diff options
| author | Shirish Pargaonkar <shirishpargaonkar@gmail.com> | 2011-07-10 07:55:32 -0400 |
|---|---|---|
| committer | Steve French <sfrench@us.ibm.com> | 2011-07-12 15:14:23 -0400 |
| commit | 62411ab2fe5f002dff27417630ddf02cc40ca404 (patch) | |
| tree | 0265e2d9cf87d4226ffe3ad909dd46eb6c079823 /fs | |
| parent | 620917de59eeb934b9f8cf35cc2d95c1ac8ed0fc (diff) | |
cifs: Fix signing failure when server mandates signing for NTLMSSP
When using NTLMSSP authentication mechanism, if server mandates
signing, keep the flags in type 3 messages of the NTLMSSP exchange
same as in type 1 messages (i.e. keep the indicated capabilities same).
Some of the servers such as Samba, expect the flags such as
Negotiate_Key_Exchange in type 3 message of NTLMSSP exchange as well.
Some servers like Windows do not.
https://bugzilla.samba.org/show_bug.cgi?id=8212
Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail>
Acked-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
Diffstat (limited to 'fs')
| -rw-r--r-- | fs/cifs/sess.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c index 3892ab817a36..d3e619692ee0 100644 --- a/fs/cifs/sess.c +++ b/fs/cifs/sess.c | |||
| @@ -428,8 +428,7 @@ static void build_ntlmssp_negotiate_blob(unsigned char *pbuffer, | |||
| 428 | (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED)) { | 428 | (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED)) { |
| 429 | flags |= NTLMSSP_NEGOTIATE_SIGN; | 429 | flags |= NTLMSSP_NEGOTIATE_SIGN; |
| 430 | if (!ses->server->session_estab) | 430 | if (!ses->server->session_estab) |
| 431 | flags |= NTLMSSP_NEGOTIATE_KEY_XCH | | 431 | flags |= NTLMSSP_NEGOTIATE_KEY_XCH; |
| 432 | NTLMSSP_NEGOTIATE_EXTENDED_SEC; | ||
| 433 | } | 432 | } |
| 434 | 433 | ||
| 435 | sec_blob->NegotiateFlags = cpu_to_le32(flags); | 434 | sec_blob->NegotiateFlags = cpu_to_le32(flags); |
| @@ -465,10 +464,11 @@ static int build_ntlmssp_auth_blob(unsigned char *pbuffer, | |||
| 465 | NTLMSSP_NEGOTIATE_128 | NTLMSSP_NEGOTIATE_UNICODE | | 464 | NTLMSSP_NEGOTIATE_128 | NTLMSSP_NEGOTIATE_UNICODE | |
| 466 | NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_EXTENDED_SEC; | 465 | NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_EXTENDED_SEC; |
| 467 | if (ses->server->sec_mode & | 466 | if (ses->server->sec_mode & |
| 468 | (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED)) | 467 | (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED)) { |
| 469 | flags |= NTLMSSP_NEGOTIATE_SIGN; | 468 | flags |= NTLMSSP_NEGOTIATE_SIGN; |
| 470 | if (ses->server->sec_mode & SECMODE_SIGN_REQUIRED) | 469 | if (!ses->server->session_estab) |
| 471 | flags |= NTLMSSP_NEGOTIATE_ALWAYS_SIGN; | 470 | flags |= NTLMSSP_NEGOTIATE_KEY_XCH; |
| 471 | } | ||
| 472 | 472 | ||
| 473 | tmp = pbuffer + sizeof(AUTHENTICATE_MESSAGE); | 473 | tmp = pbuffer + sizeof(AUTHENTICATE_MESSAGE); |
| 474 | sec_blob->NegotiateFlags = cpu_to_le32(flags); | 474 | sec_blob->NegotiateFlags = cpu_to_le32(flags); |