SMB3: Fix 3.11 encryption to Windows and handle encrypted smb3 tcon Temporarily disable AES-GCM, as AES-CCM is only currently enabled mechanism on client side. This fixes SMB3.11 encrypted mounts to Windows. Also the tree connect request itself should be encrypted if requested encryption ("seal" on mount), in addition we should be enabling encryption in 3.11 based on whether we got any valid encryption ciphers back in negprot (the corresponding session flag is not set as it is in 3.0 and 3.02) Signed-off-by: Steve French <smfrench@gmail.com> Reviewed-by: Pavel Shilovsky <pshilov@microsoft.com> Reviewed-by: Ronnie Sahlberg <lsahlber@redhat.com> CC: Stable <stable@vger.kernel.org>

commit: 23657ad7305ee8b263d27335abdd00917764c9cf [log] [tgz]
author: Steve French <stfrench@microsoft.com> Sun Apr 22 15:14:58 2018 -0500
committer: Steve French <stfrench@microsoft.com> Tue Apr 24 10:07:14 2018 -0500
tree: 2827d1147ef01e88692057e2be8f94d078260cc4
parent: 117e3b7fed552eba96ae0b3b92312fe8c5b0bfdd [diff] [blame]
diff --git a/fs/cifs/smb2pdu.h b/fs/cifs/smb2pdu.h
index 6093e51..d28f358 100644
--- a/fs/cifs/smb2pdu.h
+++ b/fs/cifs/smb2pdu.h

@@ -297,7 +297,7 @@ struct smb2_encryption_neg_context {
 	__le16	DataLength;
 	__le32	Reserved;
 	__le16	CipherCount; /* AES-128-GCM and AES-128-CCM */
-	__le16	Ciphers[2]; /* Ciphers[0] since only one used now */
+	__le16	Ciphers[1]; /* Ciphers[0] since only one used now */
 } __packed;
 
 struct smb2_negotiate_rsp {
commit	23657ad7305ee8b263d27335abdd00917764c9cf	[log] [tgz]
author	Steve French <stfrench@microsoft.com>	Sun Apr 22 15:14:58 2018 -0500
committer	Steve French <stfrench@microsoft.com>	Tue Apr 24 10:07:14 2018 -0500
tree	2827d1147ef01e88692057e2be8f94d078260cc4
parent	117e3b7fed552eba96ae0b3b92312fe8c5b0bfdd [diff] [blame]