From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Google-Smtp-Source: AH8x224ac73y6Qet4oPKOm+7ejSTVr1KIRoXwTEah4jCQ9FTD4zaICokFTmu6pnLOW1eHfU/pHS8 ARC-Seal: i=1; a=rsa-sha256; t=1518708043; cv=none; d=google.com; s=arc-20160816; b=shw1yq9Trz2hetGtu5VAFlWY7VZ74AmuswdGKl3ikSmvrEmoMcbrVFUZP7kAfZhLFE a1qrXCOw/Ik+Fr1RUy1kbAb48oOE/gcVqruhD5GUfINOpx56B1dsMZ8Ah2qxO3uenvWw iLTwlZR/v41WyF5hA6VN4wkIXlZP0uqy6KHNfDtUP88fxVqSpkkrk5WxDCTkv6lKUawl jee+YfcaJQ4ypsg6ncqasstT/TBU5yKNoUClCqNC2RyFzpCZPyIiPbf3yRIawJWVQ47A 5Ey8NxWcE++EgH9Ol1GsRmFbRcbssDJgqvRv0NGBND3g8HIwEuA77/+9jJooDtm2ZCgv xSGQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=mime-version:user-agent:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=URqG5cHx1w9jdCVWWMe/VI0fpJ5d9iq5encu6R33hNM=; b=Aocrlb1zj7MIWXEq9rIA6+9rTTEbR90QpRxQsXZ97tH3CNUQKhhArIdDT/bjPO5fEv TRgQIjf3tPqtHVTLWTw/I7/5ggEm2lCDlcq4H+ibs93boQ5qJFrn21B1SRnEyvqU4u5D mlRxQxJgiu8LH8WaIM9Sc+lSi1QneRjbK2aU1Cd2wJcPhVclabvsQ6BbDAGCTVToIiiO 8WELIy4n7DaIqtVvnmWQyhx3XX9Gw+Lw+UA4+MJaur4zkEMp/BPuqPn8b/0km9INIUMY g2usywO+ZBCsG/vOYBzYxuxaKopDwKTiHfPQ1BA/5HcRwDh9hLKHaePyBUFWpXXM5YRA 00kw== ARC-Authentication-Results: i=1; mx.google.com; spf=softfail (google.com: domain of transitioning gregkh@linuxfoundation.org does not designate 90.92.71.90 as permitted sender) smtp.mailfrom=gregkh@linuxfoundation.org Authentication-Results: mx.google.com; spf=softfail (google.com: domain of transitioning gregkh@linuxfoundation.org does not designate 90.92.71.90 as permitted sender) smtp.mailfrom=gregkh@linuxfoundation.org From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Daniel N Pettersson , Steve French Subject: [PATCH 3.18 12/45] cifs: Fix autonegotiate security settings mismatch Date: Thu, 15 Feb 2018 16:17:03 +0100 Message-Id: <20180215144118.480751494@linuxfoundation.org> X-Mailer: git-send-email 2.16.1 In-Reply-To: <20180215144115.863307741@linuxfoundation.org> References: <20180215144115.863307741@linuxfoundation.org> User-Agent: quilt/0.65 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-LABELS: =?utf-8?b?IlxcU2VudCI=?= X-GMAIL-THRID: =?utf-8?q?1592480805099835569?= X-GMAIL-MSGID: =?utf-8?q?1592480805099835569?= X-Mailing-List: linux-kernel@vger.kernel.org List-ID: 3.18-stable review patch. If anyone has any objections, please let me know. ------------------ From: Daniel N Pettersson commit 9aca7e454415f7878b28524e76bebe1170911a88 upstream. Autonegotiation gives a security settings mismatch error if the SMB server selects an SMBv3 dialect that isn't SMB3.02. The exact error is "protocol revalidation - security settings mismatch". This can be tested using Samba v4.2 or by setting the global Samba setting max protocol = SMB3_00. The check that fails in smb3_validate_negotiate is the dialect verification of the negotiate info response. This is because it tries to verify against the protocol_id in the global smbdefault_values. The protocol_id in smbdefault_values is SMB3.02. In SMB2_negotiate the protocol_id in smbdefault_values isn't updated, it is global so it probably shouldn't be, but server->dialect is. This patch changes the check in smb3_validate_negotiate to use server->dialect instead of server->vals->protocol_id. The patch works with autonegotiate and when using a specific version in the vers mount option. Signed-off-by: Daniel N Pettersson Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman --- fs/cifs/smb2pdu.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) --- a/fs/cifs/smb2pdu.c +++ b/fs/cifs/smb2pdu.c @@ -507,8 +507,7 @@ int smb3_validate_negotiate(const unsign } /* check validate negotiate info response matches what we got earlier */ - if (pneg_rsp->Dialect != - cpu_to_le16(tcon->ses->server->vals->protocol_id)) + if (pneg_rsp->Dialect != cpu_to_le16(tcon->ses->server->dialect)) goto vneg_out; if (pneg_rsp->SecurityMode != cpu_to_le16(tcon->ses->server->sec_mode))