diff options
author | Jeff Layton <jlayton@redhat.com> | 2013-05-26 07:00:59 -0400 |
---|---|---|
committer | Steve French <smfrench@gmail.com> | 2013-06-24 01:56:42 -0500 |
commit | e598d1d8fb512c7a4d86c729cdca30e87fe7cfc9 (patch) | |
tree | b55b7af7d1e6a701aee449239df1fe9f7f38ee50 /fs/cifs/cifssmb.c | |
parent | 515d82ffd0fe4a87d872c655a6e19a318770ea0c (diff) | |
download | linux-e598d1d8fb512c7a4d86c729cdca30e87fe7cfc9.tar.gz linux-e598d1d8fb512c7a4d86c729cdca30e87fe7cfc9.tar.bz2 linux-e598d1d8fb512c7a4d86c729cdca30e87fe7cfc9.zip |
cifs: track the flavor of the NEGOTIATE reponse
Track what sort of NEGOTIATE response we get from the server, as that
will govern what sort of authentication types this socket will support.
There are three possibilities:
LANMAN: server sent legacy LANMAN-type response
UNENCAP: server sent a newer-style response, but extended security bit
wasn't set. This socket will only support unencapsulated auth types.
EXTENDED: server sent a newer-style response with the extended security
bit set. This is necessary to support krb5 and ntlmssp auth types.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Reviewed-by: Pavel Shilovsky <piastry@etersoft.ru>
Signed-off-by: Steve French <smfrench@gmail.com>
Diffstat (limited to 'fs/cifs/cifssmb.c')
-rw-r--r-- | fs/cifs/cifssmb.c | 15 |
1 files changed, 10 insertions, 5 deletions
diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c index e63961086752..80ca6886a816 100644 --- a/fs/cifs/cifssmb.c +++ b/fs/cifs/cifssmb.c @@ -615,6 +615,7 @@ CIFSSMBNegotiate(const unsigned int xid, struct cifs_ses *ses) rc = -EOPNOTSUPP; goto neg_err_exit; } else if (pSMBr->hdr.WordCount == 13) { + server->negflavor = CIFS_NEGFLAVOR_LANMAN; rc = decode_lanman_negprot_rsp(server, pSMBr, secFlags); goto signing_check; } else if (pSMBr->hdr.WordCount != 17) { @@ -666,17 +667,21 @@ CIFSSMBNegotiate(const unsigned int xid, struct cifs_ses *ses) server->timeAdj = (int)(__s16)le16_to_cpu(pSMBr->ServerTimeZone); server->timeAdj *= 60; - if (pSMBr->EncryptionKeyLength == CIFS_CRYPTO_KEY_SIZE) + if (pSMBr->EncryptionKeyLength == CIFS_CRYPTO_KEY_SIZE) { + server->negflavor = CIFS_NEGFLAVOR_UNENCAP; memcpy(ses->server->cryptkey, pSMBr->u.EncryptionKey, CIFS_CRYPTO_KEY_SIZE); - else if ((pSMBr->hdr.Flags2 & SMBFLG2_EXT_SEC || + } else if ((pSMBr->hdr.Flags2 & SMBFLG2_EXT_SEC || server->capabilities & CAP_EXTENDED_SECURITY) && - (pSMBr->EncryptionKeyLength == 0)) + (pSMBr->EncryptionKeyLength == 0)) { + server->negflavor = CIFS_NEGFLAVOR_EXTENDED; rc = decode_ext_sec_blob(server, pSMBr); - else if (server->sec_mode & SECMODE_PW_ENCRYPT) + } else if (server->sec_mode & SECMODE_PW_ENCRYPT) { rc = -EIO; /* no crypt key only if plain text pwd */ - else + } else { + server->negflavor = CIFS_NEGFLAVOR_UNENCAP; server->capabilities &= ~CAP_EXTENDED_SECURITY; + } signing_check: if (!rc) |