From e598d1d8fb512c7a4d86c729cdca30e87fe7cfc9 Mon Sep 17 00:00:00 2001 From: Jeff Layton Date: Sun, 26 May 2013 07:00:59 -0400 Subject: cifs: track the flavor of the NEGOTIATE reponse Track what sort of NEGOTIATE response we get from the server, as that will govern what sort of authentication types this socket will support. There are three possibilities: LANMAN: server sent legacy LANMAN-type response UNENCAP: server sent a newer-style response, but extended security bit wasn't set. This socket will only support unencapsulated auth types. EXTENDED: server sent a newer-style response with the extended security bit set. This is necessary to support krb5 and ntlmssp auth types. Signed-off-by: Jeff Layton Reviewed-by: Pavel Shilovsky Signed-off-by: Steve French --- fs/cifs/cifssmb.c | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) (limited to 'fs/cifs/cifssmb.c') diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c index e6396108675..80ca6886a81 100644 --- a/fs/cifs/cifssmb.c +++ b/fs/cifs/cifssmb.c @@ -615,6 +615,7 @@ CIFSSMBNegotiate(const unsigned int xid, struct cifs_ses *ses) rc = -EOPNOTSUPP; goto neg_err_exit; } else if (pSMBr->hdr.WordCount == 13) { + server->negflavor = CIFS_NEGFLAVOR_LANMAN; rc = decode_lanman_negprot_rsp(server, pSMBr, secFlags); goto signing_check; } else if (pSMBr->hdr.WordCount != 17) { @@ -666,17 +667,21 @@ CIFSSMBNegotiate(const unsigned int xid, struct cifs_ses *ses) server->timeAdj = (int)(__s16)le16_to_cpu(pSMBr->ServerTimeZone); server->timeAdj *= 60; - if (pSMBr->EncryptionKeyLength == CIFS_CRYPTO_KEY_SIZE) + if (pSMBr->EncryptionKeyLength == CIFS_CRYPTO_KEY_SIZE) { + server->negflavor = CIFS_NEGFLAVOR_UNENCAP; memcpy(ses->server->cryptkey, pSMBr->u.EncryptionKey, CIFS_CRYPTO_KEY_SIZE); - else if ((pSMBr->hdr.Flags2 & SMBFLG2_EXT_SEC || + } else if ((pSMBr->hdr.Flags2 & SMBFLG2_EXT_SEC || server->capabilities & CAP_EXTENDED_SECURITY) && - (pSMBr->EncryptionKeyLength == 0)) + (pSMBr->EncryptionKeyLength == 0)) { + server->negflavor = CIFS_NEGFLAVOR_EXTENDED; rc = decode_ext_sec_blob(server, pSMBr); - else if (server->sec_mode & SECMODE_PW_ENCRYPT) + } else if (server->sec_mode & SECMODE_PW_ENCRYPT) { rc = -EIO; /* no crypt key only if plain text pwd */ - else + } else { + server->negflavor = CIFS_NEGFLAVOR_UNENCAP; server->capabilities &= ~CAP_EXTENDED_SECURITY; + } signing_check: if (!rc) -- cgit v1.2.3-70-g09d2