summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSteve French <smfrench@gmail.com>2013-06-25 22:33:41 +0200
committerSteve French <smfrench@gmail.com>2013-06-27 00:31:50 +0200
commit5d875cc928aa7c95c8c1e89497a9a644f32213d4 (patch)
treea336203c4ab0b60aea478d2beb67a0057ba8f7fa
parentHandle big endianness in NTLM (ntlmv2) authentication (diff)
downloadlinux-5d875cc928aa7c95c8c1e89497a9a644f32213d4.tar.xz
linux-5d875cc928aa7c95c8c1e89497a9a644f32213d4.zip
When server doesn't provide SecurityBuffer on SMB2Negotiate pick default
According to MS-SMB2 section 2.2.4: if no blob, client picks default which for us will be ses->sectype = RawNTLMSSP; but for time being this is also our only auth choice so doesn't matter as long as we include this fix (which does not treat the empty SecurityBuffer as an error as the code had been doing). We just found a server which sets blob length to zero expecting raw so this fixes negotiation with that server. Signed-off-by: Steve French <smfrench@gmail.com>
-rw-r--r--fs/cifs/smb2pdu.c18
1 files changed, 11 insertions, 7 deletions
diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c
index c0d102615d0a..f9b74daf962a 100644
--- a/fs/cifs/smb2pdu.c
+++ b/fs/cifs/smb2pdu.c
@@ -416,18 +416,22 @@ SMB2_negotiate(const unsigned int xid, struct cifs_ses *ses)
security_blob = smb2_get_data_area_len(&blob_offset, &blob_length,
&rsp->hdr);
- if (blob_length == 0) {
- cifs_dbg(VFS, "missing security blob on negprot\n");
- rc = -EIO;
- goto neg_exit;
- }
+ /*
+ * See MS-SMB2 section 2.2.4: if no blob, client picks default which
+ * for us will be
+ * ses->sectype = RawNTLMSSP;
+ * but for time being this is our only auth choice so doesn't matter.
+ * We just found a server which sets blob length to zero expecting raw.
+ */
+ if (blob_length == 0)
+ cifs_dbg(FYI, "missing security blob on negprot\n");
rc = cifs_enable_signing(server, ses->sign);
#ifdef CONFIG_SMB2_ASN1 /* BB REMOVEME when updated asn1.c ready */
if (rc)
goto neg_exit;
-
- rc = decode_neg_token_init(security_blob, blob_length,
+ if (blob_length)
+ rc = decode_neg_token_init(security_blob, blob_length,
&server->sec_type);
if (rc == 1)
rc = 0;