---------- Forwarded message ----------
From: Steve French <smfrench@xxxxxxxxx>
Date: Tue, Jan 10, 2017 at 2:21 PM
Subject: Re: [PATCH] SMB2: Enforce sec= mount option
To: Sachin Prabhu <sprabhu@xxxxxxxxxx>
Cc: linux-cifs <linux-cifs@xxxxxxxxxxxxxxx>
Thinking about this a little more - the only minor correction I would
suggest is that NTLMv2 might as well continue to map to RawNTLMSSP
(since they have similar meanings, ie ntlmv2 hash) - but we could
error out on the others (other than krb5)
On Thu, Dec 8, 2016 at 12:46 AM, Sachin Prabhu <sprabhu@xxxxxxxxxx> wrote:
>
> If the security type specified using a mount option is not supported,
> the SMB2 session setup code changes the security type to RawNTLMSSP. We
> should instead fail the mount and return an error.
>
> Signed-off-by: Sachin Prabhu <sprabhu@xxxxxxxxxx>
> ---
> fs/cifs/smb2pdu.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c
> index 5ca5ea46..e66fad6 100644
> --- a/fs/cifs/smb2pdu.c
> +++ b/fs/cifs/smb2pdu.c
> @@ -955,7 +955,8 @@ SMB2_sess_auth_rawntlmssp_authenticate(struct SMB2_sess_data *sess_data)
> static int
> SMB2_select_sec(struct cifs_ses *ses, struct SMB2_sess_data *sess_data)
> {
> - if (ses->sectype != Kerberos && ses->sectype != RawNTLMSSP)
> + /* Default sec type is set to RawNTLMSSP */
> + if (ses->sectype == Unspecified)
> ses->sectype = RawNTLMSSP;
>
> switch (ses->sectype) {
> --
> 2.7.4
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-cifs" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at http://vger.kernel.org/majordomo-info.html
--
Thanks,
Steve
--
Thanks,
Steve
--
To unsubscribe from this list: send the line "unsubscribe linux-cifs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
