Fix extended security auth failure

Fix authentication failures using extended security mechanisms.
cifs client does not take into consideration extended security bit
in capabilities field in negotiate protocol response from the server.

Please refer to Samba bugzilla 8046.

Reported-and-tested by: Werner Maes <Werner.Maes@icts.kuleuven.be>
Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>

diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c
index 19fd8158bb470351f326f456e857accf09295af7..fc9b5fa98efd8c54e5ac1529b39f3d484fef2c20 100644 (file)
--- a/fs/cifs/cifssmb.c
+++ b/fs/cifs/cifssmb.c
@@ -571,18 +571,10 @@ CIFSSMBNegotiate(unsigned int xid, struct cifsSesInfo *ses)
        if (pSMBr->EncryptionKeyLength == CIFS_CRYPTO_KEY_SIZE) {
                memcpy(ses->server->cryptkey, pSMBr->u.EncryptionKey,
                       CIFS_CRYPTO_KEY_SIZE);
-       } else if ((pSMBr->hdr.Flags2 & SMBFLG2_EXT_SEC)
-                       && (pSMBr->EncryptionKeyLength == 0)) {
+       } else if ((pSMBr->hdr.Flags2 & SMBFLG2_EXT_SEC ||
+                       server->capabilities & CAP_EXTENDED_SECURITY) &&
+                               (pSMBr->EncryptionKeyLength == 0)) {
                /* decode security blob */
-       } else if (server->secMode & SECMODE_PW_ENCRYPT) {
-               rc = -EIO; /* no crypt key only if plain text pwd */
-               goto neg_err_exit;
-       }
-
-       /* BB might be helpful to save off the domain of server here */
-
-       if ((pSMBr->hdr.Flags2 & SMBFLG2_EXT_SEC) &&
-               (server->capabilities & CAP_EXTENDED_SECURITY)) {
                count = get_bcc(&pSMBr->hdr);
                if (count < 16) {
                        rc = -EIO;
@@ -625,6 +617,9 @@ CIFSSMBNegotiate(unsigned int xid, struct cifsSesInfo *ses)
                        } else
                                        rc = -EOPNOTSUPP;
                }
+       } else if (server->secMode & SECMODE_PW_ENCRYPT) {
+               rc = -EIO; /* no crypt key only if plain text pwd */
+               goto neg_err_exit;
        } else
                server->capabilities &= ~CAP_EXTENDED_SECURITY;