Commit aa21d67d authored by Steve French's avatar Steve French Committed by Greg Kroah-Hartman

smb3: on kerberos mount if server doesn't specify auth type use krb5

commit 926674de upstream.

Some servers (e.g. Azure) do not include a spnego blob in the SMB3
negotiate protocol response, so on kerberos mounts ("sec=krb5")
we can fail, as we expected the server to list its supported
auth types (OIDs in the spnego blob in the negprot response).
Change this so that on krb5 mounts we default to trying krb5 if the
server doesn't list its supported protocol mechanisms.
Signed-off-by: default avatarSteve French <stfrench@microsoft.com>
Reviewed-by: default avatarRonnie Sahlberg <lsahlber@redhat.com>
CC: Stable <stable@vger.kernel.org>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent ae83508d
...@@ -143,8 +143,10 @@ cifs_get_spnego_key(struct cifs_ses *sesInfo) ...@@ -143,8 +143,10 @@ cifs_get_spnego_key(struct cifs_ses *sesInfo)
sprintf(dp, ";sec=krb5"); sprintf(dp, ";sec=krb5");
else if (server->sec_mskerberos) else if (server->sec_mskerberos)
sprintf(dp, ";sec=mskrb5"); sprintf(dp, ";sec=mskrb5");
else else {
goto out; cifs_dbg(VFS, "unknown or missing server auth type, use krb5\n");
sprintf(dp, ";sec=krb5");
}
dp = description + strlen(description); dp = description + strlen(description);
sprintf(dp, ";uid=0x%x", sprintf(dp, ";uid=0x%x",
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment