diff options
| author | Pavel Shilovsky <pshilov@microsoft.com> | 2017-04-12 13:32:07 -0700 |
|---|---|---|
| committer | Steve French <smfrench@gmail.com> | 2017-04-13 10:03:26 -0500 |
| commit | 67dbea2ce6873f8ba57988ba3e608e8bf61c347f (patch) | |
| tree | 605afa59035a55581d8fff5b0f985b9d69eedaff /fs/cifs | |
| parent | 1fa839b4986d648b907d117275869a0e46c324b9 (diff) | |
| download | linux-67dbea2ce6873f8ba57988ba3e608e8bf61c347f.tar.gz linux-67dbea2ce6873f8ba57988ba3e608e8bf61c347f.tar.bz2 linux-67dbea2ce6873f8ba57988ba3e608e8bf61c347f.zip | |
CIFS: Fix SMB3 mount without specifying a security mechanism
Commit ef65aaede23f ("smb2: Enforce sec= mount option") changed the
behavior of a mount command to enforce a specified security mechanism
during mounting. On another hand according to the spec if SMB3 server
doesn't respond with a security context it implies that it supports
NTLMSSP. The current code doesn't keep it in mind and fails a mount
for such servers if no security mechanism is specified. Fix this by
indicating that a server supports NTLMSSP if a security context isn't
returned during negotiate phase. This allows the code to use NTLMSSP
by default for SMB3 mounts.
Signed-off-by: Pavel Shilovsky <pshilov@microsoft.com>
Signed-off-by: Steve French <smfrench@gmail.com>
Diffstat (limited to 'fs/cifs')
| -rw-r--r-- | fs/cifs/smb2pdu.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c index 1bd5d3033fc8..02da648041fc 100644 --- a/fs/cifs/smb2pdu.c +++ b/fs/cifs/smb2pdu.c @@ -562,8 +562,10 @@ SMB2_negotiate(const unsigned int xid, struct cifs_ses *ses) * but for time being this is our only auth choice so doesn't matter. * We just found a server which sets blob length to zero expecting raw. */ - if (blob_length == 0) + if (blob_length == 0) { cifs_dbg(FYI, "missing security blob on negprot\n"); + server->sec_ntlmssp = true; + } rc = cifs_enable_signing(server, ses->sign); if (rc) |