Fix plaintext auth regression in cifs (rhbz 1011621)

2013-10-29 14:22:30 -04:00 · 2013-10-29 14:22:30 -04:00 · 56f4eb8f66
parent c8cb0727e0
commit 56f4eb8f66
2 changed files with 48 additions and 0 deletions
--- a/cifs-Allow-LANMAN-auth-for-unencapsulated-auth-methods.patch
+++ b/cifs-Allow-LANMAN-auth-for-unencapsulated-auth-methods.patch
@ -0,0 +1,39 @@
+From dde2356c8466298bd77fa699e0ea296372eed47b Mon Sep 17 00:00:00 2001
+From: Sachin Prabhu <sprabhu@redhat.com>
+Date: Fri, 27 Sep 2013 17:35:42 +0000
+Subject: cifs: Allow LANMAN auth method for servers supporting unencapsulated authentication methods
+
+This allows users to use LANMAN authentication on servers which support
+unencapsulated authentication.
+
+The patch fixes a regression where users using plaintext authentication
+were no longer able to do so because of changed bought in by patch
+3f618223dc0bdcbc8d510350e78ee2195ff93768
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1011621
+
+Reported-by: Panos Kavalagios <Panagiotis.Kavalagios@eurodyn.com>
+Reviewed-by: Jeff Layton <jlayton@redhat.com>
+Signed-off-by: Sachin Prabhu <sprabhu@redhat.com>
+Signed-off-by: Steve French <smfrench@gmail.com>
+---
+(limited to 'fs/cifs')
+
+diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c
+index 352358d..e87387d 100644
+--- a/fs/cifs/sess.c
+++ b/fs/cifs/sess.c
+@@ -500,9 +500,9 @@ select_sectype(struct TCP_Server_Info *server, enum securityEnum requested)
+ 				return NTLMv2;
+ 			if (global_secflags & CIFSSEC_MAY_NTLM)
+ 				return NTLM;
+-			/* Fallthrough */
+ 		default:
+-			return Unspecified;
+			/* Fallthrough to attempt LANMAN authentication next */
+			break;
+ 		}
+ 	case CIFS_NEGFLAVOR_LANMAN:
+ 		switch (requested) {
+--
+cgit v0.9.2
--- a/kernel.spec
+++ b/kernel.spec
@ -789,6 +789,9 @@ Patch25135: alps-Support-for-Dell-XT2-model.patch
 #CVE-2013-4470 rhbz 1023477 1023495
 Patch25136: net_311.mbox

+#rhbz 1011621
+Patch25137: cifs-Allow-LANMAN-auth-for-unencapsulated-auth-methods.patch
+
 # END OF PATCH DEFINITIONS

 %endif
@ -1515,6 +1518,9 @@ ApplyPatch alps-Support-for-Dell-XT2-model.patch
 #CVE-2013-4470 rhbz 1023477 1023495
 ApplyPatch net_311.mbox

+#rhbz 1011621
+ApplyPatch cifs-Allow-LANMAN-auth-for-unencapsulated-auth-methods.patch
+
 # END OF PATCH APPLICATIONS

 %endif
@ -2356,6 +2362,9 @@ fi
 #                 ||----w |
 #                 ||     ||
 %changelog
+* Tue Oct 29 2013 Josh Boyer <jwboyer@fedoraproject.org>
+- Fix plaintext auth regression in cifs (rhbz 1011621)
+
 * Fri Oct 25 2013 Josh Boyer <jwboyer@fedoraproject.org>
 - CVE-2013-4470 net: memory corruption with UDP_CORK and UFO (rhbz 1023477 1023495)
 - Add touchpad support for Dell XT2 (rhbz 1023413)