files found.
--- a/fs/smb/client/sess.c
+++ b/fs/smb/client/sess.c
@@ -1013,6 +1013,7 @@ int build_ntlmssp_smb3_negotiate_blob(unsigned char **pbuffer,
 }
+/* See MS-NLMP 2.2.1.3 */
 int build_ntlmssp_auth_blob(unsigned char **pbuffer,
 					u16 *buflen,
 				   struct cifs_ses *ses,
@@ -1047,7 +1048,8 @@ int build_ntlmssp_auth_blob(unsigned char **pbuffer,
 	flags = ses->ntlmssp->server_flags | NTLMSSP_REQUEST_TARGET |
 		NTLMSSP_NEGOTIATE_TARGET_INFO | NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED;
+	/* we only send version information in ntlmssp negotiate, so do not set this flag */
+	flags = flags & ~NTLMSSP_NEGOTIATE_VERSION;
 	tmp = *pbuffer + sizeof(AUTHENTICATE_MESSAGE);
 	sec_blob->NegotiateFlags = cpu_to_le32(flags);