summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSteve French <sfrench@us.ibm.com>2011-05-27 04:12:29 +0000
committerSteve French <sfrench@us.ibm.com>2011-05-27 04:21:29 +0000
commit07cc6cf9ef84bcf6a60ee513332bcb0ad5d628d8 (patch)
treef293d656be1875ebc1d1ff6aa84c2a356c23b891
parentd4ffff1fa9695c5b5c0bf337e208d8833b88ff2d (diff)
Fix extended security auth failure
Fix authentication failures using extended security mechanisms. cifs client does not take into consideration extended security bit in capabilities field in negotiate protocol response from the server. Please refer to Samba bugzilla 8046. Reported-and-tested by: Werner Maes <Werner.Maes@icts.kuleuven.be> Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
-rw-r--r--fs/cifs/cifssmb.c17
1 files changed, 6 insertions, 11 deletions
diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c
index 19fd8158bb4..fc9b5fa98ef 100644
--- a/fs/cifs/cifssmb.c
+++ b/fs/cifs/cifssmb.c
@@ -571,18 +571,10 @@ CIFSSMBNegotiate(unsigned int xid, struct cifsSesInfo *ses)
if (pSMBr->EncryptionKeyLength == CIFS_CRYPTO_KEY_SIZE) {
memcpy(ses->server->cryptkey, pSMBr->u.EncryptionKey,
CIFS_CRYPTO_KEY_SIZE);
- } else if ((pSMBr->hdr.Flags2 & SMBFLG2_EXT_SEC)
- && (pSMBr->EncryptionKeyLength == 0)) {
+ } else if ((pSMBr->hdr.Flags2 & SMBFLG2_EXT_SEC ||
+ server->capabilities & CAP_EXTENDED_SECURITY) &&
+ (pSMBr->EncryptionKeyLength == 0)) {
/* decode security blob */
- } else if (server->secMode & SECMODE_PW_ENCRYPT) {
- rc = -EIO; /* no crypt key only if plain text pwd */
- goto neg_err_exit;
- }
-
- /* BB might be helpful to save off the domain of server here */
-
- if ((pSMBr->hdr.Flags2 & SMBFLG2_EXT_SEC) &&
- (server->capabilities & CAP_EXTENDED_SECURITY)) {
count = get_bcc(&pSMBr->hdr);
if (count < 16) {
rc = -EIO;
@@ -625,6 +617,9 @@ CIFSSMBNegotiate(unsigned int xid, struct cifsSesInfo *ses)
} else
rc = -EOPNOTSUPP;
}
+ } else if (server->secMode & SECMODE_PW_ENCRYPT) {
+ rc = -EIO; /* no crypt key only if plain text pwd */
+ goto neg_err_exit;
} else
server->capabilities &= ~CAP_EXTENDED_SECURITY;