Commit 1a67570c authored by Jeff Layton's avatar Jeff Layton Committed by Steve French

[CIFS] use krb5 session key from first SMB session after a NegProt

Currently, any new kerberos SMB session overwrites the server's session
key. The session key should only be set by the first SMB session set up
on the socket.
Signed-off-by: default avatarJeff Layton <jlayton@tupile.poochiereds.net>
Signed-off-by: default avatarSteve French <sfrench@us.ibm.com>
parent 1d9a8852
...@@ -528,9 +528,11 @@ CIFS_SessSetup(unsigned int xid, struct cifsSesInfo *ses, int first_time, ...@@ -528,9 +528,11 @@ CIFS_SessSetup(unsigned int xid, struct cifsSesInfo *ses, int first_time,
rc = -EOVERFLOW; rc = -EOVERFLOW;
goto ssetup_exit; goto ssetup_exit;
} }
ses->server->mac_signing_key.len = msg->sesskey_len; if (first_time) {
memcpy(ses->server->mac_signing_key.data.krb5, msg->data, ses->server->mac_signing_key.len = msg->sesskey_len;
msg->sesskey_len); memcpy(ses->server->mac_signing_key.data.krb5,
msg->data, msg->sesskey_len);
}
pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC; pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC;
capabilities |= CAP_EXTENDED_SECURITY; capabilities |= CAP_EXTENDED_SECURITY;
pSMB->req.Capabilities = cpu_to_le32(capabilities); pSMB->req.Capabilities = cpu_to_le32(capabilities);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment