mirror of
https://mirrors.bfsu.edu.cn/git/linux.git
synced 2024-12-05 10:04:12 +08:00
Fix extended security auth failure
Fix authentication failures using extended security mechanisms. cifs client does not take into consideration extended security bit in capabilities field in negotiate protocol response from the server. Please refer to Samba bugzilla 8046. Reported-and-tested by: Werner Maes <Werner.Maes@icts.kuleuven.be> Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
This commit is contained in:
parent
d4ffff1fa9
commit
07cc6cf9ef
@ -571,18 +571,10 @@ CIFSSMBNegotiate(unsigned int xid, struct cifsSesInfo *ses)
|
||||
if (pSMBr->EncryptionKeyLength == CIFS_CRYPTO_KEY_SIZE) {
|
||||
memcpy(ses->server->cryptkey, pSMBr->u.EncryptionKey,
|
||||
CIFS_CRYPTO_KEY_SIZE);
|
||||
} else if ((pSMBr->hdr.Flags2 & SMBFLG2_EXT_SEC)
|
||||
&& (pSMBr->EncryptionKeyLength == 0)) {
|
||||
} else if ((pSMBr->hdr.Flags2 & SMBFLG2_EXT_SEC ||
|
||||
server->capabilities & CAP_EXTENDED_SECURITY) &&
|
||||
(pSMBr->EncryptionKeyLength == 0)) {
|
||||
/* decode security blob */
|
||||
} else if (server->secMode & SECMODE_PW_ENCRYPT) {
|
||||
rc = -EIO; /* no crypt key only if plain text pwd */
|
||||
goto neg_err_exit;
|
||||
}
|
||||
|
||||
/* BB might be helpful to save off the domain of server here */
|
||||
|
||||
if ((pSMBr->hdr.Flags2 & SMBFLG2_EXT_SEC) &&
|
||||
(server->capabilities & CAP_EXTENDED_SECURITY)) {
|
||||
count = get_bcc(&pSMBr->hdr);
|
||||
if (count < 16) {
|
||||
rc = -EIO;
|
||||
@ -625,6 +617,9 @@ CIFSSMBNegotiate(unsigned int xid, struct cifsSesInfo *ses)
|
||||
} else
|
||||
rc = -EOPNOTSUPP;
|
||||
}
|
||||
} else if (server->secMode & SECMODE_PW_ENCRYPT) {
|
||||
rc = -EIO; /* no crypt key only if plain text pwd */
|
||||
goto neg_err_exit;
|
||||
} else
|
||||
server->capabilities &= ~CAP_EXTENDED_SECURITY;
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user