[CIFS] Fix authentication choice so we do not force NTLMv2 unless the
authorSteve French <sfrench@us.ibm.com>
Wed, 28 Jun 2006 00:13:38 +0000 (00:13 +0000)
committerSteve French <sfrench@us.ibm.com>
Wed, 28 Jun 2006 00:13:38 +0000 (00:13 +0000)
user specifies it is required or turns of ntlm

Signed-off-by: Steve French <sfrench@us.ibm.com>
fs/cifs/cifssmb.c
fs/cifs/sess.c

index de405bfb67d2ec7d7f0c5d0f2a10f77d495797bb..19678c575dfc4bcc786d158a20f56a450caccec1 100644 (file)
@@ -415,6 +415,8 @@ CIFSSMBNegotiate(unsigned int xid, struct cifsSesInfo *ses)
        else /* if override flags set only sign/seal OR them with global auth */
                secFlags = extended_security | ses->overrideSecFlg;
 
+       cFYI(1,("secFlags 0x%x",secFlags));
+
        pSMB->hdr.Mid = GetNextMid(server);
        pSMB->hdr.Flags2 |= SMBFLG2_UNICODE;
        if((secFlags & CIFSSEC_MUST_KRB5) == CIFSSEC_MUST_KRB5)
@@ -511,11 +513,13 @@ CIFSSMBNegotiate(unsigned int xid, struct cifsSesInfo *ses)
                        cERROR(1,("Server requests plain text password"
                                  " but client support disabled"));
 
-       if(secFlags & CIFSSEC_MUST_NTLMV2)
+       if((secFlags & CIFSSEC_MUST_NTLMV2) == CIFSSEC_MUST_NTLMV2)
                server->secType = NTLMv2;
-       else
+       else if(secFlags & CIFSSEC_MAY_NTLM)
                server->secType = NTLM;
-       /* else krb5 ... */
+       else if(secFlags & CIFSSEC_MAY_NTLMV2)
+               server->secType = NTLMv2;
+       /* else krb5 ... any others ... */
 
        /* one byte, so no need to convert this or EncryptionKeyLen from
           little endian */
index b7d49c03985cb7e1d46add85a24bb0b6e46c8dbe..7202d534ef0bde1d4bcea1d3f61f47bec74f6533 100644 (file)
@@ -323,11 +323,12 @@ CIFS_SessSetup(unsigned int xid, struct cifsSesInfo *ses, int first_time,
        __u16 action;
        int bytes_remaining;
 
-       cFYI(1,("new sess setup"));
        if(ses == NULL)
                return -EINVAL;
 
        type = ses->server->secType;
+
+       cFYI(1,("sess setup type %d",type));
        if(type == LANMAN) {
 #ifndef CONFIG_CIFS_WEAK_PW_HASH
                /* LANMAN and plaintext are less secure and off by default.