commit f40c562855294bf4e7268274d7461dc32c1e6b25 · tjh.dev/kernel

tjh.dev / kernel

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

fork atom

[CIFS] Fix authentication choice so we do not force NTLMv2 unless the user specifies it is required or turns of ntlm

Signed-off-by: Steve French <sfrench@us.ibm.com>

Steve French 19 years ago f40c5628 0223cf0b

+9 -4

2 changed files

expand all

unified split

cifs

cifssmb.c

sess.c

+7 -3

fs/cifs/cifssmb.c

··· 415 else /* if override flags set only sign/seal OR them with global auth */ 416 secFlags = extended_security | ses->overrideSecFlg; 417 418 pSMB->hdr.Mid = GetNextMid(server); 419 pSMB->hdr.Flags2 |= SMBFLG2_UNICODE; 420 if((secFlags & CIFSSEC_MUST_KRB5) == CIFSSEC_MUST_KRB5) ··· 513 cERROR(1,("Server requests plain text password" 514 " but client support disabled")); 515 516 - if(secFlags & CIFSSEC_MUST_NTLMV2) 517 server->secType = NTLMv2; 518 - else 519 server->secType = NTLM; 520 - /* else krb5 ... */ 521 522 /* one byte, so no need to convert this or EncryptionKeyLen from 523 little endian */

··· 415 else /* if override flags set only sign/seal OR them with global auth */ 416 secFlags = extended_security | ses->overrideSecFlg; 417 418 + cFYI(1,("secFlags 0x%x",secFlags)); 419 + 420 pSMB->hdr.Mid = GetNextMid(server); 421 pSMB->hdr.Flags2 |= SMBFLG2_UNICODE; 422 if((secFlags & CIFSSEC_MUST_KRB5) == CIFSSEC_MUST_KRB5) ··· 511 cERROR(1,("Server requests plain text password" 512 " but client support disabled")); 513 514 + if((secFlags & CIFSSEC_MUST_NTLMV2) == CIFSSEC_MUST_NTLMV2) 515 server->secType = NTLMv2; 516 + else if(secFlags & CIFSSEC_MAY_NTLM) 517 server->secType = NTLM; 518 + else if(secFlags & CIFSSEC_MAY_NTLMV2) 519 + server->secType = NTLMv2; 520 + /* else krb5 ... any others ... */ 521 522 /* one byte, so no need to convert this or EncryptionKeyLen from 523 little endian */

+2 -1

fs/cifs/sess.c

··· 323 __u16 action; 324 int bytes_remaining; 325 326 - cFYI(1,("new sess setup")); 327 if(ses == NULL) 328 return -EINVAL; 329 330 type = ses->server->secType; 331 if(type == LANMAN) { 332 #ifndef CONFIG_CIFS_WEAK_PW_HASH 333 /* LANMAN and plaintext are less secure and off by default.

··· 323 __u16 action; 324 int bytes_remaining; 325 326 if(ses == NULL) 327 return -EINVAL; 328 329 type = ses->server->secType; 330 + 331 + cFYI(1,("sess setup type %d",type)); 332 if(type == LANMAN) { 333 #ifndef CONFIG_CIFS_WEAK_PW_HASH 334 /* LANMAN and plaintext are less secure and off by default.