From 07cc6cf9ef84bcf6a60ee513332bcb0ad5d628d8 Mon Sep 17 00:00:00 2001 From: Steve French Date: Fri, 27 May 2011 04:12:29 +0000 Subject: [PATCH] Fix extended security auth failure Fix authentication failures using extended security mechanisms. cifs client does not take into consideration extended security bit in capabilities field in negotiate protocol response from the server. Please refer to Samba bugzilla 8046. Reported-and-tested by: Werner Maes Signed-off-by: Shirish Pargaonkar Signed-off-by: Steve French --- fs/cifs/cifssmb.c | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-) diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c index 19fd8158bb47..fc9b5fa98efd 100644 --- a/fs/cifs/cifssmb.c +++ b/fs/cifs/cifssmb.c @@ -571,18 +571,10 @@ CIFSSMBNegotiate(unsigned int xid, struct cifsSesInfo *ses) if (pSMBr->EncryptionKeyLength == CIFS_CRYPTO_KEY_SIZE) { memcpy(ses->server->cryptkey, pSMBr->u.EncryptionKey, CIFS_CRYPTO_KEY_SIZE); - } else if ((pSMBr->hdr.Flags2 & SMBFLG2_EXT_SEC) - && (pSMBr->EncryptionKeyLength == 0)) { + } else if ((pSMBr->hdr.Flags2 & SMBFLG2_EXT_SEC || + server->capabilities & CAP_EXTENDED_SECURITY) && + (pSMBr->EncryptionKeyLength == 0)) { /* decode security blob */ - } else if (server->secMode & SECMODE_PW_ENCRYPT) { - rc = -EIO; /* no crypt key only if plain text pwd */ - goto neg_err_exit; - } - - /* BB might be helpful to save off the domain of server here */ - - if ((pSMBr->hdr.Flags2 & SMBFLG2_EXT_SEC) && - (server->capabilities & CAP_EXTENDED_SECURITY)) { count = get_bcc(&pSMBr->hdr); if (count < 16) { rc = -EIO; @@ -625,6 +617,9 @@ CIFSSMBNegotiate(unsigned int xid, struct cifsSesInfo *ses) } else rc = -EOPNOTSUPP; } + } else if (server->secMode & SECMODE_PW_ENCRYPT) { + rc = -EIO; /* no crypt key only if plain text pwd */ + goto neg_err_exit; } else server->capabilities &= ~CAP_EXTENDED_SECURITY; -- GitLab