mirror of
https://mirrors.bfsu.edu.cn/git/linux.git
synced 2024-11-26 21:54:11 +08:00
[CIFS] Fix authentication choice so we do not force NTLMv2 unless the
user specifies it is required or turns of ntlm Signed-off-by: Steve French <sfrench@us.ibm.com>
This commit is contained in:
parent
0223cf0b10
commit
f40c562855
@ -415,6 +415,8 @@ CIFSSMBNegotiate(unsigned int xid, struct cifsSesInfo *ses)
|
||||
else /* if override flags set only sign/seal OR them with global auth */
|
||||
secFlags = extended_security | ses->overrideSecFlg;
|
||||
|
||||
cFYI(1,("secFlags 0x%x",secFlags));
|
||||
|
||||
pSMB->hdr.Mid = GetNextMid(server);
|
||||
pSMB->hdr.Flags2 |= SMBFLG2_UNICODE;
|
||||
if((secFlags & CIFSSEC_MUST_KRB5) == CIFSSEC_MUST_KRB5)
|
||||
@ -511,11 +513,13 @@ CIFSSMBNegotiate(unsigned int xid, struct cifsSesInfo *ses)
|
||||
cERROR(1,("Server requests plain text password"
|
||||
" but client support disabled"));
|
||||
|
||||
if(secFlags & CIFSSEC_MUST_NTLMV2)
|
||||
if((secFlags & CIFSSEC_MUST_NTLMV2) == CIFSSEC_MUST_NTLMV2)
|
||||
server->secType = NTLMv2;
|
||||
else
|
||||
else if(secFlags & CIFSSEC_MAY_NTLM)
|
||||
server->secType = NTLM;
|
||||
/* else krb5 ... */
|
||||
else if(secFlags & CIFSSEC_MAY_NTLMV2)
|
||||
server->secType = NTLMv2;
|
||||
/* else krb5 ... any others ... */
|
||||
|
||||
/* one byte, so no need to convert this or EncryptionKeyLen from
|
||||
little endian */
|
||||
|
@ -323,11 +323,12 @@ CIFS_SessSetup(unsigned int xid, struct cifsSesInfo *ses, int first_time,
|
||||
__u16 action;
|
||||
int bytes_remaining;
|
||||
|
||||
cFYI(1,("new sess setup"));
|
||||
if(ses == NULL)
|
||||
return -EINVAL;
|
||||
|
||||
type = ses->server->secType;
|
||||
|
||||
cFYI(1,("sess setup type %d",type));
|
||||
if(type == LANMAN) {
|
||||
#ifndef CONFIG_CIFS_WEAK_PW_HASH
|
||||
/* LANMAN and plaintext are less secure and off by default.
|
||||
|
Loading…
Reference in New Issue
Block a user