1 files changed, 19 insertions, 7 deletions
diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c
index b2934683bd08..d998c4f7aae5 100644
--- a/fs/cifs/sess.c
+++ b/fs/cifs/sess.c
@@ -404,7 +404,7 @@ static int decode_ntlmssp_challenge(char *bcc_ptr, int blob_len,
        /* In particular we can examine sign flags */
        /* BB spec says that if AvId field of MsvAvTimestamp is populated then
                we must set the MIC field of the AUTHENTICATE_MESSAGE */
+        ses->ntlmssp.server_flags = le32_to_cpu(pblob->NegotiateFlags);
        tioffset = cpu_to_le16(pblob->TargetInfoArray.BufferOffset);
        tilen = cpu_to_le16(pblob->TargetInfoArray.Length);
        ses->tilen = tilen;
@@ -440,10 +440,12 @@ static void build_ntlmssp_negotiate_blob(unsigned char *pbuffer,
                NTLMSSP_NEGOTIATE_128 | NTLMSSP_NEGOTIATE_UNICODE |
                NTLMSSP_NEGOTIATE_NTLM;
        if (ses->server->secMode &
-           (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
+                        (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED)) {
                flags |= NTLMSSP_NEGOTIATE_SIGN;
-        if (ses->server->secMode & SECMODE_SIGN_REQUIRED)
+                if (!ses->server->session_estab)
-                flags |= NTLMSSP_NEGOTIATE_ALWAYS_SIGN;
+                        flags |= NTLMSSP_NEGOTIATE_KEY_XCH |
+                                NTLMSSP_NEGOTIATE_EXTENDED_SEC;
+        }
        sec_blob->NegotiateFlags |= cpu_to_le32(flags);
@@ -543,9 +545,19 @@ static int build_ntlmssp_auth_blob(unsigned char *pbuffer,
        sec_blob->WorkstationName.MaximumLength = 0;
        tmp += 2;
-        sec_blob->SessionKey.BufferOffset = cpu_to_le32(tmp - pbuffer);
+        if ((ses->ntlmssp.server_flags & NTLMSSP_NEGOTIATE_KEY_XCH) &&
-        sec_blob->SessionKey.Length = 0;
+                        !calc_seckey(ses)) {
-        sec_blob->SessionKey.MaximumLength = 0;
+                memcpy(tmp, ses->ntlmssp.ciphertext, CIFS_CPHTXT_SIZE);
+                sec_blob->SessionKey.BufferOffset = cpu_to_le32(tmp - pbuffer);
+                sec_blob->SessionKey.Length = cpu_to_le16(CIFS_CPHTXT_SIZE);
+                sec_blob->SessionKey.MaximumLength =
+                                cpu_to_le16(CIFS_CPHTXT_SIZE);
+                tmp += CIFS_CPHTXT_SIZE;
+        } else {
+                sec_blob->SessionKey.BufferOffset = cpu_to_le32(tmp - pbuffer);
+                sec_blob->SessionKey.Length = 0;
+                sec_blob->SessionKey.MaximumLength = 0;
+        }
 setup_ntlmv2_ret:
        *buflen = tmp - pbuffer;

diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c index b2934683bd08..d998c4f7aae5 100644 --- a/fs/cifs/sess.c +++ b/fs/cifs/sess.c
@@ -404,7 +404,7 @@ static int decode_ntlmssp_challenge(char *bcc_ptr, int blob_len,
404	/* In particular we can examine sign flags */	404	/* In particular we can examine sign flags */
405	/* BB spec says that if AvId field of MsvAvTimestamp is populated then	405	/* BB spec says that if AvId field of MsvAvTimestamp is populated then
406	we must set the MIC field of the AUTHENTICATE_MESSAGE */	406	we must set the MIC field of the AUTHENTICATE_MESSAGE */
407		407	ses->ntlmssp.server_flags = le32_to_cpu(pblob->NegotiateFlags);
408	tioffset = cpu_to_le16(pblob->TargetInfoArray.BufferOffset);	408	tioffset = cpu_to_le16(pblob->TargetInfoArray.BufferOffset);
409	tilen = cpu_to_le16(pblob->TargetInfoArray.Length);	409	tilen = cpu_to_le16(pblob->TargetInfoArray.Length);
410	ses->tilen = tilen;	410	ses->tilen = tilen;
@@ -440,10 +440,12 @@ static void build_ntlmssp_negotiate_blob(unsigned char *pbuffer,
440	NTLMSSP_NEGOTIATE_128 \| NTLMSSP_NEGOTIATE_UNICODE \|	440	NTLMSSP_NEGOTIATE_128 \| NTLMSSP_NEGOTIATE_UNICODE \|
441	NTLMSSP_NEGOTIATE_NTLM;	441	NTLMSSP_NEGOTIATE_NTLM;
442	if (ses->server->secMode &	442	if (ses->server->secMode &
443	(SECMODE_SIGN_REQUIRED \| SECMODE_SIGN_ENABLED))	443	(SECMODE_SIGN_REQUIRED \| SECMODE_SIGN_ENABLED)) {
444	flags \|= NTLMSSP_NEGOTIATE_SIGN;	444	flags \|= NTLMSSP_NEGOTIATE_SIGN;
445	if (ses->server->secMode & SECMODE_SIGN_REQUIRED)	445	if (!ses->server->session_estab)
446	flags \|= NTLMSSP_NEGOTIATE_ALWAYS_SIGN;	446	flags \|= NTLMSSP_NEGOTIATE_KEY_XCH \|
		447	NTLMSSP_NEGOTIATE_EXTENDED_SEC;
		448	}
447		449
448	sec_blob->NegotiateFlags \|= cpu_to_le32(flags);	450	sec_blob->NegotiateFlags \|= cpu_to_le32(flags);
449		451
@@ -543,9 +545,19 @@ static int build_ntlmssp_auth_blob(unsigned char *pbuffer,
543	sec_blob->WorkstationName.MaximumLength = 0;	545	sec_blob->WorkstationName.MaximumLength = 0;
544	tmp += 2;	546	tmp += 2;
545		547
546	sec_blob->SessionKey.BufferOffset = cpu_to_le32(tmp - pbuffer);	548	if ((ses->ntlmssp.server_flags & NTLMSSP_NEGOTIATE_KEY_XCH) &&
547	sec_blob->SessionKey.Length = 0;	549	!calc_seckey(ses)) {
548	sec_blob->SessionKey.MaximumLength = 0;	550	memcpy(tmp, ses->ntlmssp.ciphertext, CIFS_CPHTXT_SIZE);
		551	sec_blob->SessionKey.BufferOffset = cpu_to_le32(tmp - pbuffer);
		552	sec_blob->SessionKey.Length = cpu_to_le16(CIFS_CPHTXT_SIZE);
		553	sec_blob->SessionKey.MaximumLength =
		554	cpu_to_le16(CIFS_CPHTXT_SIZE);
		555	tmp += CIFS_CPHTXT_SIZE;
		556	} else {
		557	sec_blob->SessionKey.BufferOffset = cpu_to_le32(tmp - pbuffer);
		558	sec_blob->SessionKey.Length = 0;
		559	sec_blob->SessionKey.MaximumLength = 0;
		560	}
549		561
550	setup_ntlmv2_ret:	562	setup_ntlmv2_ret:
551	*buflen = tmp - pbuffer;	563	*buflen = tmp - pbuffer;