Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
tjh.dev
kernel
os
linux
[CIFS] Fix authentication choice so we do not force NTLMv2 unless the user specifies it is required or turns of ntlm
Signed-off-by: Steve French <sfrench@us.ibm.com>
+7
-3
fs/cifs/cifssmb.c
+7
-3
fs/cifs/cifssmb.c
···
415
415
else /* if override flags set only sign/seal OR them with global auth */
416
416
secFlags = extended_security | ses->overrideSecFlg;
417
417
418
+
cFYI(1,("secFlags 0x%x",secFlags));
419
+
418
420
pSMB->hdr.Mid = GetNextMid(server);
419
421
pSMB->hdr.Flags2 |= SMBFLG2_UNICODE;
420
422
if((secFlags & CIFSSEC_MUST_KRB5) == CIFSSEC_MUST_KRB5)
···
513
511
cERROR(1,("Server requests plain text password"
514
512
" but client support disabled"));
515
513
516
-
if(secFlags & CIFSSEC_MUST_NTLMV2)
514
+
if((secFlags & CIFSSEC_MUST_NTLMV2) == CIFSSEC_MUST_NTLMV2)
517
515
server->secType = NTLMv2;
518
-
else
516
+
else if(secFlags & CIFSSEC_MAY_NTLM)
519
517
server->secType = NTLM;
520
-
/* else krb5 ... */
518
+
else if(secFlags & CIFSSEC_MAY_NTLMV2)
519
+
server->secType = NTLMv2;
520
+
/* else krb5 ... any others ... */
521
521
522
522
/* one byte, so no need to convert this or EncryptionKeyLen from
523
523
little endian */
+2
-1
fs/cifs/sess.c
+2
-1
fs/cifs/sess.c
···
323
323
__u16 action;
324
324
int bytes_remaining;
325
325
326
-
cFYI(1,("new sess setup"));
327
326
if(ses == NULL)
328
327
return -EINVAL;
329
328
330
329
type = ses->server->secType;
330
+
331
+
cFYI(1,("sess setup type %d",type));
331
332
if(type == LANMAN) {
332
333
#ifndef CONFIG_CIFS_WEAK_PW_HASH
333
334
/* LANMAN and plaintext are less secure and off by default.