4 files changed, 14 insertions, 6 deletions
diff --git a/fs/cifs/asn1.c b/fs/cifs/asn1.c
index 5fabd2caf93c..1b09f1670061 100644
--- a/fs/cifs/asn1.c
+++ b/fs/cifs/asn1.c
@@ -476,6 +476,7 @@ decode_negTokenInit(unsigned char *security_blob, int length,
        unsigned int cls, con, tag, oidlen, rc;
        bool use_ntlmssp = false;
        bool use_kerberos = false;
+        bool use_mskerberos = false;
        *secType = NTLM; /* BB eventually make Kerberos or NLTMSSP the default*/
@@ -574,10 +575,12 @@ decode_negTokenInit(unsigned char *security_blob, int length,
                                         *(oid + 1), *(oid + 2), *(oid + 3)));
                                if (compare_oid(oid, oidlen, MSKRB5_OID,
-                                                MSKRB5_OID_LEN))
+                                                MSKRB5_OID_LEN) &&
-                                        use_kerberos = true;
+                                                !use_kerberos)
+                                        use_mskerberos = true;
                                else if (compare_oid(oid, oidlen, KRB5_OID,
-                                                     KRB5_OID_LEN))
+                                                     KRB5_OID_LEN) &&
+                                                     !use_mskerberos)
                                        use_kerberos = true;
                                else if (compare_oid(oid, oidlen, NTLMSSP_OID,
                                                     NTLMSSP_OID_LEN))
@@ -630,6 +633,8 @@ decode_negTokenInit(unsigned char *security_blob, int length,
        if (use_kerberos)
                *secType = Kerberos;
+        else if (use_mskerberos)
+                *secType = MSKerberos;
        else if (use_ntlmssp)
                *secType = NTLMSSP;
diff --git a/fs/cifs/cifs_spnego.c b/fs/cifs/cifs_spnego.c
index 2434ab0e8791..117ef4bba68e 100644
--- a/fs/cifs/cifs_spnego.c
+++ b/fs/cifs/cifs_spnego.c
@@ -114,9 +114,11 @@ cifs_get_spnego_key(struct cifsSesInfo *sesInfo)
        dp = description + strlen(description);
-        /* for now, only sec=krb5 is valid */
+        /* for now, only sec=krb5 and sec=mskrb5 are valid */
        if (server->secType == Kerberos)
                sprintf(dp, ";sec=krb5");
+        else if (server->secType == MSKerberos)
+                sprintf(dp, ";sec=mskrb5");
        else
                goto out;
diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h
index 7e1cf262effe..8dfd6f24d488 100644
--- a/fs/cifs/cifsglob.h
+++ b/fs/cifs/cifsglob.h
@@ -80,7 +80,8 @@ enum securityEnum {
        NTLMv2,                 /* Legacy NTLM auth with NTLMv2 hash */
        RawNTLMSSP,             /* NTLMSSP without SPNEGO */
        NTLMSSP,                /* NTLMSSP via SPNEGO */
-        Kerberos                /* Kerberos via SPNEGO */
+        Kerberos,               /* Kerberos via SPNEGO */
+        MSKerberos,             /* MS Kerberos via SPNEGO */
 };
 enum protocolEnum {
diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c
index ed150efbe27c..3188e4d9cddb 100644
--- a/fs/cifs/sess.c
+++ b/fs/cifs/sess.c
@@ -505,7 +505,7 @@ CIFS_SessSetup(unsigned int xid, struct cifsSesInfo *ses, int first_time,
                        unicode_ssetup_strings(&bcc_ptr, ses, nls_cp);
                } else
                        ascii_ssetup_strings(&bcc_ptr, ses, nls_cp);
-        } else if (type == Kerberos) {
+        } else if (type == Kerberos || type == MSKerberos) {
 #ifdef CONFIG_CIFS_UPCALL
                struct cifs_spnego_msg *msg;
                spnego_key = cifs_get_spnego_key(ses);