releases/4.6.1/fs-cifs-correctly-to-anonymous-authentication-for-the-lanman-authentication.patch

   1 From fa8f3a354bb775ec586e4475bcb07f7dece97e0c Mon Sep 17 00:00:00 2001
   2 From: Stefan Metzmacher <metze@samba.org>
   3 Date: Tue, 3 May 2016 10:52:30 +0200
   4 Subject: fs/cifs: correctly to anonymous authentication for the LANMAN authentication
   5
   6 From: Stefan Metzmacher <metze@samba.org>
   7
   8 commit fa8f3a354bb775ec586e4475bcb07f7dece97e0c upstream.
   9
  10 Only server which map unknown users to guest will allow
  11 access using a non-null LMChallengeResponse.
  12
  13 For Samba it's the "map to guest = bad user" option.
  14
  15 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11913
  16
  17 Signed-off-by: Stefan Metzmacher <metze@samba.org>
  18 Signed-off-by: Steve French <smfrench@gmail.com>
  19 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  20
  21 ---
  22  fs/cifs/sess.c |   28 ++++++++++++++++------------
  23  1 file changed, 16 insertions(+), 12 deletions(-)
  24
  25 --- a/fs/cifs/sess.c
  26 +++ b/fs/cifs/sess.c
  27 @@ -678,20 +678,24 @@ sess_auth_lanman(struct sess_data *sess_
  28
  29         pSMB->req.hdr.Flags2 &= ~SMBFLG2_UNICODE;
  30
  31 -       /* no capabilities flags in old lanman negotiation */
  32 -       pSMB->old_req.PasswordLength = cpu_to_le16(CIFS_AUTH_RESP_SIZE);
  33 +       if (ses->user_name != NULL) {
  34 +               /* no capabilities flags in old lanman negotiation */
  35 +               pSMB->old_req.PasswordLength = cpu_to_le16(CIFS_AUTH_RESP_SIZE);
  36
  37 -       /* Calculate hash with password and copy into bcc_ptr.
  38 -        * Encryption Key (stored as in cryptkey) gets used if the
  39 -        * security mode bit in Negottiate Protocol response states
  40 -        * to use challenge/response method (i.e. Password bit is 1).
  41 -        */
  42 -       rc = calc_lanman_hash(ses->password, ses->server->cryptkey,
  43 -                             ses->server->sec_mode & SECMODE_PW_ENCRYPT ?
  44 -                             true : false, lnm_session_key);
  45 +               /* Calculate hash with password and copy into bcc_ptr.
  46 +                * Encryption Key (stored as in cryptkey) gets used if the
  47 +                * security mode bit in Negottiate Protocol response states
  48 +                * to use challenge/response method (i.e. Password bit is 1).
  49 +                */
  50 +               rc = calc_lanman_hash(ses->password, ses->server->cryptkey,
  51 +                                     ses->server->sec_mode & SECMODE_PW_ENCRYPT ?
  52 +                                     true : false, lnm_session_key);
  53
  54 -       memcpy(bcc_ptr, (char *)lnm_session_key, CIFS_AUTH_RESP_SIZE);
  55 -       bcc_ptr += CIFS_AUTH_RESP_SIZE;
  56 +               memcpy(bcc_ptr, (char *)lnm_session_key, CIFS_AUTH_RESP_SIZE);
  57 +               bcc_ptr += CIFS_AUTH_RESP_SIZE;
  58 +       } else {
  59 +               pSMB->old_req.PasswordLength = 0;
  60 +       }
  61
  62         /*
  63          * can not sign if LANMAN negotiated so no need