From bc20a9218a82b7d97bee37f0bc30bb71d512167d Mon Sep 17 00:00:00 2001 From: Steve French Date: Wed, 16 Aug 2023 23:18:54 -0500 Subject: [PATCH] smb3: do not set NTLMSSP_VERSION flag for negotiate not auth request BugLink: https://bugs.launchpad.net/bugs/2036450 The NTLMSSP_NEGOTIATE_VERSION flag only needs to be sent during the NTLMSSP NEGOTIATE (not the AUTH) request, so filter it out for NTLMSSP AUTH requests. See MS-NLMP 2.2.1.3 This fixes a problem found by the gssntlmssp server. Link: https://github.com/gssapi/gss-ntlmssp/issues/95 Fixes: 52d005337b2c ("smb3: send NTLMSSP version information") Acked-by: Roy Shterman Signed-off-by: Steve French Signed-off-by: Tim Gardner --- fs/cifs/sess.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c index 335c078c42fb..c57ca2050b73 100644 --- a/fs/cifs/sess.c +++ b/fs/cifs/sess.c @@ -1013,6 +1013,7 @@ int build_ntlmssp_smb3_negotiate_blob(unsigned char **pbuffer, } +/* See MS-NLMP 2.2.1.3 */ int build_ntlmssp_auth_blob(unsigned char **pbuffer, u16 *buflen, struct cifs_ses *ses, @@ -1047,7 +1048,8 @@ int build_ntlmssp_auth_blob(unsigned char **pbuffer, flags = ses->ntlmssp->server_flags | NTLMSSP_REQUEST_TARGET | NTLMSSP_NEGOTIATE_TARGET_INFO | NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED; - + /* we only send version information in ntlmssp negotiate, so do not set this flag */ + flags = flags & ~NTLMSSP_NEGOTIATE_VERSION; tmp = *pbuffer + sizeof(AUTHENTICATE_MESSAGE); sec_blob->NegotiateFlags = cpu_to_le32(flags);