From patchwork Wed Apr 6 13:46:06 2011 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Shirish Pargaonkar X-Patchwork-Id: 689861 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by demeter1.kernel.org (8.14.4/8.14.3) with ESMTP id p36Dgflx024376 for ; Wed, 6 Apr 2011 13:42:43 GMT Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755915Ab1DFNmk (ORCPT ); Wed, 6 Apr 2011 09:42:40 -0400 Received: from mail-iw0-f174.google.com ([209.85.214.174]:56652 "EHLO mail-iw0-f174.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755896Ab1DFNmj (ORCPT ); Wed, 6 Apr 2011 09:42:39 -0400 Received: by iwn34 with SMTP id 34so1443749iwn.19 for ; Wed, 06 Apr 2011 06:42:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:from:to:cc:subject:date:message-id:x-mailer; bh=SEZrMP3hI0lC7fdkK9dP+UMxYmN14FTZ2wpn26A26QY=; b=nwvuYbTCappwFfOZiyDSQcQz6v8noMyhWVnnkBLuoO+LUuqH2KMUUnG4FOfdHDF9KY OI0QU9stJV++ZAYBYuiDB1Kr0h8HLWXOiHkKhL61bRQMTfVFhtxnDZte/LIUeO8ZEVTN vy+F1RJ3+cwBdJdHtq2eQor3IsJR9xpHOtFPE= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=from:to:cc:subject:date:message-id:x-mailer; b=xPhQ74gcw2X1SF5COGz+hGeUQg+bpaUtPxAdvpV5zIc6GS38618cA8loAfbYEJA+fx IuyMiNPqWNeMDX76ncEWcf8BWunkXJlG69lqx9xvaC6FSmg/03p+7GVWelXZaEjDFkr+ 9vC+nib8+DvJSxYvFnqm54G6u64+bmCTaJjp0= Received: by 10.43.53.6 with SMTP id vo6mr1570629icb.387.1302097358786; Wed, 06 Apr 2011 06:42:38 -0700 (PDT) Received: from localhost ([32.97.110.58]) by mx.google.com with ESMTPS id wo11sm346498icb.20.2011.04.06.06.42.37 (version=TLSv1/SSLv3 cipher=OTHER); Wed, 06 Apr 2011 06:42:37 -0700 (PDT) From: shirishpargaonkar@gmail.com To: smfrench@gmail.com Cc: linux-cifs@vger.kernel.org, Shirish Pargaonkar Subject: [PATCH] cifs: Fix extended security auth failure Date: Wed, 6 Apr 2011 08:46:06 -0500 Message-Id: <1302097566-11576-1-git-send-email-shirishpargaonkar@gmail.com> X-Mailer: git-send-email 1.6.0.2 Sender: linux-cifs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-cifs@vger.kernel.org X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.2.6 (demeter1.kernel.org [140.211.167.41]); Wed, 06 Apr 2011 13:42:43 +0000 (UTC) From: Shirish Pargaonkar Fix authentication failures using extended security mechanisms. cifs client does not take into consideration extended security bit in capabilities field in negotiate protocol response from the server. Please refer to Samba bugzilla 8046. Reported-and-tested by: Werner Maes Signed-off-by: Shirish Pargaonkar --- fs/cifs/cifssmb.c | 17 ++++++----------- 1 files changed, 6 insertions(+), 11 deletions(-) diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c index 3291770..e119d70 100644 --- a/fs/cifs/cifssmb.c +++ b/fs/cifs/cifssmb.c @@ -570,18 +570,10 @@ CIFSSMBNegotiate(unsigned int xid, struct cifs_ses *ses) if (pSMBr->EncryptionKeyLength == CIFS_CRYPTO_KEY_SIZE) { memcpy(ses->server->cryptkey, pSMBr->u.EncryptionKey, CIFS_CRYPTO_KEY_SIZE); - } else if ((pSMBr->hdr.Flags2 & SMBFLG2_EXT_SEC) - && (pSMBr->EncryptionKeyLength == 0)) { + } else if ((pSMBr->hdr.Flags2 & SMBFLG2_EXT_SEC || + server->capabilities & CAP_EXTENDED_SECURITY) && + (pSMBr->EncryptionKeyLength == 0)) { /* decode security blob */ - } else if (server->sec_mode & SECMODE_PW_ENCRYPT) { - rc = -EIO; /* no crypt key only if plain text pwd */ - goto neg_err_exit; - } - - /* BB might be helpful to save off the domain of server here */ - - if ((pSMBr->hdr.Flags2 & SMBFLG2_EXT_SEC) && - (server->capabilities & CAP_EXTENDED_SECURITY)) { count = get_bcc(&pSMBr->hdr); if (count < 16) { rc = -EIO; @@ -624,6 +616,9 @@ CIFSSMBNegotiate(unsigned int xid, struct cifs_ses *ses) } else rc = -EOPNOTSUPP; } + } else if (server->sec_mode & SECMODE_PW_ENCRYPT) { + rc = -EIO; /* no crypt key only if plain text pwd */ + goto neg_err_exit; } else server->capabilities &= ~CAP_EXTENDED_SECURITY;