On Wed, Feb 16, 2011 at 3:15 PM, Steve French <smfrench@xxxxxxxxx> wrote: > On Wed, Feb 16, 2011 at 3:05 PM, Shirish Pargaonkar > <shirishpargaonkar@xxxxxxxxx> wrote: >> On Wed, Feb 16, 2011 at 2:53 PM, Steve French <smfrench@xxxxxxxxx> wrote: >>> On Wed, Feb 16, 2011 at 2:27 PM, <shirishpargaonkar@xxxxxxxxx> wrote: >>>> From: Shirish Pargaonkar <shirishpargaonkar@xxxxxxxxx> >>>> >>>> >>>> Fix lanman (lm) authentication code. >>>> >>>> Change lm response length back to 24 from 16. >>>> Parse lanmani mount option. >>> >>> lanman21 (and earlier dialects) did not support packet signing >>> (requires NTLM12 or later dialect. I don't know what happens if >>> you try to set sec=lanmani with your patch >>> but I would not expect it to ever force signing and work. >>> >>> >>> We note this in our readme e.g. >>> sign Must use packet signing (helps avoid unwanted data modification >>> by intermediate systems in the route). Note that signing >>> does not work with lanman or plaintext authentication. >> >> Steve, is that a limitation within cifs client or protocol limitation? >> I think there is a session key calculation associated with lanman >> authentication. > > The protocol first defined packet signing in NTLM12 dialect. The flag > was undefined before then, and the fields for the signature itself > in the header were reserved. > > Remember that LANMAN dialect uses an older format of SMB SessionSetupX > as well. > > I am not opposed to adding the new mount option lanmani if you can > demonstrate it working to Windows or Samba, but it is likely signing > won't work if you force the older dialect and try the new sec=lamnami yes, it is not working on either. Will remove adding parsing for lanmani mount option and resubmit the patch. > > > > -- > Thanks, > > Steve > -- To unsubscribe from this list: send the line "unsubscribe linux-cifs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
