1 files changed, 22 insertions, 5 deletions
diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c
index da3154fa9c8a..6b5be6d59f07 100644
--- a/fs/cifs/cifssmb.c
+++ b/fs/cifs/cifssmb.c
@@ -438,12 +438,19 @@ CIFSSMBNegotiate(unsigned int xid, struct cifsSesInfo *ses)
                        goto neg_err_exit;
                } else if((pSMBr->hdr.WordCount == 13) && 
                        (pSMBr->DialectIndex == LANMAN_PROT)) {
+#ifdef CONFIG_CIFS_WEAK_PW_HASH
                        struct lanman_neg_rsp * rsp = 
                                (struct lanman_neg_rsp *)pSMBr;
+                        if((extended_security & CIFSSEC_MAY_LANMAN) || 
-                        /* BB Mark ses struct as negotiated lanman level BB */
+                                (extended_security & CIFSSEC_MAY_PLNTXT))
-                        server->secType = LANMAN;
+                                server->secType = LANMAN;
+                        else {
+                                cERROR(1, ("mount failed weak security disabled"
+                                        " in /proc/fs/cifs/SecurityFlags"));
+                                rc = -EOPNOTSUPP;
+                                goto neg_err_exit;
+                        }       
                        server->secMode = (__u8)le16_to_cpu(rsp->SecurityMode);
                        server->maxReq = le16_to_cpu(rsp->MaxMpxCount);
                        server->maxBuf = min((__u32)le16_to_cpu(rsp->MaxBufSize),
@@ -469,6 +476,11 @@ CIFSSMBNegotiate(unsigned int xid, struct cifsSesInfo *ses)
                        }
                        cFYI(1,("LANMAN negotiated")); /* BB removeme BB */
+#else /* weak security disabled */
+                        cERROR(1,("mount failed, cifs module not built with "
+                                "CIFS_WEAK_PW_HASH support"));
+                        rc = -EOPNOTSUPP;
+#endif /* WEAK_PW_HASH */
                        goto neg_err_exit;
                } else if(pSMBr->hdr.WordCount != 17) {
                        /* unknown wct */
@@ -479,8 +491,13 @@ CIFSSMBNegotiate(unsigned int xid, struct cifsSesInfo *ses)
                server->secMode = pSMBr->SecurityMode;
                if((server->secMode & SECMODE_USER) == 0)
                        cFYI(1,("share mode security"));
-                server->secType = NTLM; /* BB override default for
+                
-                                           NTLMv2 or kerberos v5 */
+                if(extended_security & CIFSSEC_MUST_NTLMV2)
+                        server->secType = NTLMv2;
+                else
+                        server->secType = NTLM;
+                /* else krb5 ... */
                /* one byte - no need to convert this or EncryptionKeyLen
                   from little endian */
                server->maxReq = le16_to_cpu(pSMBr->MaxMpxCount);

diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c index da3154fa9c8a..6b5be6d59f07 100644 --- a/fs/cifs/cifssmb.c +++ b/fs/cifs/cifssmb.c
@@ -438,12 +438,19 @@ CIFSSMBNegotiate(unsigned int xid, struct cifsSesInfo *ses)
438	goto neg_err_exit;	438	goto neg_err_exit;
439	} else if((pSMBr->hdr.WordCount == 13) &&	439	} else if((pSMBr->hdr.WordCount == 13) &&
440	(pSMBr->DialectIndex == LANMAN_PROT)) {	440	(pSMBr->DialectIndex == LANMAN_PROT)) {
		441	#ifdef CONFIG_CIFS_WEAK_PW_HASH
441	struct lanman_neg_rsp * rsp =	442	struct lanman_neg_rsp * rsp =
442	(struct lanman_neg_rsp *)pSMBr;	443	(struct lanman_neg_rsp *)pSMBr;
443		444
444		445	if((extended_security & CIFSSEC_MAY_LANMAN) \|\|
445	/* BB Mark ses struct as negotiated lanman level BB */	446	(extended_security & CIFSSEC_MAY_PLNTXT))
446	server->secType = LANMAN;	447	server->secType = LANMAN;
		448	else {
		449	cERROR(1, ("mount failed weak security disabled"
		450	" in /proc/fs/cifs/SecurityFlags"));
		451	rc = -EOPNOTSUPP;
		452	goto neg_err_exit;
		453	}
447	server->secMode = (__u8)le16_to_cpu(rsp->SecurityMode);	454	server->secMode = (__u8)le16_to_cpu(rsp->SecurityMode);
448	server->maxReq = le16_to_cpu(rsp->MaxMpxCount);	455	server->maxReq = le16_to_cpu(rsp->MaxMpxCount);
449	server->maxBuf = min((__u32)le16_to_cpu(rsp->MaxBufSize),	456	server->maxBuf = min((__u32)le16_to_cpu(rsp->MaxBufSize),
@@ -469,6 +476,11 @@ CIFSSMBNegotiate(unsigned int xid, struct cifsSesInfo *ses)
469	}	476	}
470		477
471	cFYI(1,("LANMAN negotiated")); /* BB removeme BB */	478	cFYI(1,("LANMAN negotiated")); /* BB removeme BB */
		479	#else /* weak security disabled */
		480	cERROR(1,("mount failed, cifs module not built with "
		481	"CIFS_WEAK_PW_HASH support"));
		482	rc = -EOPNOTSUPP;
		483	#endif /* WEAK_PW_HASH */
472	goto neg_err_exit;	484	goto neg_err_exit;
473	} else if(pSMBr->hdr.WordCount != 17) {	485	} else if(pSMBr->hdr.WordCount != 17) {
474	/* unknown wct */	486	/* unknown wct */
@@ -479,8 +491,13 @@ CIFSSMBNegotiate(unsigned int xid, struct cifsSesInfo *ses)
479	server->secMode = pSMBr->SecurityMode;	491	server->secMode = pSMBr->SecurityMode;
480	if((server->secMode & SECMODE_USER) == 0)	492	if((server->secMode & SECMODE_USER) == 0)
481	cFYI(1,("share mode security"));	493	cFYI(1,("share mode security"));
482	server->secType = NTLM; /* BB override default for	494
483	NTLMv2 or kerberos v5 */	495	if(extended_security & CIFSSEC_MUST_NTLMV2)
		496	server->secType = NTLMv2;
		497	else
		498	server->secType = NTLM;
		499	/* else krb5 ... */
		500
484	/* one byte - no need to convert this or EncryptionKeyLen	501	/* one byte - no need to convert this or EncryptionKeyLen
485	from little endian */	502	from little endian */
486	server->maxReq = le16_to_cpu(pSMBr->MaxMpxCount);	503	server->maxReq = le16_to_cpu(pSMBr->MaxMpxCount);