1 files changed, 56 insertions, 1 deletions
diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c
index 82b784a62c16..79358e341fd2 100644
--- a/fs/cifs/sess.c
+++ b/fs/cifs/sess.c
@@ -550,6 +550,56 @@ setup_ntlmv2_ret:
        return rc;
 }
+enum securityEnum
+select_sectype(struct TCP_Server_Info *server, enum securityEnum requested)
+{
+        switch (server->negflavor) {
+        case CIFS_NEGFLAVOR_EXTENDED:
+                switch (requested) {
+                case Kerberos:
+                case RawNTLMSSP:
+                        return requested;
+                case Unspecified:
+                        if (server->sec_ntlmssp &&
+                            (global_secflags & CIFSSEC_MAY_NTLMSSP))
+                                return RawNTLMSSP;
+                        if ((server->sec_kerberos || server->sec_mskerberos) &&
+                            (global_secflags & CIFSSEC_MAY_KRB5))
+                                return Kerberos;
+                        /* Fallthrough */
+                default:
+                        return Unspecified;
+                }
+        case CIFS_NEGFLAVOR_UNENCAP:
+                switch (requested) {
+                case NTLM:
+                case NTLMv2:
+                        return requested;
+                case Unspecified:
+                        if (global_secflags & CIFSSEC_MAY_NTLMV2)
+                                return NTLMv2;
+                        if (global_secflags & CIFSSEC_MAY_NTLM)
+                                return NTLM;
+                        /* Fallthrough */
+                default:
+                        return Unspecified;
+                }
+        case CIFS_NEGFLAVOR_LANMAN:
+                switch (requested) {
+                case LANMAN:
+                        return requested;
+                case Unspecified:
+                        if (global_secflags & CIFSSEC_MAY_LANMAN)
+                                return LANMAN;
+                        /* Fallthrough */
+                default:
+                        return Unspecified;
+                }
+        default:
+                return Unspecified;
+        }
+}
 int
 CIFS_SessSetup(const unsigned int xid, struct cifs_ses *ses,
               const struct nls_table *nls_cp)
@@ -576,8 +626,13 @@ CIFS_SessSetup(const unsigned int xid, struct cifs_ses *ses,
                return -EINVAL;
        }
-        type = ses->server->secType;
+        type = select_sectype(ses->server, ses->sectype);
        cifs_dbg(FYI, "sess setup type %d\n", type);
+        if (type == Unspecified) {
+                cifs_dbg(VFS, "Unable to select appropriate authentication method!");
+                return -EINVAL;
+        }
        if (type == RawNTLMSSP) {
                /* if memory allocation is successful, caller of this function
                 * frees it.

diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c index 82b784a62c16..79358e341fd2 100644 --- a/fs/cifs/sess.c +++ b/fs/cifs/sess.c
@@ -550,6 +550,56 @@ setup_ntlmv2_ret:
550	return rc;	550	return rc;
551	}	551	}
552		552
		553	enum securityEnum
		554	select_sectype(struct TCP_Server_Info *server, enum securityEnum requested)
		555	{
		556	switch (server->negflavor) {
		557	case CIFS_NEGFLAVOR_EXTENDED:
		558	switch (requested) {
		559	case Kerberos:
		560	case RawNTLMSSP:
		561	return requested;
		562	case Unspecified:
		563	if (server->sec_ntlmssp &&
		564	(global_secflags & CIFSSEC_MAY_NTLMSSP))
		565	return RawNTLMSSP;
		566	if ((server->sec_kerberos \|\| server->sec_mskerberos) &&
		567	(global_secflags & CIFSSEC_MAY_KRB5))
		568	return Kerberos;
		569	/* Fallthrough */
		570	default:
		571	return Unspecified;
		572	}
		573	case CIFS_NEGFLAVOR_UNENCAP:
		574	switch (requested) {
		575	case NTLM:
		576	case NTLMv2:
		577	return requested;
		578	case Unspecified:
		579	if (global_secflags & CIFSSEC_MAY_NTLMV2)
		580	return NTLMv2;
		581	if (global_secflags & CIFSSEC_MAY_NTLM)
		582	return NTLM;
		583	/* Fallthrough */
		584	default:
		585	return Unspecified;
		586	}
		587	case CIFS_NEGFLAVOR_LANMAN:
		588	switch (requested) {
		589	case LANMAN:
		590	return requested;
		591	case Unspecified:
		592	if (global_secflags & CIFSSEC_MAY_LANMAN)
		593	return LANMAN;
		594	/* Fallthrough */
		595	default:
		596	return Unspecified;
		597	}
		598	default:
		599	return Unspecified;
		600	}
		601	}
		602
553	int	603	int
554	CIFS_SessSetup(const unsigned int xid, struct cifs_ses *ses,	604	CIFS_SessSetup(const unsigned int xid, struct cifs_ses *ses,
555	const struct nls_table *nls_cp)	605	const struct nls_table *nls_cp)
@@ -576,8 +626,13 @@ CIFS_SessSetup(const unsigned int xid, struct cifs_ses *ses,
576	return -EINVAL;	626	return -EINVAL;
577	}	627	}
578		628
579	type = ses->server->secType;	629	type = select_sectype(ses->server, ses->sectype);
580	cifs_dbg(FYI, "sess setup type %d\n", type);	630	cifs_dbg(FYI, "sess setup type %d\n", type);
		631	if (type == Unspecified) {
		632	cifs_dbg(VFS, "Unable to select appropriate authentication method!");
		633	return -EINVAL;
		634	}
		635
581	if (type == RawNTLMSSP) {	636	if (type == RawNTLMSSP) {
582	/* if memory allocation is successful, caller of this function	637	/* if memory allocation is successful, caller of this function
583	* frees it.	638	* frees it.