aboutsummaryrefslogtreecommitdiffstats
path: root/fs/cifs
diff options
context:
space:
mode:
authorSteve French <sfrench@us.ibm.com>2011-05-27 00:12:29 -0400
committerSteve French <sfrench@us.ibm.com>2011-05-27 00:21:29 -0400
commit07cc6cf9ef84bcf6a60ee513332bcb0ad5d628d8 (patch)
treef293d656be1875ebc1d1ff6aa84c2a356c23b891 /fs/cifs
parentd4ffff1fa9695c5b5c0bf337e208d8833b88ff2d (diff)
Fix extended security auth failure
Fix authentication failures using extended security mechanisms. cifs client does not take into consideration extended security bit in capabilities field in negotiate protocol response from the server. Please refer to Samba bugzilla 8046. Reported-and-tested by: Werner Maes <Werner.Maes@icts.kuleuven.be> Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
Diffstat (limited to 'fs/cifs')
-rw-r--r--fs/cifs/cifssmb.c17
1 files changed, 6 insertions, 11 deletions
diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c
index 19fd8158bb47..fc9b5fa98efd 100644
--- a/fs/cifs/cifssmb.c
+++ b/fs/cifs/cifssmb.c
@@ -571,18 +571,10 @@ CIFSSMBNegotiate(unsigned int xid, struct cifsSesInfo *ses)
571 if (pSMBr->EncryptionKeyLength == CIFS_CRYPTO_KEY_SIZE) { 571 if (pSMBr->EncryptionKeyLength == CIFS_CRYPTO_KEY_SIZE) {
572 memcpy(ses->server->cryptkey, pSMBr->u.EncryptionKey, 572 memcpy(ses->server->cryptkey, pSMBr->u.EncryptionKey,
573 CIFS_CRYPTO_KEY_SIZE); 573 CIFS_CRYPTO_KEY_SIZE);
574 } else if ((pSMBr->hdr.Flags2 & SMBFLG2_EXT_SEC) 574 } else if ((pSMBr->hdr.Flags2 & SMBFLG2_EXT_SEC ||
575 && (pSMBr->EncryptionKeyLength == 0)) { 575 server->capabilities & CAP_EXTENDED_SECURITY) &&
576 (pSMBr->EncryptionKeyLength == 0)) {
576 /* decode security blob */ 577 /* decode security blob */
577 } else if (server->secMode & SECMODE_PW_ENCRYPT) {
578 rc = -EIO; /* no crypt key only if plain text pwd */
579 goto neg_err_exit;
580 }
581
582 /* BB might be helpful to save off the domain of server here */
583
584 if ((pSMBr->hdr.Flags2 & SMBFLG2_EXT_SEC) &&
585 (server->capabilities & CAP_EXTENDED_SECURITY)) {
586 count = get_bcc(&pSMBr->hdr); 578 count = get_bcc(&pSMBr->hdr);
587 if (count < 16) { 579 if (count < 16) {
588 rc = -EIO; 580 rc = -EIO;
@@ -625,6 +617,9 @@ CIFSSMBNegotiate(unsigned int xid, struct cifsSesInfo *ses)
625 } else 617 } else
626 rc = -EOPNOTSUPP; 618 rc = -EOPNOTSUPP;
627 } 619 }
620 } else if (server->secMode & SECMODE_PW_ENCRYPT) {
621 rc = -EIO; /* no crypt key only if plain text pwd */
622 goto neg_err_exit;
628 } else 623 } else
629 server->capabilities &= ~CAP_EXTENDED_SECURITY; 624 server->capabilities &= ~CAP_EXTENDED_SECURITY;
630 625