Commit 67dbea2c authored by Pavel Shilovsky's avatar Pavel Shilovsky Committed by Steve French

CIFS: Fix SMB3 mount without specifying a security mechanism

Commit ef65aaed ("smb2: Enforce sec= mount option") changed the
behavior of a mount command to enforce a specified security mechanism
during mounting. On another hand according to the spec if SMB3 server
doesn't respond with a security context it implies that it supports
NTLMSSP. The current code doesn't keep it in mind and fails a mount
for such servers if no security mechanism is specified. Fix this by
indicating that a server supports NTLMSSP if a security context isn't
returned during negotiate phase. This allows the code to use NTLMSSP
by default for SMB3 mounts.
Signed-off-by: default avatarPavel Shilovsky <pshilov@microsoft.com>
Signed-off-by: default avatarSteve French <smfrench@gmail.com>
parent 1fa839b4
...@@ -562,8 +562,10 @@ SMB2_negotiate(const unsigned int xid, struct cifs_ses *ses) ...@@ -562,8 +562,10 @@ SMB2_negotiate(const unsigned int xid, struct cifs_ses *ses)
* but for time being this is our only auth choice so doesn't matter. * but for time being this is our only auth choice so doesn't matter.
* We just found a server which sets blob length to zero expecting raw. * We just found a server which sets blob length to zero expecting raw.
*/ */
if (blob_length == 0) if (blob_length == 0) {
cifs_dbg(FYI, "missing security blob on negprot\n"); cifs_dbg(FYI, "missing security blob on negprot\n");
server->sec_ntlmssp = true;
}
rc = cifs_enable_signing(server, ses->sign); rc = cifs_enable_signing(server, ses->sign);
if (rc) if (rc)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment