tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
Fix extended security auth failure
Fix authentication failures using extended security mechanisms.
cifs client does not take into consideration extended security bit
in capabilities field in negotiate protocol response from the server.
Please refer to Samba bugzilla 8046.
Reported-and-tested by: Werner Maes <Werner.Maes@icts.kuleuven.be>
Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
+6
-11
+6
-11
fs/cifs/cifssmb.c
+6
-11
fs/cifs/cifssmb.c
···
571
571
if (pSMBr->EncryptionKeyLength == CIFS_CRYPTO_KEY_SIZE) {
572
572
memcpy(ses->server->cryptkey, pSMBr->u.EncryptionKey,
573
573
CIFS_CRYPTO_KEY_SIZE);
574
-
} else if ((pSMBr->hdr.Flags2 & SMBFLG2_EXT_SEC)
575
-
&& (pSMBr->EncryptionKeyLength == 0)) {
574
+
} else if ((pSMBr->hdr.Flags2 & SMBFLG2_EXT_SEC ||
575
+
server->capabilities & CAP_EXTENDED_SECURITY) &&
576
+
(pSMBr->EncryptionKeyLength == 0)) {
576
577
/* decode security blob */
577
-
} else if (server->secMode & SECMODE_PW_ENCRYPT) {
578
-
rc = -EIO; /* no crypt key only if plain text pwd */
579
-
goto neg_err_exit;
580
-
}
581
-
582
-
/* BB might be helpful to save off the domain of server here */
583
-
584
-
if ((pSMBr->hdr.Flags2 & SMBFLG2_EXT_SEC) &&
585
-
(server->capabilities & CAP_EXTENDED_SECURITY)) {
586
578
count = get_bcc(&pSMBr->hdr);
587
579
if (count < 16) {
588
580
rc = -EIO;
···
617
625
} else
618
626
rc = -EOPNOTSUPP;
619
627
}
628
+
} else if (server->secMode & SECMODE_PW_ENCRYPT) {
629
+
rc = -EIO; /* no crypt key only if plain text pwd */
630
+
goto neg_err_exit;
620
631
} else
621
632
server->capabilities &= ~CAP_EXTENDED_SECURITY;
622
633