diff mbox

Set UID in sess_auth_rawntlmssp_authenticate too

Message ID 1417609596-23002-1-git-send-email-sprabhu@redhat.com (mailing list archive)
State New, archived
Headers show

Commit Message

Sachin Prabhu Dec. 3, 2014, 12:26 p.m. UTC
A user complained that they were unable to login to their cifs share
after a kernel update. From the wiretrace we can see that the server
returns different UIDs as response to NTLMSSP_NEGOTIATE and NTLMSSP_AUTH
phases.

With changes in the authentication code, we no longer set the
cifs_sess->Suid returned in response to the NTLM_AUTH phase and continue
to use the UID sent in response to the NTLMSSP_NEGOTIATE phase. This
results in the server denying access to the user when the user attempts
to do a tcon connect.

A test kernel containing patch was tested successfully by the user.

Signed-off-by: Sachin Prabhu <sprabhu@redhat.com>
---
 fs/cifs/sess.c | 5 +++++
 1 file changed, 5 insertions(+)

Comments

Shirish Pargaonkar Dec. 8, 2014, 12:42 p.m. UTC | #1
Acked-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>

On Wed, Dec 3, 2014 at 6:26 AM, Sachin Prabhu <sprabhu@redhat.com> wrote:
> A user complained that they were unable to login to their cifs share
> after a kernel update. From the wiretrace we can see that the server
> returns different UIDs as response to NTLMSSP_NEGOTIATE and NTLMSSP_AUTH
> phases.
>
> With changes in the authentication code, we no longer set the
> cifs_sess->Suid returned in response to the NTLM_AUTH phase and continue
> to use the UID sent in response to the NTLMSSP_NEGOTIATE phase. This
> results in the server denying access to the user when the user attempts
> to do a tcon connect.
>
> A test kernel containing patch was tested successfully by the user.
>
> Signed-off-by: Sachin Prabhu <sprabhu@redhat.com>
> ---
>  fs/cifs/sess.c | 5 +++++
>  1 file changed, 5 insertions(+)
>
> diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c
> index 57db63f..446cb7f 100644
> --- a/fs/cifs/sess.c
> +++ b/fs/cifs/sess.c
> @@ -1303,6 +1303,11 @@ sess_auth_rawntlmssp_authenticate(struct sess_data *sess_data)
>         if (le16_to_cpu(pSMB->resp.Action) & GUEST_LOGIN)
>                 cifs_dbg(FYI, "Guest login\n"); /* BB mark SesInfo struct? */
>
> +       if (ses->Suid != smb_buf->Uid) {
> +               ses->Suid = smb_buf->Uid;
> +               cifs_dbg(FYI, "UID changed! new UID = %llu\n", ses->Suid);
> +       }
> +
>         bytes_remaining = get_bcc(smb_buf);
>         bcc_ptr = pByteArea(smb_buf);
>         blob_len = le16_to_cpu(pSMB->resp.SecurityBlobLength);
> --
> 2.1.0
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-cifs" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe linux-cifs" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
diff mbox

Patch

diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c
index 57db63f..446cb7f 100644
--- a/fs/cifs/sess.c
+++ b/fs/cifs/sess.c
@@ -1303,6 +1303,11 @@  sess_auth_rawntlmssp_authenticate(struct sess_data *sess_data)
 	if (le16_to_cpu(pSMB->resp.Action) & GUEST_LOGIN)
 		cifs_dbg(FYI, "Guest login\n"); /* BB mark SesInfo struct? */
 
+	if (ses->Suid != smb_buf->Uid) {
+		ses->Suid = smb_buf->Uid;
+		cifs_dbg(FYI, "UID changed! new UID = %llu\n", ses->Suid);
+	}
+
 	bytes_remaining = get_bcc(smb_buf);
 	bcc_ptr = pByteArea(smb_buf);
 	blob_len = le16_to_cpu(pSMB->resp.SecurityBlobLength);