aboutsummaryrefslogtreecommitdiffstats
path: root/fs
diff options
context:
space:
mode:
authorSteve French <sfrench@us.ibm.com>2011-04-11 21:24:57 -0400
committerSteve French <sfrench@us.ibm.com>2011-04-11 21:27:45 -0400
commitd9b942013730c38ac83564d6669c6d0ecf6d754d (patch)
tree91dad22a8b0a6a39216a4d016e2822e70ae5edad /fs
parentfd88ce9313e9f9d3b56eada7fc76a301828baefd (diff)
[CIFS] Warn on requesting default security (ntlm) on mount
Warn once if default security (ntlm) requested. We will update the default to the stronger security mechanism (ntlmv2) in 2.6.41. Kerberos is also stronger than ntlm, but more servers support ntlmv2 and ntlmv2 does not require an upcall, so ntlmv2 is a better default. Reviewed-by: Jeff Layton <jlayton@redhat.com> CC: Suresh Jayaraman <sjayaraman@suse.de> Reviewed-by: Shirish Pargaonkar <shirishp@us.ibm.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
Diffstat (limited to 'fs')
-rw-r--r--fs/cifs/connect.c11
1 files changed, 11 insertions, 0 deletions
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
index 8cf4a63a36d5..db9d55b507d0 100644
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -1854,6 +1854,8 @@ cifs_put_smb_ses(struct cifsSesInfo *ses)
1854 cifs_put_tcp_session(server); 1854 cifs_put_tcp_session(server);
1855} 1855}
1856 1856
1857static bool warned_on_ntlm; /* globals init to false automatically */
1858
1857static struct cifsSesInfo * 1859static struct cifsSesInfo *
1858cifs_get_smb_ses(struct TCP_Server_Info *server, struct smb_vol *volume_info) 1860cifs_get_smb_ses(struct TCP_Server_Info *server, struct smb_vol *volume_info)
1859{ 1861{
@@ -1928,6 +1930,15 @@ cifs_get_smb_ses(struct TCP_Server_Info *server, struct smb_vol *volume_info)
1928 } 1930 }
1929 ses->cred_uid = volume_info->cred_uid; 1931 ses->cred_uid = volume_info->cred_uid;
1930 ses->linux_uid = volume_info->linux_uid; 1932 ses->linux_uid = volume_info->linux_uid;
1933
1934 /* ntlmv2 is much stronger than ntlm security, and has been broadly
1935 supported for many years, time to update default security mechanism */
1936 if ((volume_info->secFlg == 0) && warned_on_ntlm == false) {
1937 warned_on_ntlm = true;
1938 cERROR(1, "default security mechanism requested. The default "
1939 "security mechanism will be upgraded from ntlm to "
1940 "ntlmv2 in kernel release 2.6.41");
1941 }
1931 ses->overrideSecFlg = volume_info->secFlg; 1942 ses->overrideSecFlg = volume_info->secFlg;
1932 1943
1933 mutex_lock(&ses->session_mutex); 1944 mutex_lock(&ses->session_mutex);