Commit f40c5628 authored by Steve French's avatar Steve French

[CIFS] Fix authentication choice so we do not force NTLMv2 unless the

user specifies it is required or turns of ntlm
Signed-off-by: default avatarSteve French <sfrench@us.ibm.com>
parent 0223cf0b
...@@ -415,6 +415,8 @@ CIFSSMBNegotiate(unsigned int xid, struct cifsSesInfo *ses) ...@@ -415,6 +415,8 @@ CIFSSMBNegotiate(unsigned int xid, struct cifsSesInfo *ses)
else /* if override flags set only sign/seal OR them with global auth */ else /* if override flags set only sign/seal OR them with global auth */
secFlags = extended_security | ses->overrideSecFlg; secFlags = extended_security | ses->overrideSecFlg;
cFYI(1,("secFlags 0x%x",secFlags));
pSMB->hdr.Mid = GetNextMid(server); pSMB->hdr.Mid = GetNextMid(server);
pSMB->hdr.Flags2 |= SMBFLG2_UNICODE; pSMB->hdr.Flags2 |= SMBFLG2_UNICODE;
if((secFlags & CIFSSEC_MUST_KRB5) == CIFSSEC_MUST_KRB5) if((secFlags & CIFSSEC_MUST_KRB5) == CIFSSEC_MUST_KRB5)
...@@ -511,11 +513,13 @@ CIFSSMBNegotiate(unsigned int xid, struct cifsSesInfo *ses) ...@@ -511,11 +513,13 @@ CIFSSMBNegotiate(unsigned int xid, struct cifsSesInfo *ses)
cERROR(1,("Server requests plain text password" cERROR(1,("Server requests plain text password"
" but client support disabled")); " but client support disabled"));
if(secFlags & CIFSSEC_MUST_NTLMV2) if((secFlags & CIFSSEC_MUST_NTLMV2) == CIFSSEC_MUST_NTLMV2)
server->secType = NTLMv2; server->secType = NTLMv2;
else else if(secFlags & CIFSSEC_MAY_NTLM)
server->secType = NTLM; server->secType = NTLM;
/* else krb5 ... */ else if(secFlags & CIFSSEC_MAY_NTLMV2)
server->secType = NTLMv2;
/* else krb5 ... any others ... */
/* one byte, so no need to convert this or EncryptionKeyLen from /* one byte, so no need to convert this or EncryptionKeyLen from
little endian */ little endian */
......
...@@ -323,11 +323,12 @@ CIFS_SessSetup(unsigned int xid, struct cifsSesInfo *ses, int first_time, ...@@ -323,11 +323,12 @@ CIFS_SessSetup(unsigned int xid, struct cifsSesInfo *ses, int first_time,
__u16 action; __u16 action;
int bytes_remaining; int bytes_remaining;
cFYI(1,("new sess setup"));
if(ses == NULL) if(ses == NULL)
return -EINVAL; return -EINVAL;
type = ses->server->secType; type = ses->server->secType;
cFYI(1,("sess setup type %d",type));
if(type == LANMAN) { if(type == LANMAN) {
#ifndef CONFIG_CIFS_WEAK_PW_HASH #ifndef CONFIG_CIFS_WEAK_PW_HASH
/* LANMAN and plaintext are less secure and off by default. /* LANMAN and plaintext are less secure and off by default.
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment