fs/cifs: correctly to anonymous authentication for the LANMAN authentication
authorStefan Metzmacher <metze@samba.org>
Tue, 3 May 2016 08:52:30 +0000 (10:52 +0200)
committerSteve French <smfrench@gmail.com>
Tue, 17 May 2016 19:09:34 +0000 (14:09 -0500)
Only server which map unknown users to guest will allow
access using a non-null LMChallengeResponse.

For Samba it's the "map to guest = bad user" option.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11913

Signed-off-by: Stefan Metzmacher <metze@samba.org>
CC: Stable <stable@vger.kernel.org>
Signed-off-by: Steve French <smfrench@gmail.com>
fs/cifs/sess.c

index 09b0201d15d00ca1000ffdf4ef6e21f940181965..b9e2cc1437ef753dd37e051dcf5e3b769205a893 100644 (file)
@@ -678,20 +678,24 @@ sess_auth_lanman(struct sess_data *sess_data)
 
        pSMB->req.hdr.Flags2 &= ~SMBFLG2_UNICODE;
 
-       /* no capabilities flags in old lanman negotiation */
-       pSMB->old_req.PasswordLength = cpu_to_le16(CIFS_AUTH_RESP_SIZE);
+       if (ses->user_name != NULL) {
+               /* no capabilities flags in old lanman negotiation */
+               pSMB->old_req.PasswordLength = cpu_to_le16(CIFS_AUTH_RESP_SIZE);
 
-       /* Calculate hash with password and copy into bcc_ptr.
-        * Encryption Key (stored as in cryptkey) gets used if the
-        * security mode bit in Negottiate Protocol response states
-        * to use challenge/response method (i.e. Password bit is 1).
-        */
-       rc = calc_lanman_hash(ses->password, ses->server->cryptkey,
-                             ses->server->sec_mode & SECMODE_PW_ENCRYPT ?
-                             true : false, lnm_session_key);
+               /* Calculate hash with password and copy into bcc_ptr.
+                * Encryption Key (stored as in cryptkey) gets used if the
+                * security mode bit in Negottiate Protocol response states
+                * to use challenge/response method (i.e. Password bit is 1).
+                */
+               rc = calc_lanman_hash(ses->password, ses->server->cryptkey,
+                                     ses->server->sec_mode & SECMODE_PW_ENCRYPT ?
+                                     true : false, lnm_session_key);
 
-       memcpy(bcc_ptr, (char *)lnm_session_key, CIFS_AUTH_RESP_SIZE);
-       bcc_ptr += CIFS_AUTH_RESP_SIZE;
+               memcpy(bcc_ptr, (char *)lnm_session_key, CIFS_AUTH_RESP_SIZE);
+               bcc_ptr += CIFS_AUTH_RESP_SIZE;
+       } else {
+               pSMB->old_req.PasswordLength = 0;
+       }
 
        /*
         * can not sign if LANMAN negotiated so no need