diff options
author | Steve French <sfrench@us.ibm.com> | 2006-06-27 20:13:38 -0400 |
---|---|---|
committer | Steve French <sfrench@us.ibm.com> | 2006-06-27 20:13:38 -0400 |
commit | f40c562855294bf4e7268274d7461dc32c1e6b25 (patch) | |
tree | 23259eb48ddd99b080014937781e363993d21624 /fs/cifs | |
parent | 0223cf0b10bdb3b557d8884b1a957cc64be843c3 (diff) |
[CIFS] Fix authentication choice so we do not force NTLMv2 unless the
user specifies it is required or turns of ntlm
Signed-off-by: Steve French <sfrench@us.ibm.com>
Diffstat (limited to 'fs/cifs')
-rw-r--r-- | fs/cifs/cifssmb.c | 10 | ||||
-rw-r--r-- | fs/cifs/sess.c | 3 |
2 files changed, 9 insertions, 4 deletions
diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c index de405bfb67d2..19678c575dfc 100644 --- a/fs/cifs/cifssmb.c +++ b/fs/cifs/cifssmb.c | |||
@@ -415,6 +415,8 @@ CIFSSMBNegotiate(unsigned int xid, struct cifsSesInfo *ses) | |||
415 | else /* if override flags set only sign/seal OR them with global auth */ | 415 | else /* if override flags set only sign/seal OR them with global auth */ |
416 | secFlags = extended_security | ses->overrideSecFlg; | 416 | secFlags = extended_security | ses->overrideSecFlg; |
417 | 417 | ||
418 | cFYI(1,("secFlags 0x%x",secFlags)); | ||
419 | |||
418 | pSMB->hdr.Mid = GetNextMid(server); | 420 | pSMB->hdr.Mid = GetNextMid(server); |
419 | pSMB->hdr.Flags2 |= SMBFLG2_UNICODE; | 421 | pSMB->hdr.Flags2 |= SMBFLG2_UNICODE; |
420 | if((secFlags & CIFSSEC_MUST_KRB5) == CIFSSEC_MUST_KRB5) | 422 | if((secFlags & CIFSSEC_MUST_KRB5) == CIFSSEC_MUST_KRB5) |
@@ -511,11 +513,13 @@ CIFSSMBNegotiate(unsigned int xid, struct cifsSesInfo *ses) | |||
511 | cERROR(1,("Server requests plain text password" | 513 | cERROR(1,("Server requests plain text password" |
512 | " but client support disabled")); | 514 | " but client support disabled")); |
513 | 515 | ||
514 | if(secFlags & CIFSSEC_MUST_NTLMV2) | 516 | if((secFlags & CIFSSEC_MUST_NTLMV2) == CIFSSEC_MUST_NTLMV2) |
515 | server->secType = NTLMv2; | 517 | server->secType = NTLMv2; |
516 | else | 518 | else if(secFlags & CIFSSEC_MAY_NTLM) |
517 | server->secType = NTLM; | 519 | server->secType = NTLM; |
518 | /* else krb5 ... */ | 520 | else if(secFlags & CIFSSEC_MAY_NTLMV2) |
521 | server->secType = NTLMv2; | ||
522 | /* else krb5 ... any others ... */ | ||
519 | 523 | ||
520 | /* one byte, so no need to convert this or EncryptionKeyLen from | 524 | /* one byte, so no need to convert this or EncryptionKeyLen from |
521 | little endian */ | 525 | little endian */ |
diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c index b7d49c03985c..7202d534ef0b 100644 --- a/fs/cifs/sess.c +++ b/fs/cifs/sess.c | |||
@@ -323,11 +323,12 @@ CIFS_SessSetup(unsigned int xid, struct cifsSesInfo *ses, int first_time, | |||
323 | __u16 action; | 323 | __u16 action; |
324 | int bytes_remaining; | 324 | int bytes_remaining; |
325 | 325 | ||
326 | cFYI(1,("new sess setup")); | ||
327 | if(ses == NULL) | 326 | if(ses == NULL) |
328 | return -EINVAL; | 327 | return -EINVAL; |
329 | 328 | ||
330 | type = ses->server->secType; | 329 | type = ses->server->secType; |
330 | |||
331 | cFYI(1,("sess setup type %d",type)); | ||
331 | if(type == LANMAN) { | 332 | if(type == LANMAN) { |
332 | #ifndef CONFIG_CIFS_WEAK_PW_HASH | 333 | #ifndef CONFIG_CIFS_WEAK_PW_HASH |
333 | /* LANMAN and plaintext are less secure and off by default. | 334 | /* LANMAN and plaintext are less secure and off by default. |