aboutsummaryrefslogtreecommitdiffstats
path: root/fs
diff options
context:
space:
mode:
authorSteve French <sfrench@us.ibm.com>2006-06-27 20:13:38 -0400
committerSteve French <sfrench@us.ibm.com>2006-06-27 20:13:38 -0400
commitf40c562855294bf4e7268274d7461dc32c1e6b25 (patch)
tree23259eb48ddd99b080014937781e363993d21624 /fs
parent0223cf0b10bdb3b557d8884b1a957cc64be843c3 (diff)
[CIFS] Fix authentication choice so we do not force NTLMv2 unless the
user specifies it is required or turns of ntlm Signed-off-by: Steve French <sfrench@us.ibm.com>
Diffstat (limited to 'fs')
-rw-r--r--fs/cifs/cifssmb.c10
-rw-r--r--fs/cifs/sess.c3
2 files changed, 9 insertions, 4 deletions
diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c
index de405bfb67d2..19678c575dfc 100644
--- a/fs/cifs/cifssmb.c
+++ b/fs/cifs/cifssmb.c
@@ -415,6 +415,8 @@ CIFSSMBNegotiate(unsigned int xid, struct cifsSesInfo *ses)
415 else /* if override flags set only sign/seal OR them with global auth */ 415 else /* if override flags set only sign/seal OR them with global auth */
416 secFlags = extended_security | ses->overrideSecFlg; 416 secFlags = extended_security | ses->overrideSecFlg;
417 417
418 cFYI(1,("secFlags 0x%x",secFlags));
419
418 pSMB->hdr.Mid = GetNextMid(server); 420 pSMB->hdr.Mid = GetNextMid(server);
419 pSMB->hdr.Flags2 |= SMBFLG2_UNICODE; 421 pSMB->hdr.Flags2 |= SMBFLG2_UNICODE;
420 if((secFlags & CIFSSEC_MUST_KRB5) == CIFSSEC_MUST_KRB5) 422 if((secFlags & CIFSSEC_MUST_KRB5) == CIFSSEC_MUST_KRB5)
@@ -511,11 +513,13 @@ CIFSSMBNegotiate(unsigned int xid, struct cifsSesInfo *ses)
511 cERROR(1,("Server requests plain text password" 513 cERROR(1,("Server requests plain text password"
512 " but client support disabled")); 514 " but client support disabled"));
513 515
514 if(secFlags & CIFSSEC_MUST_NTLMV2) 516 if((secFlags & CIFSSEC_MUST_NTLMV2) == CIFSSEC_MUST_NTLMV2)
515 server->secType = NTLMv2; 517 server->secType = NTLMv2;
516 else 518 else if(secFlags & CIFSSEC_MAY_NTLM)
517 server->secType = NTLM; 519 server->secType = NTLM;
518 /* else krb5 ... */ 520 else if(secFlags & CIFSSEC_MAY_NTLMV2)
521 server->secType = NTLMv2;
522 /* else krb5 ... any others ... */
519 523
520 /* one byte, so no need to convert this or EncryptionKeyLen from 524 /* one byte, so no need to convert this or EncryptionKeyLen from
521 little endian */ 525 little endian */
diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c
index b7d49c03985c..7202d534ef0b 100644
--- a/fs/cifs/sess.c
+++ b/fs/cifs/sess.c
@@ -323,11 +323,12 @@ CIFS_SessSetup(unsigned int xid, struct cifsSesInfo *ses, int first_time,
323 __u16 action; 323 __u16 action;
324 int bytes_remaining; 324 int bytes_remaining;
325 325
326 cFYI(1,("new sess setup"));
327 if(ses == NULL) 326 if(ses == NULL)
328 return -EINVAL; 327 return -EINVAL;
329 328
330 type = ses->server->secType; 329 type = ses->server->secType;
330
331 cFYI(1,("sess setup type %d",type));
331 if(type == LANMAN) { 332 if(type == LANMAN) {
332#ifndef CONFIG_CIFS_WEAK_PW_HASH 333#ifndef CONFIG_CIFS_WEAK_PW_HASH
333 /* LANMAN and plaintext are less secure and off by default. 334 /* LANMAN and plaintext are less secure and off by default.