[CIFS] Fix authentication choice so we do not force NTLMv2 unless the

user specifies it is required or turns of ntlm Signed-off-by: Steve French <sfrench@us.ibm.com>
mariux64 · Jun 28, 2006 · f40c562 · f40c562
1 parent 0223cf0
commit f40c562
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 4 deletions.
diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c
@@ -415,6 +415,8 @@ CIFSSMBNegotiate(unsigned int xid, struct cifsSesInfo *ses)
 	else /* if override flags set only sign/seal OR them with global auth */
 		secFlags = extended_security | ses->overrideSecFlg;
 
+	cFYI(1,("secFlags 0x%x",secFlags));
+
 	pSMB->hdr.Mid = GetNextMid(server);
 	pSMB->hdr.Flags2 |= SMBFLG2_UNICODE;
 	if((secFlags & CIFSSEC_MUST_KRB5) == CIFSSEC_MUST_KRB5)
@@ -511,11 +513,13 @@ CIFSSMBNegotiate(unsigned int xid, struct cifsSesInfo *ses)
 			cERROR(1,("Server requests plain text password"
 				  " but client support disabled"));
 
-	if(secFlags & CIFSSEC_MUST_NTLMV2)
+	if((secFlags & CIFSSEC_MUST_NTLMV2) == CIFSSEC_MUST_NTLMV2)
 		server->secType = NTLMv2;
-	else
+	else if(secFlags & CIFSSEC_MAY_NTLM)
 		server->secType = NTLM;
-	/* else krb5 ... */
+	else if(secFlags & CIFSSEC_MAY_NTLMV2)
+		server->secType = NTLMv2;
+	/* else krb5 ... any others ... */
 
 	/* one byte, so no need to convert this or EncryptionKeyLen from
 	   little endian */

diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c
@@ -323,11 +323,12 @@ CIFS_SessSetup(unsigned int xid, struct cifsSesInfo *ses, int first_time,
 	__u16 action;
 	int bytes_remaining;
 
-	cFYI(1,("new sess setup"));
 	if(ses == NULL)
 		return -EINVAL;
 
 	type = ses->server->secType;
+
+	cFYI(1,("sess setup type %d",type));
 	if(type == LANMAN) {
 #ifndef CONFIG_CIFS_WEAK_PW_HASH
 		/* LANMAN and plaintext are less secure and off by default.