On Fri, 23 Nov 2012 20:48:40 -0600 Steve French <smfrench@xxxxxxxxx> wrote: > it doesn't change security flags - but it seemed the smallest and > safest since it basically says: > 1) if you pass in "sec=" then use that > 2) otherwise use ntlmssp (with ntlmv2) > > so shouldn't have any unintended consequences (and the sign mount > option should work as expected as well) > Umm...I think it would. The story for people who need to mount using cleartext passwords has always been "Set SecurityFlags to a magic value and mount without a sec= option". With your original patch, that would have broken them, AFAICT. > To be more specific: do you prefer this > > diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h > index f5af252..2cd5ea2 100644 > --- a/fs/cifs/cifsglob.h > +++ b/fs/cifs/cifsglob.h > @@ -1362,7 +1362,7 @@ require use of the stronger protocol */ > #define CIFSSEC_MUST_SEAL 0x40040 /* not supported yet */ > #define CIFSSEC_MUST_NTLMSSP 0x80080 /* raw ntlmssp with ntlmv2 */ > > -#define CIFSSEC_DEF (CIFSSEC_MAY_SIGN | CIFSSEC_MAY_NTLM | > CIFSSEC_MAY_NTLMV2 | CIFSSEC_MAY_NTLMSSP) > +#define CIFSSEC_DEF (CIFSSEC_MAY_SIGN | CIFSSEC_MAY_NTLMSSP) > #define CIFSSEC_MAX (CIFSSEC_MUST_SIGN | CIFSSEC_MUST_NTLMV2) > #define CIFSSEC_AUTH_MASK (CIFSSEC_MAY_NTLM | CIFSSEC_MAY_NTLMV2 | > CIFSSEC_MAY_LANMAN | CIFSSEC_MAY_PLNTXT | CIFSSEC_MAY_ > /* > I think so -- that looks like it won't break existing users who need to set SecurityFlags to mount particular servers. You should also have this patch remove the now-bogus warning at mount time though. As non-sensical as the SecurityFlags interface is, we're stuck with it for now. For the longer term, I'd like to start deprecating the SecurityFlags interface altogether. I'll plan to write up a comprehensive proposal for doing that soon. -- Jeff Layton <jlayton@xxxxxxxxxx> -- To unsubscribe from this list: send the line "unsubscribe linux-cifs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
