From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Stefan Metzmacher <metze@samba.org>,
Steve French <smfrench@gmail.com>
Subject: [PATCH 3.14 04/20] fs/cifs: correctly to anonymous authentication via NTLMSSP
Date: Mon, 30 May 2016 13:49:35 -0700 [thread overview]
Message-ID: <20160530204934.477474669@linuxfoundation.org> (raw)
In-Reply-To: <20160530204934.262210466@linuxfoundation.org>
3.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Stefan Metzmacher <metze@samba.org>
commit cfda35d98298131bf38fbad3ce4cd5ecb3cf18db upstream.
See [MS-NLMP] 3.2.5.1.2 Server Receives an AUTHENTICATE_MESSAGE from the Client:
...
Set NullSession to FALSE
If (AUTHENTICATE_MESSAGE.UserNameLen == 0 AND
AUTHENTICATE_MESSAGE.NtChallengeResponse.Length == 0 AND
(AUTHENTICATE_MESSAGE.LmChallengeResponse == Z(1)
OR
AUTHENTICATE_MESSAGE.LmChallengeResponse.Length == 0))
-- Special case: client requested anonymous authentication
Set NullSession to TRUE
...
Only server which map unknown users to guest will allow
access using a non-null NTChallengeResponse.
For Samba it's the "map to guest = bad user" option.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11913
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Steve French <smfrench@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/cifs/sess.c | 32 ++++++++++++++++++++------------
1 file changed, 20 insertions(+), 12 deletions(-)
--- a/fs/cifs/sess.c
+++ b/fs/cifs/sess.c
@@ -399,19 +399,27 @@ int build_ntlmssp_auth_blob(unsigned cha
sec_blob->LmChallengeResponse.MaximumLength = 0;
sec_blob->NtChallengeResponse.BufferOffset = cpu_to_le32(tmp - pbuffer);
- rc = setup_ntlmv2_rsp(ses, nls_cp);
- if (rc) {
- cifs_dbg(VFS, "Error %d during NTLMSSP authentication\n", rc);
- goto setup_ntlmv2_ret;
- }
- memcpy(tmp, ses->auth_key.response + CIFS_SESS_KEY_SIZE,
- ses->auth_key.len - CIFS_SESS_KEY_SIZE);
- tmp += ses->auth_key.len - CIFS_SESS_KEY_SIZE;
+ if (ses->user_name != NULL) {
+ rc = setup_ntlmv2_rsp(ses, nls_cp);
+ if (rc) {
+ cifs_dbg(VFS, "Error %d during NTLMSSP authentication\n", rc);
+ goto setup_ntlmv2_ret;
+ }
+ memcpy(tmp, ses->auth_key.response + CIFS_SESS_KEY_SIZE,
+ ses->auth_key.len - CIFS_SESS_KEY_SIZE);
+ tmp += ses->auth_key.len - CIFS_SESS_KEY_SIZE;
- sec_blob->NtChallengeResponse.Length =
- cpu_to_le16(ses->auth_key.len - CIFS_SESS_KEY_SIZE);
- sec_blob->NtChallengeResponse.MaximumLength =
- cpu_to_le16(ses->auth_key.len - CIFS_SESS_KEY_SIZE);
+ sec_blob->NtChallengeResponse.Length =
+ cpu_to_le16(ses->auth_key.len - CIFS_SESS_KEY_SIZE);
+ sec_blob->NtChallengeResponse.MaximumLength =
+ cpu_to_le16(ses->auth_key.len - CIFS_SESS_KEY_SIZE);
+ } else {
+ /*
+ * don't send an NT Response for anonymous access
+ */
+ sec_blob->NtChallengeResponse.Length = 0;
+ sec_blob->NtChallengeResponse.MaximumLength = 0;
+ }
if (ses->domainName == NULL) {
sec_blob->DomainName.BufferOffset = cpu_to_le32(tmp - pbuffer);
next prev parent reply other threads:[~2016-05-30 22:10 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-05-30 20:49 [PATCH 3.14 00/20] 3.14.71-stable review Greg Kroah-Hartman
2016-05-30 20:49 ` [PATCH 3.14 01/20] Btrfs: dont use src fd for printk Greg Kroah-Hartman
2016-05-30 20:49 ` [PATCH 3.14 02/20] arm/arm64: KVM: Enforce Break-Before-Make on Stage-2 page tables Greg Kroah-Hartman
2016-05-30 20:49 ` [PATCH 3.14 03/20] remove directory incorrectly tries to set delete on close on non-empty directories Greg Kroah-Hartman
2016-05-30 20:49 ` Greg Kroah-Hartman [this message]
2016-05-30 20:49 ` [PATCH 3.14 05/20] ring-buffer: Use long for nr_pages to avoid overflow failures Greg Kroah-Hartman
2016-05-30 20:49 ` [PATCH 3.14 06/20] ring-buffer: Prevent overflow of size in ring_buffer_resize() Greg Kroah-Hartman
2016-05-30 20:49 ` [PATCH 3.14 07/20] crypto: caam - fix caam_jr_alloc() ret code Greg Kroah-Hartman
2016-05-30 20:49 ` [PATCH 3.14 08/20] mfd: omap-usb-tll: Fix scheduling while atomic BUG Greg Kroah-Hartman
2016-05-30 20:49 ` [PATCH 3.14 09/20] mmc: mmc: Fix partition switch timeout for some eMMCs Greg Kroah-Hartman
2016-05-30 20:49 ` [PATCH 3.14 10/20] ACPI / osi: Fix an issue that acpi_osi=!* cannot disable ACPICA internal strings Greg Kroah-Hartman
2016-05-30 20:49 ` [PATCH 3.14 11/20] mmc: longer timeout for long read time quirk Greg Kroah-Hartman
2016-05-30 20:49 ` [PATCH 3.14 12/20] Bluetooth: vhci: purge unhandled skbs Greg Kroah-Hartman
2016-05-30 20:49 ` [PATCH 3.14 13/20] USB: serial: mxuport: fix use-after-free in probe error path Greg Kroah-Hartman
2016-05-30 20:49 ` [PATCH 3.14 14/20] USB: serial: keyspan: " Greg Kroah-Hartman
2016-05-30 20:49 ` [PATCH 3.14 15/20] USB: serial: quatech2: " Greg Kroah-Hartman
2016-05-30 20:49 ` [PATCH 3.14 16/20] USB: serial: io_edgeport: fix memory leaks in attach " Greg Kroah-Hartman
2016-05-30 20:49 ` [PATCH 3.14 17/20] USB: serial: io_edgeport: fix memory leaks in probe " Greg Kroah-Hartman
2016-05-30 20:49 ` [PATCH 3.14 18/20] USB: serial: option: add support for Cinterion PH8 and AHxx Greg Kroah-Hartman
2016-05-30 20:49 ` [PATCH 3.14 19/20] tty: vt, return error when con_startup fails Greg Kroah-Hartman
2016-05-30 20:49 ` [PATCH 3.14 20/20] serial: samsung: Reorder the sequence of clock control when call s3c24xx_serial_set_termios() Greg Kroah-Hartman
2016-06-01 5:23 ` [PATCH 3.14 00/20] 3.14.71-stable review Guenter Roeck
2016-06-01 14:19 ` Shuah Khan
2016-06-01 16:16 ` Greg Kroah-Hartman
[not found] ` <574e993f.92981c0a.59c4b.ffff8936@mx.google.com>
2016-06-01 16:17 ` Greg Kroah-Hartman
2016-06-01 17:38 ` Kevin Hilman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160530204934.477474669@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=metze@samba.org \
--cc=smfrench@gmail.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).