[CIFS] Allow raw ntlmssp code to be enabled with sec=ntlmssp

On mount, "sec=ntlmssp" can now be specified to allow
"rawntlmssp" security to be enabled during
CIFS session establishment/authentication (ntlmssp used to
require specifying krb5 which was counterintuitive).

Signed-off-by: Steve French <sfrench@us.ibm.com>

1 files changed, 10 insertions, 0 deletions

diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c
index 4e10efd2432c..75e6623a8635 100644
--- a/fs/cifs/cifssmb.c
+++ b/fs/cifs/cifssmb.c
@@ -449,6 +449,14 @@ CIFSSMBNegotiate(unsigned int xid, struct cifsSesInfo *ses)
                 cFYI(1, ("Kerberos only mechanism, enable extended security"));
                 pSMB->hdr.Flags2 |= SMBFLG2_EXT_SEC;
         }
+#ifdef CONFIG_CIFS_EXPERIMENTAL
+        else if ((secFlags & CIFSSEC_MUST_NTLMSSP) == CIFSSEC_MUST_NTLMSSP)
+                pSMB->hdr.Flags2 |= SMBFLG2_EXT_SEC;
+        else if ((secFlags & CIFSSEC_AUTH_MASK) == CIFSSEC_MAY_NTLMSSP) {
+                cFYI(1, ("NTLMSSP only mechanism, enable extended security"));
+                pSMB->hdr.Flags2 |= SMBFLG2_EXT_SEC;
+        }
+#endif
 
         count = 0;
         for (i = 0; i < CIFS_NUM_PROT; i++) {
@@ -585,6 +593,8 @@ CIFSSMBNegotiate(unsigned int xid, struct cifsSesInfo *ses)
                 server->secType = NTLMv2;
         else if (secFlags & CIFSSEC_MAY_KRB5)
                 server->secType = Kerberos;
+        else if (secFlags & CIFSSEC_MAY_NTLMSSP)
+                server->secType = NTLMSSP;
         else if (secFlags & CIFSSEC_MAY_LANMAN)
                 server->secType = LANMAN;
 /* #ifdef CONFIG_CIFS_EXPERIMENTAL