diff options
Diffstat (limited to 'fs/cifs/sess.c')
| -rw-r--r-- | fs/cifs/sess.c | 17 |
1 files changed, 15 insertions, 2 deletions
diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c index ed150efbe27c..2851d5da0c8c 100644 --- a/fs/cifs/sess.c +++ b/fs/cifs/sess.c | |||
| @@ -409,6 +409,8 @@ CIFS_SessSetup(unsigned int xid, struct cifsSesInfo *ses, int first_time, | |||
| 409 | #ifdef CONFIG_CIFS_WEAK_PW_HASH | 409 | #ifdef CONFIG_CIFS_WEAK_PW_HASH |
| 410 | char lnm_session_key[CIFS_SESS_KEY_SIZE]; | 410 | char lnm_session_key[CIFS_SESS_KEY_SIZE]; |
| 411 | 411 | ||
| 412 | pSMB->req.hdr.Flags2 &= ~SMBFLG2_UNICODE; | ||
| 413 | |||
| 412 | /* no capabilities flags in old lanman negotiation */ | 414 | /* no capabilities flags in old lanman negotiation */ |
| 413 | 415 | ||
| 414 | pSMB->old_req.PasswordLength = cpu_to_le16(CIFS_SESS_KEY_SIZE); | 416 | pSMB->old_req.PasswordLength = cpu_to_le16(CIFS_SESS_KEY_SIZE); |
| @@ -505,7 +507,7 @@ CIFS_SessSetup(unsigned int xid, struct cifsSesInfo *ses, int first_time, | |||
| 505 | unicode_ssetup_strings(&bcc_ptr, ses, nls_cp); | 507 | unicode_ssetup_strings(&bcc_ptr, ses, nls_cp); |
| 506 | } else | 508 | } else |
| 507 | ascii_ssetup_strings(&bcc_ptr, ses, nls_cp); | 509 | ascii_ssetup_strings(&bcc_ptr, ses, nls_cp); |
| 508 | } else if (type == Kerberos) { | 510 | } else if (type == Kerberos || type == MSKerberos) { |
| 509 | #ifdef CONFIG_CIFS_UPCALL | 511 | #ifdef CONFIG_CIFS_UPCALL |
| 510 | struct cifs_spnego_msg *msg; | 512 | struct cifs_spnego_msg *msg; |
| 511 | spnego_key = cifs_get_spnego_key(ses); | 513 | spnego_key = cifs_get_spnego_key(ses); |
| @@ -516,6 +518,15 @@ CIFS_SessSetup(unsigned int xid, struct cifsSesInfo *ses, int first_time, | |||
| 516 | } | 518 | } |
| 517 | 519 | ||
| 518 | msg = spnego_key->payload.data; | 520 | msg = spnego_key->payload.data; |
| 521 | /* check version field to make sure that cifs.upcall is | ||
| 522 | sending us a response in an expected form */ | ||
| 523 | if (msg->version != CIFS_SPNEGO_UPCALL_VERSION) { | ||
| 524 | cERROR(1, ("incorrect version of cifs.upcall (expected" | ||
| 525 | " %d but got %d)", | ||
| 526 | CIFS_SPNEGO_UPCALL_VERSION, msg->version)); | ||
| 527 | rc = -EKEYREJECTED; | ||
| 528 | goto ssetup_exit; | ||
| 529 | } | ||
| 519 | /* bail out if key is too long */ | 530 | /* bail out if key is too long */ |
| 520 | if (msg->sesskey_len > | 531 | if (msg->sesskey_len > |
| 521 | sizeof(ses->server->mac_signing_key.data.krb5)) { | 532 | sizeof(ses->server->mac_signing_key.data.krb5)) { |
| @@ -613,8 +624,10 @@ CIFS_SessSetup(unsigned int xid, struct cifsSesInfo *ses, int first_time, | |||
| 613 | ses, nls_cp); | 624 | ses, nls_cp); |
| 614 | 625 | ||
| 615 | ssetup_exit: | 626 | ssetup_exit: |
| 616 | if (spnego_key) | 627 | if (spnego_key) { |
| 628 | key_revoke(spnego_key); | ||
| 617 | key_put(spnego_key); | 629 | key_put(spnego_key); |
| 630 | } | ||
| 618 | kfree(str_area); | 631 | kfree(str_area); |
| 619 | if (resp_buf_type == CIFS_SMALL_BUFFER) { | 632 | if (resp_buf_type == CIFS_SMALL_BUFFER) { |
| 620 | cFYI(1, ("ssetup freeing small buf %p", iov[0].iov_base)); | 633 | cFYI(1, ("ssetup freeing small buf %p", iov[0].iov_base)); |