summaryrefslogtreecommitdiff
path: root/fs/cifs/smbfsctl.h
diff options
context:
space:
mode:
authorSteve French <smfrench@gmail.com>2013-11-19 23:44:46 -0600
committerJiri Slaby <jslaby@suse.cz>2014-06-27 10:25:18 +0200
commit16e57e5502a55b6a844d4a3de9b5cc2f8e41d3c8 (patch)
treeabbceb05ed551cea89c0b61d6c4be660c00afeb2 /fs/cifs/smbfsctl.h
parent3f8fd8ad48b66a4fc44f60cde0ea575155a45eff (diff)
Check SMB3 dialects against downgrade attacks
commit ff1c038addc4f205d5f1ede449426c7d316c0eed upstream. When we are running SMB3 or SMB3.02 connections which are signed we need to validate the protocol negotiation information, to ensure that the negotiate protocol response was not tampered with. Add the missing FSCTL which is sent at mount time (immediately after the SMB3 Tree Connect) to validate that the capabilities match what we think the server sent. "Secure dialect negotiation is introduced in SMB3 to protect against man-in-the-middle attempt to downgrade dialect negotiation. The idea is to prevent an eavesdropper from downgrading the initially negotiated dialect and capabilities between the client and the server." For more explanation see 2.2.31.4 of MS-SMB2 or http://blogs.msdn.com/b/openspecification/archive/2012/06/28/smb3-secure-dialect-negotiation.aspx Reviewed-by: Pavel Shilovsky <piastry@etersoft.ru> Signed-off-by: Steve French <smfrench@gmail.com> [ddiss@suse.de: backported atop kernel without clone_range support] Signed-off-by: David Disseldorp <ddiss@suse.de> Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Diffstat (limited to 'fs/cifs/smbfsctl.h')
-rw-r--r--fs/cifs/smbfsctl.h2
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/cifs/smbfsctl.h b/fs/cifs/smbfsctl.h
index a4b2391fe66e..0e538b5c9622 100644
--- a/fs/cifs/smbfsctl.h
+++ b/fs/cifs/smbfsctl.h
@@ -90,7 +90,7 @@
#define FSCTL_LMR_REQUEST_RESILIENCY 0x001401D4 /* BB add struct */
#define FSCTL_LMR_GET_LINK_TRACK_INF 0x001400E8 /* BB add struct */
#define FSCTL_LMR_SET_LINK_TRACK_INF 0x001400EC /* BB add struct */
-#define FSCTL_VALIDATE_NEGOTIATE_INFO 0x00140204 /* BB add struct */
+#define FSCTL_VALIDATE_NEGOTIATE_INFO 0x00140204
/* Perform server-side data movement */
#define FSCTL_SRV_COPYCHUNK 0x001440F2
#define FSCTL_SRV_COPYCHUNK_WRITE 0x001480F2