On Wed, 16 Feb 2011 08:46:03 -0600 Shirish Pargaonkar <shirishpargaonkar@xxxxxxxxx> wrote: > On Wed, Feb 16, 2011 at 6:53 AM, Jeff Layton <jlayton@xxxxxxxxxx> wrote: > > On Tue, 15 Feb 2011 17:10:43 -0600 > > shirishpargaonkar@xxxxxxxxx wrote: > > > >> From: Shirish Pargaonkar <shirishpargaonkar@xxxxxxxxx> > >> > >> > >> Fix lanman (lm) authentication code. > >> > >> Change lm response length back to 24 from 16. > >> Parse lanmani mount option. > >> Add code to add odd parity bit to each of the eight bytes of a DES key. > >> > >> > >> Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@xxxxxxxxx> > >> --- > >> fs/cifs/cifsglob.h | 3 ++- > >> fs/cifs/connect.c | 3 +++ > >> fs/cifs/sess.c | 8 ++++---- > >> fs/cifs/smbdes.c | 19 ++++++++++++++++++- > >> 4 files changed, 27 insertions(+), 6 deletions(-) > >> > >> diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h > >> index 17afb0f..0b5c950 100644 > >> --- a/fs/cifs/cifsglob.h > >> +++ b/fs/cifs/cifsglob.h > >> @@ -710,7 +710,8 @@ require use of the stronger protocol */ > >> #define CIFSSEC_MUST_SEAL 0x40040 /* not supported yet */ > >> #define CIFSSEC_MUST_NTLMSSP 0x80080 /* raw ntlmssp with ntlmv2 */ > >> > >> -#define CIFSSEC_DEF (CIFSSEC_MAY_SIGN | CIFSSEC_MAY_NTLM | CIFSSEC_MAY_NTLMV2) > >> +#define CIFSSEC_DEF (CIFSSEC_MAY_LANMAN | CIFSSEC_MAY_SIGN | \ > >> + CIFSSEC_MAY_NTLM | CIFSSEC_MAY_NTLMV2) > > ^^^^^^^^^^^ > > Won't this change enable lanman auth by default? Is that > > intended? > > I think it depends on what server sends in negprot response, the > minimun dialect it supports. > If the dialect is greater than Lanman2.1, the default auth mech for > cifs client is NTLM (ntlmv1) > if the dialect is less than or upto Lanman2.1, default auth mech for > cifs client is LANMAN (lm). > Historically we've required that the admin set /proc/fs/cifs/SecurityFlags to allow LANMAN auth before the client will allow it to be used. I'm not opposed to changing that, but the description doesn't even mention anything about that. I think this ought to be a separate patch with a clearly described reason, and probably doesn't belong in 2.6.38. It doesn't seem like it's necessary to fix this bug. -- Jeff Layton <jlayton@xxxxxxxxxx> -- To unsubscribe from this list: send the line "unsubscribe linux-cifs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
